xref: /illumos-gate/usr/src/cmd/krb5/krb5kdc/kdc_util.h (revision aba1133a5077b2daf9217c517f6aa15731135d8e)
1 /*
2  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * kdc/kdc_util.h
8  *
9  * Copyright 1990 by the Massachusetts Institute of Technology.
10  *
11  * Export of this software from the United States of America may
12  *   require a specific license from the United States Government.
13  *   It is the responsibility of any person or organization contemplating
14  *   export to obtain such a license before exporting.
15  *
16  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
17  * distribute this software and its documentation for any purpose and
18  * without fee is hereby granted, provided that the above copyright
19  * notice appear in all copies and that both that copyright notice and
20  * this permission notice appear in supporting documentation, and that
21  * the name of M.I.T. not be used in advertising or publicity pertaining
22  * to distribution of the software without specific, written prior
23  * permission.  Furthermore if you modify this software you must label
24  * your software as modified software and not distribute it in such a
25  * fashion that it might be confused with the original M.I.T. software.
26  * M.I.T. makes no representations about the suitability of
27  * this software for any purpose.  It is provided "as is" without express
28  * or implied warranty.
29  *
30  *
31  * Declarations for policy.c
32  */
33 
34 #ifndef __KRB5_KDC_UTIL__
35 #define	__KRB5_KDC_UTIL__
36 
37 #pragma ident	"%Z%%M%	%I%	%E% SMI"
38 
39 #ifdef	__cplusplus
40 extern "C" {
41 #endif
42 
43 typedef struct _krb5_fulladdr {
44     krb5_address *	address;
45     krb5_ui_4		port;
46 } krb5_fulladdr;
47 
48 krb5_error_code check_hot_list (krb5_ticket *);
49 krb5_boolean realm_compare (krb5_principal, krb5_principal);
50 krb5_boolean krb5_is_tgs_principal (krb5_principal);
51 krb5_error_code add_to_transited (krb5_data *,
52 					    krb5_data *,
53 					    krb5_principal,
54 					    krb5_principal,
55 					    krb5_principal);
56 krb5_error_code compress_transited (krb5_data *,
57 					      krb5_principal,
58 					      krb5_data *);
59 krb5_error_code concat_authorization_data (krb5_authdata **,
60 						     krb5_authdata **,
61 						     krb5_authdata ***);
62 krb5_error_code fetch_last_req_info (krb5_db_entry *,
63 					       krb5_last_req_entry ***);
64 
65 krb5_error_code kdc_convert_key (krb5_keyblock *,
66 					   krb5_keyblock *,
67 					   int);
68 krb5_error_code kdc_process_tgs_req
69 	(krb5_kdc_req *,
70 	           const krb5_fulladdr *,
71 	           krb5_data *,
72 	           krb5_ticket **,
73 	           krb5_keyblock **);
74 
75 krb5_error_code kdc_get_server_key (krb5_ticket *,
76 					      krb5_keyblock **,
77 					      krb5_kvno *);
78 
79 int validate_as_request (krb5_kdc_req *, krb5_db_entry,
80 					  krb5_db_entry, krb5_timestamp,
81 					  const char **);
82 
83 int validate_tgs_request (krb5_kdc_req *, krb5_db_entry,
84 					  krb5_ticket *, krb5_timestamp,
85 					  const char **);
86 
87 int fetch_asn1_field (unsigned char *, unsigned int, unsigned int,
88 				 krb5_data *);
89 
90 int
91 dbentry_has_key_for_enctype (krb5_context context,
92 				       krb5_db_entry *client,
93 				       krb5_enctype enctype);
94 
95 int
96 dbentry_supports_enctype (krb5_context context,
97 				    krb5_db_entry *client,
98 				    krb5_enctype enctype);
99 
100 krb5_enctype
101 select_session_keytype (krb5_context context,
102 				  krb5_db_entry *server,
103 				  int nktypes,
104 				  krb5_enctype *ktypes);
105 
106 krb5_error_code
107 get_salt_from_key (krb5_context, krb5_principal,
108 			     krb5_key_data *, krb5_data *);
109 
110 void limit_string (char *name);
111 
112 /* do_as_req.c */
113 krb5_error_code process_as_req (krb5_kdc_req *,
114 					  const krb5_fulladdr *,
115 					  int,
116 					  krb5_data ** );
117 
118 /* do_tgs_req.c */
119 krb5_error_code process_tgs_req (krb5_data *,
120 					   const krb5_fulladdr *,
121 					   int,
122 					   krb5_data ** );
123 /* dispatch.c */
124 krb5_error_code dispatch (krb5_data *,
125 				    const krb5_fulladdr *,
126 				    int,
127 				    krb5_data **);
128 
129 /* main.c */
130 krb5_error_code kdc_initialize_rcache (krb5_context, char *);
131 
132 krb5_error_code setup_server_realm (krb5_principal);
133 
134 /* network.c */
135 krb5_error_code listen_and_process (const char *);
136 krb5_error_code setup_network (const char *);
137 krb5_error_code closedown_network (const char *);
138 
139 /* policy.c */
140 int against_local_policy_as (krb5_kdc_req *, krb5_db_entry,
141 					krb5_db_entry, krb5_timestamp,
142 					const char **);
143 
144 int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry,
145 					krb5_ticket *, const char **);
146 
147 /* kdc_preauth.c */
148 const char * missing_required_preauth
149     (krb5_db_entry *client, krb5_db_entry *server,
150 	       krb5_enc_tkt_part *enc_tkt_reply);
151 void get_preauth_hint_list (krb5_kdc_req * request,
152 				      krb5_db_entry *client,
153 				      krb5_db_entry *server,
154 				      krb5_data *e_data);
155 krb5_error_code check_padata
156     (krb5_context context, krb5_db_entry *client,
157 	       krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply);
158 
159 krb5_error_code return_padata
160     (krb5_context context, krb5_db_entry *client,
161 	       krb5_kdc_req *request, krb5_kdc_rep *reply,
162 	       krb5_key_data *client_key, krb5_keyblock *encrypting_key);
163 
164 /* replay.c */
165 krb5_boolean kdc_check_lookaside (krb5_data *, const krb5_fulladdr *,
166 					    krb5_data **);
167 void kdc_insert_lookaside (krb5_data *, const krb5_fulladdr *,
168 				     krb5_data *);
169 
170 /* sock2p.c */
171 #ifndef HAVE_INET_NTOP
172 /* It's provided by sock2p.c in this case.  */
173 extern const char *inet_ntop (int, const void *, char *, size_t);
174 #endif
175 extern void sockaddr2p (const struct sockaddr *, char *, size_t, int *);
176 
177 /* which way to convert key? */
178 #define CONVERT_INTO_DB	0
179 #define CONVERT_OUTOF_DB 1
180 
181 #define isflagset(flagfield, flag) (flagfield & (flag))
182 #define setflag(flagfield, flag) (flagfield |= (flag))
183 #define clear(flagfield, flag) (flagfield &= ~(flag))
184 
185 #ifdef KRB5_KRB4_COMPAT
186 krb5_error_code process_v4 (const krb5_data *,
187 				      const krb5_fulladdr *,
188 				      int is_secondary,
189 				      krb5_data **);
190 #else
191 #define process_v4(foo,bar,quux,foobar)	KRB5KRB_AP_ERR_BADVERSION
192 #endif
193 
194 #ifndef	min
195 #define	min(a, b)	((a) < (b) ? (a) : (b))
196 #define	max(a, b)	((a) > (b) ? (a) : (b))
197 #endif
198 
199 #ifdef KRB5_USE_INET6
200 #define ADDRTYPE2FAMILY(X) \
201   ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
202 #else
203 #define ADDRTYPE2FAMILY(X) \
204   ((X) == ADDRTYPE_INET ? AF_INET : -1)
205 #endif
206 
207 #ifdef	__cplusplus
208 }
209 #endif
210 
211 #endif	/* !__KRB5_KDC_UTIL__ */
212