xref: /titanic_41/usr/src/cmd/krb5/krb5kdc/kdc_util.h (revision 159d09a20817016f09b3ea28d1bdada4a336bb91)
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * kdc/kdc_util.h
8  *
9  * Copyright 1990 by the Massachusetts Institute of Technology.
10  *
11  * Export of this software from the United States of America may
12  *   require a specific license from the United States Government.
13  *   It is the responsibility of any person or organization contemplating
14  *   export to obtain such a license before exporting.
15  *
16  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
17  * distribute this software and its documentation for any purpose and
18  * without fee is hereby granted, provided that the above copyright
19  * notice appear in all copies and that both that copyright notice and
20  * this permission notice appear in supporting documentation, and that
21  * the name of M.I.T. not be used in advertising or publicity pertaining
22  * to distribution of the software without specific, written prior
23  * permission.  Furthermore if you modify this software you must label
24  * your software as modified software and not distribute it in such a
25  * fashion that it might be confused with the original M.I.T. software.
26  * M.I.T. makes no representations about the suitability of
27  * this software for any purpose.  It is provided "as is" without express
28  * or implied warranty.
29  *
30  *
31  * Declarations for policy.c
32  */
33 
34 #ifndef __KRB5_KDC_UTIL__
35 #define __KRB5_KDC_UTIL__
36 
37 
38 #include "kdb.h"
39 
40 #ifdef	__cplusplus
41 extern "C" {
42 #endif
43 
44 typedef struct _krb5_fulladdr {
45     krb5_address *	address;
46     krb5_ui_4		port;
47 } krb5_fulladdr;
48 
49 krb5_error_code check_hot_list (krb5_ticket *);
50 krb5_boolean realm_compare (krb5_principal, krb5_principal);
51 krb5_boolean krb5_is_tgs_principal (krb5_principal);
52 krb5_error_code add_to_transited (krb5_data *,
53 					    krb5_data *,
54 					    krb5_principal,
55 					    krb5_principal,
56 					    krb5_principal);
57 krb5_error_code compress_transited (krb5_data *,
58 					      krb5_principal,
59 					      krb5_data *);
60 krb5_error_code concat_authorization_data (krb5_authdata **,
61 						     krb5_authdata **,
62 						     krb5_authdata ***);
63 krb5_error_code fetch_last_req_info (krb5_db_entry *,
64 					       krb5_last_req_entry ***);
65 
66 krb5_error_code kdc_convert_key (krb5_keyblock *,
67 					   krb5_keyblock *,
68 					   int);
69 krb5_error_code kdc_process_tgs_req
70 	(krb5_kdc_req *,
71 	           const krb5_fulladdr *,
72 	           krb5_data *,
73 	           krb5_ticket **,
74 	           krb5_keyblock **);
75 
76 krb5_error_code kdc_get_server_key (krb5_ticket *,
77 					      krb5_keyblock **,
78 					      krb5_kvno *);
79 
80 int validate_as_request (krb5_kdc_req *, krb5_db_entry,
81 					  krb5_db_entry, krb5_timestamp,
82 					  const char **);
83 
84 int validate_tgs_request (krb5_kdc_req *, krb5_db_entry,
85 					  krb5_ticket *, krb5_timestamp,
86 					  const char **);
87 
88 int fetch_asn1_field (unsigned char *, unsigned int, unsigned int,
89 				 krb5_data *);
90 
91 int
92 dbentry_has_key_for_enctype (krb5_context context,
93 				       krb5_db_entry *client,
94 				       krb5_enctype enctype);
95 
96 int
97 dbentry_supports_enctype (krb5_context context,
98 				    krb5_db_entry *client,
99 				    krb5_enctype enctype);
100 
101 krb5_enctype
102 select_session_keytype (krb5_context context,
103 				  krb5_db_entry *server,
104 				  int nktypes,
105 				  krb5_enctype *ktypes);
106 
107 krb5_error_code
108 get_salt_from_key (krb5_context, krb5_principal,
109 			     krb5_key_data *, krb5_data *);
110 
111 void limit_string (char *name);
112 
113 void
114 ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype);
115 
116 void
117 rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
118 
119 /* do_as_req.c */
120 krb5_error_code process_as_req (krb5_kdc_req *, krb5_data *,
121 					  const krb5_fulladdr *,
122 					  krb5_data ** );
123 
124 /* do_tgs_req.c */
125 krb5_error_code process_tgs_req (krb5_data *,
126 					   const krb5_fulladdr *,
127 					   krb5_data ** );
128 /* dispatch.c */
129 krb5_error_code dispatch (krb5_data *,
130 				    const krb5_fulladdr *,
131 				    krb5_data **);
132 
133 /* main.c */
134 krb5_error_code kdc_initialize_rcache (krb5_context, char *);
135 
136 krb5_error_code setup_server_realm (krb5_principal);
137 
138 /* network.c */
139 krb5_error_code listen_and_process (const char *);
140 krb5_error_code setup_network (const char *);
141 krb5_error_code closedown_network (const char *);
142 
143 /* policy.c */
144 int against_local_policy_as (krb5_kdc_req *, krb5_db_entry,
145 					krb5_db_entry, krb5_timestamp,
146 					const char **);
147 
148 int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry,
149 					krb5_ticket *, const char **);
150 
151 /* kdc_preauth.c */
152 const char * missing_required_preauth
153     (krb5_db_entry *client, krb5_db_entry *server,
154 	       krb5_enc_tkt_part *enc_tkt_reply);
155 void get_preauth_hint_list (krb5_kdc_req * request,
156 				      krb5_db_entry *client,
157 				      krb5_db_entry *server,
158 				      krb5_data *e_data);
159 krb5_error_code load_preauth_plugins(krb5_context context);
160 krb5_error_code unload_preauth_plugins(krb5_context context);
161 
162 krb5_error_code check_padata
163     (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
164 	       krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
165 	       void **padata_context, krb5_data *e_data);
166 
167 krb5_error_code return_padata
168     (krb5_context context, krb5_db_entry *client,
169 	       krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply,
170 	       krb5_key_data *client_key, krb5_keyblock *encrypting_key,
171 	       void **padata_context);
172 
173 krb5_error_code free_padata_context
174     (krb5_context context, void **padata_context);
175 
176 /* replay.c */
177 krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **);
178 void kdc_insert_lookaside (krb5_data *, krb5_data *);
179 void kdc_free_lookaside(krb5_context);
180 
181 /* which way to convert key? */
182 #define CONVERT_INTO_DB	0
183 #define CONVERT_OUTOF_DB 1
184 
185 #define isflagset(flagfield, flag) (flagfield & (flag))
186 #define setflag(flagfield, flag) (flagfield |= (flag))
187 #define clear(flagfield, flag) (flagfield &= ~(flag))
188 
189 #ifdef KRB5_KRB4_COMPAT
190 krb5_error_code process_v4 (const krb5_data *,
191 				      const krb5_fulladdr *,
192 				      krb5_data **);
193 void process_v4_mode (const char *, const char *);
194 void enable_v4_crossrealm(char *);
195 #else
196 #define process_v4(foo,bar,quux,foobar)	KRB5KRB_AP_ERR_BADVERSION
197 #endif
198 
199 #ifndef	min
200 #define	min(a, b)	((a) < (b) ? (a) : (b))
201 #define	max(a, b)	((a) > (b) ? (a) : (b))
202 #endif
203 
204 #ifdef KRB5_USE_INET6
205 #define ADDRTYPE2FAMILY(X) \
206   ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
207 #else
208 #define ADDRTYPE2FAMILY(X) \
209   ((X) == ADDRTYPE_INET ? AF_INET : -1)
210 #endif
211 
212 /* RFC 4120: KRB5KDC_ERR_KEY_TOO_WEAK
213  * RFC 4556: KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED */
214 #define KRB5KDC_ERR_KEY_TOO_WEAK KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED
215 
216 #ifdef	__cplusplus
217 }
218 #endif
219 
220 #endif	/* !__KRB5_KDC_UTIL__ */
221