1 /* 2 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * kdc/kdc_util.h 8 * 9 * Copyright 1990 by the Massachusetts Institute of Technology. 10 * 11 * Export of this software from the United States of America may 12 * require a specific license from the United States Government. 13 * It is the responsibility of any person or organization contemplating 14 * export to obtain such a license before exporting. 15 * 16 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 17 * distribute this software and its documentation for any purpose and 18 * without fee is hereby granted, provided that the above copyright 19 * notice appear in all copies and that both that copyright notice and 20 * this permission notice appear in supporting documentation, and that 21 * the name of M.I.T. not be used in advertising or publicity pertaining 22 * to distribution of the software without specific, written prior 23 * permission. Furthermore if you modify this software you must label 24 * your software as modified software and not distribute it in such a 25 * fashion that it might be confused with the original M.I.T. software. 26 * M.I.T. makes no representations about the suitability of 27 * this software for any purpose. It is provided "as is" without express 28 * or implied warranty. 29 * 30 * 31 * Declarations for policy.c 32 */ 33 34 #ifndef __KRB5_KDC_UTIL__ 35 #define __KRB5_KDC_UTIL__ 36 37 #pragma ident "%Z%%M% %I% %E% SMI" 38 39 #ifdef __cplusplus 40 extern "C" { 41 #endif 42 43 typedef struct _krb5_fulladdr { 44 krb5_address * address; 45 krb5_ui_4 port; 46 } krb5_fulladdr; 47 48 krb5_error_code check_hot_list (krb5_ticket *); 49 krb5_boolean realm_compare (krb5_principal, krb5_principal); 50 krb5_boolean krb5_is_tgs_principal (krb5_principal); 51 krb5_error_code add_to_transited (krb5_data *, 52 krb5_data *, 53 krb5_principal, 54 krb5_principal, 55 krb5_principal); 56 krb5_error_code compress_transited (krb5_data *, 57 krb5_principal, 58 krb5_data *); 59 krb5_error_code concat_authorization_data (krb5_authdata **, 60 krb5_authdata **, 61 krb5_authdata ***); 62 krb5_error_code fetch_last_req_info (krb5_db_entry *, 63 krb5_last_req_entry ***); 64 65 krb5_error_code kdc_convert_key (krb5_keyblock *, 66 krb5_keyblock *, 67 int); 68 krb5_error_code kdc_process_tgs_req 69 (krb5_kdc_req *, 70 const krb5_fulladdr *, 71 krb5_data *, 72 krb5_ticket **, 73 krb5_keyblock **); 74 75 krb5_error_code kdc_get_server_key (krb5_ticket *, 76 krb5_keyblock **, 77 krb5_kvno *); 78 79 int validate_as_request (krb5_kdc_req *, krb5_db_entry, 80 krb5_db_entry, krb5_timestamp, 81 const char **); 82 83 int validate_tgs_request (krb5_kdc_req *, krb5_db_entry, 84 krb5_ticket *, krb5_timestamp, 85 const char **); 86 87 int fetch_asn1_field (unsigned char *, unsigned int, unsigned int, 88 krb5_data *); 89 90 int 91 dbentry_has_key_for_enctype (krb5_context context, 92 krb5_db_entry *client, 93 krb5_enctype enctype); 94 95 int 96 dbentry_supports_enctype (krb5_context context, 97 krb5_db_entry *client, 98 krb5_enctype enctype); 99 100 krb5_enctype 101 select_session_keytype (krb5_context context, 102 krb5_db_entry *server, 103 int nktypes, 104 krb5_enctype *ktypes); 105 106 krb5_error_code 107 get_salt_from_key (krb5_context, krb5_principal, 108 krb5_key_data *, krb5_data *); 109 110 void limit_string (char *name); 111 112 /* do_as_req.c */ 113 krb5_error_code process_as_req (krb5_kdc_req *, 114 const krb5_fulladdr *, 115 int, 116 krb5_data ** ); 117 118 /* do_tgs_req.c */ 119 krb5_error_code process_tgs_req (krb5_data *, 120 const krb5_fulladdr *, 121 int, 122 krb5_data ** ); 123 /* dispatch.c */ 124 krb5_error_code dispatch (krb5_data *, 125 const krb5_fulladdr *, 126 int, 127 krb5_data **); 128 129 /* main.c */ 130 krb5_error_code kdc_initialize_rcache (krb5_context, char *); 131 132 krb5_error_code setup_server_realm (krb5_principal); 133 134 /* network.c */ 135 krb5_error_code listen_and_process (const char *); 136 krb5_error_code setup_network (const char *); 137 krb5_error_code closedown_network (const char *); 138 139 /* policy.c */ 140 int against_local_policy_as (krb5_kdc_req *, krb5_db_entry, 141 krb5_db_entry, krb5_timestamp, 142 const char **); 143 144 int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry, 145 krb5_ticket *, const char **); 146 147 /* kdc_preauth.c */ 148 const char * missing_required_preauth 149 (krb5_db_entry *client, krb5_db_entry *server, 150 krb5_enc_tkt_part *enc_tkt_reply); 151 void get_preauth_hint_list (krb5_kdc_req * request, 152 krb5_db_entry *client, 153 krb5_db_entry *server, 154 krb5_data *e_data); 155 krb5_error_code check_padata 156 (krb5_context context, krb5_db_entry *client, 157 krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply); 158 159 krb5_error_code return_padata 160 (krb5_context context, krb5_db_entry *client, 161 krb5_kdc_req *request, krb5_kdc_rep *reply, 162 krb5_key_data *client_key, krb5_keyblock *encrypting_key); 163 164 /* replay.c */ 165 krb5_boolean kdc_check_lookaside (krb5_data *, const krb5_fulladdr *, 166 krb5_data **); 167 void kdc_insert_lookaside (krb5_data *, const krb5_fulladdr *, 168 krb5_data *); 169 170 /* sock2p.c */ 171 #ifndef HAVE_INET_NTOP 172 /* It's provided by sock2p.c in this case. */ 173 extern const char *inet_ntop (int, const void *, char *, size_t); 174 #endif 175 extern void sockaddr2p (const struct sockaddr *, char *, size_t, int *); 176 177 /* which way to convert key? */ 178 #define CONVERT_INTO_DB 0 179 #define CONVERT_OUTOF_DB 1 180 181 #define isflagset(flagfield, flag) (flagfield & (flag)) 182 #define setflag(flagfield, flag) (flagfield |= (flag)) 183 #define clear(flagfield, flag) (flagfield &= ~(flag)) 184 185 #ifdef KRB5_KRB4_COMPAT 186 krb5_error_code process_v4 (const krb5_data *, 187 const krb5_fulladdr *, 188 int is_secondary, 189 krb5_data **); 190 #else 191 #define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION 192 #endif 193 194 #ifndef min 195 #define min(a, b) ((a) < (b) ? (a) : (b)) 196 #define max(a, b) ((a) > (b) ? (a) : (b)) 197 #endif 198 199 #ifdef KRB5_USE_INET6 200 #define ADDRTYPE2FAMILY(X) \ 201 ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1) 202 #else 203 #define ADDRTYPE2FAMILY(X) \ 204 ((X) == ADDRTYPE_INET ? AF_INET : -1) 205 #endif 206 207 #ifdef __cplusplus 208 } 209 #endif 210 211 #endif /* !__KRB5_KDC_UTIL__ */ 212