/* * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* * kdc/kdc_util.h * * Copyright 1990 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * * Declarations for policy.c */ #ifndef __KRB5_KDC_UTIL__ #define __KRB5_KDC_UTIL__ #pragma ident "%Z%%M% %I% %E% SMI" #ifdef __cplusplus extern "C" { #endif typedef struct _krb5_fulladdr { krb5_address * address; krb5_ui_4 port; } krb5_fulladdr; krb5_error_code check_hot_list PROTOTYPE((krb5_ticket *)); krb5_boolean realm_compare PROTOTYPE((krb5_principal, krb5_principal)); krb5_boolean krb5_is_tgs_principal PROTOTYPE((krb5_principal)); krb5_error_code add_to_transited PROTOTYPE((krb5_data *, krb5_data *, krb5_principal, krb5_principal, krb5_principal)); krb5_error_code compress_transited PROTOTYPE((krb5_data *, krb5_principal, krb5_data *)); krb5_error_code concat_authorization_data PROTOTYPE((krb5_authdata **, krb5_authdata **, krb5_authdata ***)); krb5_error_code fetch_last_req_info PROTOTYPE((krb5_db_entry *, krb5_last_req_entry ***)); krb5_error_code kdc_convert_key PROTOTYPE((krb5_keyblock *, krb5_keyblock *, int)); krb5_error_code kdc_process_tgs_req PROTOTYPE((krb5_kdc_req *, const krb5_fulladdr *, krb5_data *, krb5_ticket **, krb5_keyblock **)); krb5_error_code kdc_get_server_key PROTOTYPE((krb5_ticket *, krb5_keyblock **, krb5_kvno *)); int validate_as_request PROTOTYPE((krb5_kdc_req *, krb5_db_entry, krb5_db_entry, krb5_timestamp, const char **)); int validate_tgs_request PROTOTYPE((krb5_kdc_req *, krb5_db_entry, krb5_ticket *, krb5_timestamp, const char **)); int fetch_asn1_field PROTOTYPE((unsigned char *, unsigned int, unsigned int, krb5_data *)); int dbentry_has_key_for_enctype PROTOTYPE((krb5_context context, krb5_db_entry *client, krb5_enctype enctype)); int dbentry_supports_enctype PROTOTYPE((krb5_context context, krb5_db_entry *client, krb5_enctype enctype)); krb5_enctype select_session_keytype PROTOTYPE((krb5_context context, krb5_db_entry *server, int nktypes, krb5_enctype *ktypes)); krb5_error_code get_salt_from_key PROTOTYPE((krb5_context, krb5_principal, krb5_key_data *, krb5_data *)); void limit_string PROTOTYPE((char *name)); /* do_as_req.c */ krb5_error_code process_as_req PROTOTYPE((krb5_kdc_req *, const krb5_fulladdr *, int, krb5_data ** )); /* do_tgs_req.c */ krb5_error_code process_tgs_req PROTOTYPE((krb5_data *, const krb5_fulladdr *, int, krb5_data ** )); /* dispatch.c */ krb5_error_code dispatch PROTOTYPE((krb5_data *, const krb5_fulladdr *, int, krb5_data **)); /* main.c */ krb5_error_code kdc_initialize_rcache PROTOTYPE((krb5_context, char *)); krb5_error_code setup_server_realm PROTOTYPE((krb5_principal)); /* network.c */ krb5_error_code listen_and_process PROTOTYPE((const char *)); krb5_error_code setup_network PROTOTYPE((const char *)); krb5_error_code closedown_network PROTOTYPE((const char *)); /* policy.c */ int against_local_policy_as PROTOTYPE((krb5_kdc_req *, krb5_db_entry, krb5_db_entry, krb5_timestamp, const char **)); int against_local_policy_tgs PROTOTYPE((krb5_kdc_req *, krb5_db_entry, krb5_ticket *, const char **)); /* kdc_preauth.c */ const char * missing_required_preauth PROTOTYPE((krb5_db_entry *client, krb5_db_entry *server, krb5_enc_tkt_part *enc_tkt_reply)); void get_preauth_hint_list PROTOTYPE((krb5_kdc_req * request, krb5_db_entry *client, krb5_db_entry *server, krb5_data *e_data)); krb5_error_code check_padata PROTOTYPE((krb5_context context, krb5_db_entry *client, krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply)); krb5_error_code return_padata PROTOTYPE((krb5_context context, krb5_db_entry *client, krb5_kdc_req *request, krb5_kdc_rep *reply, krb5_key_data *client_key, krb5_keyblock *encrypting_key)); /* replay.c */ krb5_boolean kdc_check_lookaside PROTOTYPE((krb5_data *, const krb5_fulladdr *, krb5_data **)); void kdc_insert_lookaside PROTOTYPE((krb5_data *, const krb5_fulladdr *, krb5_data *)); /* sock2p.c */ #ifndef HAVE_INET_NTOP /* It's provided by sock2p.c in this case. */ extern const char *inet_ntop (int, const void *, char *, size_t); #endif extern void sockaddr2p (const struct sockaddr *, char *, size_t, int *); /* which way to convert key? */ #define CONVERT_INTO_DB 0 #define CONVERT_OUTOF_DB 1 #define isflagset(flagfield, flag) (flagfield & (flag)) #define setflag(flagfield, flag) (flagfield |= (flag)) #define clear(flagfield, flag) (flagfield &= ~(flag)) #ifdef KRB5_KRB4_COMPAT krb5_error_code process_v4 PROTOTYPE((const krb5_data *, const krb5_fulladdr *, int is_secondary, krb5_data **)); #else #define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION #endif #ifndef min #define min(a, b) ((a) < (b) ? (a) : (b)) #define max(a, b) ((a) > (b) ? (a) : (b)) #endif #ifdef KRB5_USE_INET6 #define ADDRTYPE2FAMILY(X) \ ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1) #else #define ADDRTYPE2FAMILY(X) \ ((X) == ADDRTYPE_INET ? AF_INET : -1) #endif #ifdef __cplusplus } #endif #endif /* !__KRB5_KDC_UTIL__ */