xref: /freebsd/crypto/krb5/src/lib/krad/internal.h (revision acd546f01e58354af049455472980c6c4a52e18b) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krad/internal.h - Internal declarations for libkrad */
3 /*
4  * Copyright 2013 Red Hat, Inc.  All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions are met:
8  *
9  *    1. Redistributions of source code must retain the above copyright
10  *       notice, this list of conditions and the following disclaimer.
11  *
12  *    2. Redistributions in binary form must reproduce the above copyright
13  *       notice, this list of conditions and the following disclaimer in
14  *       the documentation and/or other materials provided with the
15  *       distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
18  * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
19  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
20  * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
21  * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
23  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
24  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
25  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  */
29 
30 #ifndef INTERNAL_H_
31 #define INTERNAL_H_
32 
33 #include <k5-int.h>
34 #include "krad.h"
35 
36 #include <errno.h>
37 
38 #include <sys/types.h>
39 #include <sys/socket.h>
40 #include <netdb.h>
41 
42 #ifndef UCHAR_MAX
43 #define UCHAR_MAX 255
44 #endif
45 
46 #define MD5_DIGEST_SIZE 16
47 
48 /* RFC 2865 */
49 #define MAX_ATTRSIZE (UCHAR_MAX - 2)
50 #define MAX_ATTRSETSIZE (KRAD_PACKET_SIZE_MAX - 20)
51 
52 typedef struct krad_remote_st krad_remote;
53 
54 /* Validate constraints of an attribute. */
55 krb5_error_code
56 kr_attr_valid(krad_attr type, const krb5_data *data);
57 
58 /* Encode an attribute. */
59 krb5_error_code
60 kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth,
61                krad_attr type, const krb5_data *in,
62                unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
63 
64 /* Decode an attribute. */
65 krb5_error_code
66 kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
67                krad_attr type, const krb5_data *in,
68                unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
69 
70 /* Encode set into outbuf.  If add_msgauth is true, include a zeroed
71  * Message-Authenticator as the first attribute. */
72 krb5_error_code
73 kr_attrset_encode(const krad_attrset *set, const char *secret,
74                   const uint8_t *auth, krb5_boolean add_msgauth,
75                   unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen);
76 
77 /* Decode attributes from a buffer. */
78 krb5_error_code
79 kr_attrset_decode(krb5_context ctx, const krb5_data *in, const char *secret,
80                   const unsigned char *auth, krad_attrset **set);
81 
82 /* Create a new remote object which manages a socket and the state of
83  * outstanding requests. */
84 krb5_error_code
85 kr_remote_new(krb5_context kctx, verto_ctx *vctx, const struct addrinfo *info,
86               const char *secret, krad_remote **rr);
87 
88 /* Free a remote object. */
89 void
90 kr_remote_free(krad_remote *rr);
91 
92 /*
93  * Send the packet to the remote. The cb will be called when a response is
94  * received, the request times out, the request is canceled or an error occurs.
95  *
96  * The timeout parameter is the total timeout across all retries in
97  * milliseconds.
98  *
99  * If the cb is called with a retval of ETIMEDOUT it indicates that the
100  * allotted time has elapsed. However, in the case of a timeout, we continue to
101  * listen for the packet until krad_remote_cancel() is called or a response is
102  * received. This means that cb will always be called twice in the event of a
103  * timeout. This permits you to pursue other remotes while still listening for
104  * a response from the first one.
105  */
106 krb5_error_code
107 kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs,
108                krad_cb cb, void *data, int timeout, size_t retries,
109                const krad_packet **pkt);
110 
111 /* Remove packet from the queue of requests awaiting responses. */
112 void
113 kr_remote_cancel(krad_remote *rr, const krad_packet *pkt);
114 
115 /* Cancel all requests awaiting responses. */
116 void
117 kr_remote_cancel_all(krad_remote *rr);
118 
119 /* Determine if this remote object refers to the remote resource identified
120  * by the addrinfo struct and the secret. */
121 krb5_boolean
122 kr_remote_equals(const krad_remote *rr, const struct addrinfo *info,
123                  const char *secret);
124 
125 /* Adapted from lib/krb5/os/sendto_kdc.c. */
126 static inline krb5_error_code
127 gai_error_code(int err)
128 {
129     switch (err) {
130     case 0:
131         return 0;
132     case EAI_BADFLAGS:
133     case EAI_FAMILY:
134     case EAI_SOCKTYPE:
135     case EAI_SERVICE:
136 #ifdef EAI_ADDRFAMILY
137     case EAI_ADDRFAMILY:
138 #endif
139         return EINVAL;
140     case EAI_AGAIN:
141         return EAGAIN;
142     case EAI_MEMORY:
143         return ENOMEM;
144 #if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME
145     case EAI_NODATA:
146 #endif
147     case EAI_NONAME:
148         return EADDRNOTAVAIL;
149 #ifdef EAI_OVERFLOW
150     case EAI_OVERFLOW:
151         return EOVERFLOW;
152 #endif
153 #ifdef EAI_SYSTEM
154     case EAI_SYSTEM:
155         return errno;
156 #endif
157     default:
158         return EINVAL;
159     }
160 }
161 
162 #endif /* INTERNAL_H_ */
163