1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/os/os-proto.h */
3 /*
4 * Copyright 1990,1991,2009 by the Massachusetts Institute of Technology.
5 * All Rights Reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 */
26
27 /*
28 *
29 * LIBOS internal function prototypes.
30 */
31
32 #ifndef KRB5_LIBOS_INT_PROTO__
33 #define KRB5_LIBOS_INT_PROTO__
34
35 #ifdef HAVE_SYS_TIME_H
36 #include <sys/time.h>
37 #endif
38
39 #include <krb5/locate_plugin.h>
40
41 typedef enum {
42 TCP_OR_UDP = 0,
43 TCP,
44 UDP,
45 HTTPS,
46 UNIXSOCK,
47 } k5_transport;
48
49 typedef enum {
50 UDP_FIRST = 0,
51 UDP_LAST,
52 NO_UDP,
53 ONLY_UDP
54 } k5_transport_strategy;
55
56 /* A single server hostname or address. */
57 struct server_entry {
58 char *hostname; /* NULL -> use addrlen/addr instead */
59 int port; /* Used only if hostname set */
60 k5_transport transport; /* May be 0 for UDP/TCP if hostname set */
61 char *uri_path; /* Used only if transport is HTTPS */
62 int family; /* May be 0 (aka AF_UNSPEC) if hostname set */
63 int primary; /* True, false, or -1 for unknown. */
64 size_t addrlen;
65 struct sockaddr_storage addr;
66 };
67
68 /* A list of server hostnames/addresses. */
69 struct serverlist {
70 struct server_entry *servers;
71 size_t nservers;
72 };
73 #define SERVERLIST_INIT { NULL, 0 }
74
75 struct kdclist;
76
77 struct remote_address {
78 k5_transport transport;
79 int family;
80 socklen_t len;
81 struct sockaddr_storage saddr;
82 };
83
84 struct sendto_callback_info {
85 int (*pfn_callback)(SOCKET fd, void *data, krb5_data *message);
86 void (*pfn_cleanup)(void *data, krb5_data *message);
87 void *data;
88 };
89
90 /*
91 * Initialize with all zeros except for princ. Set no_hostrealm to disable
92 * host-to-realm lookup, which ordinarily happens during fallback processing
93 * after canonicalizing the host part. Set subst_defrealm to substitute the
94 * default realm for the referral realm after realm lookup. Do not set both
95 * flags. Free with free_canonprinc() when done.
96 *
97 * no_hostrealm only applies if fallback processing is in use
98 * (dns_canonicalize_hostname = fallback). It will not remove the realm if
99 * krb5_sname_to_principal() already canonicalized the hostname and looked up a
100 * realm. subst_defrealm applies whether or not fallback processing is in use.
101 */
102 struct canonprinc {
103 krb5_const_principal princ;
104 krb5_boolean no_hostrealm;
105 krb5_boolean subst_defrealm;
106 int step;
107 char *canonhost;
108 char *realm;
109 krb5_principal_data copy;
110 krb5_data components[2];
111 };
112
113 /* Yield one or two candidate canonical principal names for iter, then NULL.
114 * Output names are valid for one iteration and must not be freed. */
115 krb5_error_code k5_canonprinc(krb5_context context, struct canonprinc *iter,
116 krb5_const_principal *princ_out);
117
118 static inline void
free_canonprinc(struct canonprinc * iter)119 free_canonprinc(struct canonprinc *iter)
120 {
121 free(iter->canonhost);
122 free(iter->realm);
123 }
124
125 krb5_error_code k5_expand_hostname(krb5_context context, const char *host,
126 krb5_boolean is_fallback,
127 char **canonhost_out);
128
129 krb5_error_code k5_locate_server(krb5_context, const krb5_data *realm,
130 struct serverlist *serverlist,
131 enum locate_service_type svc,
132 krb5_boolean no_udp);
133
134 krb5_error_code k5_locate_kdc(krb5_context context, const krb5_data *realm,
135 struct serverlist *serverlist,
136 krb5_boolean get_primaries, krb5_boolean no_udp);
137
138 void k5_free_serverlist(struct serverlist *);
139
140 /* Create an object for remembering a history of KDCs contacted during an
141 * exchange. */
142 krb5_error_code k5_kdclist_create(struct kdclist **kdcs_out);
143
144 /* Add a server entry to kdcs. Transfer ownership of memory from *server and
145 * zero it. */
146 krb5_error_code k5_kdclist_add(struct kdclist *kdcs, const krb5_data *realm,
147 struct server_entry *server);
148
149 /* Return true if any KDC entries in kdcs are replicas, looking up realms'
150 * primary KDCs as necessary. */
151 krb5_boolean k5_kdclist_any_replicas(krb5_context context,
152 struct kdclist *kdcs);
153
154 void k5_kdclist_free(struct kdclist *kdcs);
155
156 #ifdef HAVE_NETINET_IN_H
157 krb5_error_code krb5_unpack_full_ipaddr(krb5_context,
158 const krb5_address *,
159 krb5_int32 *,
160 krb5_int16 *);
161
162 krb5_error_code krb5_make_full_ipaddr(krb5_context,
163 krb5_int32,
164 int, /* unsigned short promotes to signed int */
165 krb5_address **);
166
167 #endif /* HAVE_NETINET_IN_H */
168
169 struct srv_dns_entry {
170 struct srv_dns_entry *next;
171 int priority;
172 int weight;
173 unsigned short port;
174 char *host;
175 };
176
177 krb5_error_code
178 krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
179 const char *service, const char *protocol,
180 const char *sitename,
181 struct srv_dns_entry **answers);
182
183 void krb5int_free_srv_dns_data(struct srv_dns_entry *);
184
185 krb5_error_code
186 k5_make_uri_query(krb5_context context, const krb5_data *realm,
187 const char *service, const char *sitename,
188 struct srv_dns_entry **answers);
189
190 krb5_error_code k5_try_realm_txt_rr(krb5_context context, const char *prefix,
191 const char *name, char **realm);
192
193 char *k5_primary_domain(void);
194
195 int _krb5_use_dns_realm (krb5_context);
196 int _krb5_use_dns_kdc (krb5_context);
197 int _krb5_conf_boolean (const char *);
198
199 krb5_error_code k5_sendto(krb5_context context, const krb5_data *message,
200 const krb5_data *realm,
201 const struct serverlist *addrs,
202 k5_transport_strategy strategy,
203 struct sendto_callback_info *callback_info,
204 krb5_data *reply, struct sockaddr *remoteaddr,
205 socklen_t *remoteaddrlen, int *server_used,
206 int (*msg_handler)(krb5_context, const krb5_data *,
207 void *),
208 void *msg_handler_data);
209
210 krb5_error_code k5_sendto_kdc(krb5_context context, const krb5_data *message,
211 const krb5_data *realm, krb5_boolean use_primary,
212 krb5_boolean no_udp, krb5_data *reply_out,
213 struct kdclist *hist);
214
215 krb5_error_code krb5int_get_fq_local_hostname(char **);
216
217 /* The io vector is *not* const here, unlike writev()! */
218 int krb5int_net_writev (krb5_context, int, sg_buf *, int);
219
220 int k5_getcurtime(struct timeval *tvp);
221
222 krb5_error_code k5_expand_path_tokens(krb5_context context,
223 const char *path_in, char **path_out);
224 krb5_error_code k5_expand_path_tokens_extra(krb5_context context,
225 const char *path_in,
226 char **path_out, ...);
227
228 krb5_error_code k5_create_secure_file(krb5_context, const char * pathname);
229 krb5_error_code k5_sync_disk_file(krb5_context, FILE *fp);
230 krb5_error_code k5_os_init_context(krb5_context context, profile_t profile,
231 krb5_flags flags);
232 void k5_os_free_context(krb5_context);
233 krb5_error_code k5_os_hostaddr(krb5_context, const char *, krb5_address ***);
234 krb5_error_code k5_time_with_offset(krb5_timestamp offset,
235 krb5_int32 offset_usec,
236 krb5_timestamp *time_out,
237 krb5_int32 *usec_out);
238 void k5_set_prompt_types(krb5_context, krb5_prompt_type *);
239 krb5_boolean k5_is_numeric_address(const char *name);
240 krb5_error_code k5_make_realmlist(const char *realm, char ***realms_out);
241 krb5_error_code k5_kt_client_default_name(krb5_context context,
242 char **name_out);
243 krb5_error_code k5_write_messages(krb5_context, krb5_pointer, krb5_data *,
244 int);
245 void k5_init_trace(krb5_context context);
246
247 #include "k5-thread.h"
248 extern k5_mutex_t krb5int_us_time_mutex;
249
250 extern unsigned int krb5_max_skdc_timeout;
251 extern unsigned int krb5_skdc_timeout_shift;
252 extern unsigned int krb5_skdc_timeout_1;
253
254 void k5_hostrealm_free_context(krb5_context);
255 krb5_error_code hostrealm_profile_initvt(krb5_context context, int maj_ver,
256 int min_ver,
257 krb5_plugin_vtable vtable);
258 krb5_error_code hostrealm_registry_initvt(krb5_context context, int maj_ver,
259 int min_ver,
260 krb5_plugin_vtable vtable);
261 krb5_error_code hostrealm_dns_initvt(krb5_context context, int maj_ver,
262 int min_ver, krb5_plugin_vtable vtable);
263 krb5_error_code hostrealm_domain_initvt(krb5_context context, int maj_ver,
264 int min_ver,
265 krb5_plugin_vtable vtable);
266
267 void k5_localauth_free_context(krb5_context);
268 krb5_error_code localauth_names_initvt(krb5_context context, int maj_ver,
269 int min_ver, krb5_plugin_vtable vtable);
270 krb5_error_code localauth_rule_initvt(krb5_context context, int maj_ver,
271 int min_ver, krb5_plugin_vtable vtable);
272 krb5_error_code localauth_k5login_initvt(krb5_context context, int maj_ver,
273 int min_ver,
274 krb5_plugin_vtable vtable);
275 krb5_error_code localauth_an2ln_initvt(krb5_context context, int maj_ver,
276 int min_ver, krb5_plugin_vtable vtable);
277
278 #endif /* KRB5_LIBOS_INT_PROTO__ */
279