17c478bd9Sstevel@tonic-gate /* 2*159d09a2SMark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate /* 77c478bd9Sstevel@tonic-gate * kdc/kdc_util.h 87c478bd9Sstevel@tonic-gate * 97c478bd9Sstevel@tonic-gate * Copyright 1990 by the Massachusetts Institute of Technology. 107c478bd9Sstevel@tonic-gate * 117c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 127c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 137c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 147c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 157c478bd9Sstevel@tonic-gate * 167c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 177c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 187c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 197c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 207c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 217c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 227c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 237c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 247c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 257c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 267c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 277c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 287c478bd9Sstevel@tonic-gate * or implied warranty. 297c478bd9Sstevel@tonic-gate * 307c478bd9Sstevel@tonic-gate * 317c478bd9Sstevel@tonic-gate * Declarations for policy.c 327c478bd9Sstevel@tonic-gate */ 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate #ifndef __KRB5_KDC_UTIL__ 357c478bd9Sstevel@tonic-gate #define __KRB5_KDC_UTIL__ 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate 3854925bf6Swillf #include "kdb.h" 3954925bf6Swillf 407c478bd9Sstevel@tonic-gate #ifdef __cplusplus 417c478bd9Sstevel@tonic-gate extern "C" { 427c478bd9Sstevel@tonic-gate #endif 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate typedef struct _krb5_fulladdr { 457c478bd9Sstevel@tonic-gate krb5_address * address; 467c478bd9Sstevel@tonic-gate krb5_ui_4 port; 477c478bd9Sstevel@tonic-gate } krb5_fulladdr; 487c478bd9Sstevel@tonic-gate 49505d05c7Sgtb krb5_error_code check_hot_list (krb5_ticket *); 50505d05c7Sgtb krb5_boolean realm_compare (krb5_principal, krb5_principal); 51505d05c7Sgtb krb5_boolean krb5_is_tgs_principal (krb5_principal); 52505d05c7Sgtb krb5_error_code add_to_transited (krb5_data *, 537c478bd9Sstevel@tonic-gate krb5_data *, 547c478bd9Sstevel@tonic-gate krb5_principal, 557c478bd9Sstevel@tonic-gate krb5_principal, 56505d05c7Sgtb krb5_principal); 57505d05c7Sgtb krb5_error_code compress_transited (krb5_data *, 587c478bd9Sstevel@tonic-gate krb5_principal, 59505d05c7Sgtb krb5_data *); 60505d05c7Sgtb krb5_error_code concat_authorization_data (krb5_authdata **, 617c478bd9Sstevel@tonic-gate krb5_authdata **, 62505d05c7Sgtb krb5_authdata ***); 63505d05c7Sgtb krb5_error_code fetch_last_req_info (krb5_db_entry *, 64505d05c7Sgtb krb5_last_req_entry ***); 657c478bd9Sstevel@tonic-gate 66505d05c7Sgtb krb5_error_code kdc_convert_key (krb5_keyblock *, 677c478bd9Sstevel@tonic-gate krb5_keyblock *, 68505d05c7Sgtb int); 697c478bd9Sstevel@tonic-gate krb5_error_code kdc_process_tgs_req 70505d05c7Sgtb (krb5_kdc_req *, 717c478bd9Sstevel@tonic-gate const krb5_fulladdr *, 727c478bd9Sstevel@tonic-gate krb5_data *, 737c478bd9Sstevel@tonic-gate krb5_ticket **, 74505d05c7Sgtb krb5_keyblock **); 757c478bd9Sstevel@tonic-gate 76505d05c7Sgtb krb5_error_code kdc_get_server_key (krb5_ticket *, 777c478bd9Sstevel@tonic-gate krb5_keyblock **, 78505d05c7Sgtb krb5_kvno *); 797c478bd9Sstevel@tonic-gate 80505d05c7Sgtb int validate_as_request (krb5_kdc_req *, krb5_db_entry, 817c478bd9Sstevel@tonic-gate krb5_db_entry, krb5_timestamp, 82505d05c7Sgtb const char **); 837c478bd9Sstevel@tonic-gate 84505d05c7Sgtb int validate_tgs_request (krb5_kdc_req *, krb5_db_entry, 857c478bd9Sstevel@tonic-gate krb5_ticket *, krb5_timestamp, 86505d05c7Sgtb const char **); 877c478bd9Sstevel@tonic-gate 88505d05c7Sgtb int fetch_asn1_field (unsigned char *, unsigned int, unsigned int, 89505d05c7Sgtb krb5_data *); 907c478bd9Sstevel@tonic-gate 917c478bd9Sstevel@tonic-gate int 92505d05c7Sgtb dbentry_has_key_for_enctype (krb5_context context, 937c478bd9Sstevel@tonic-gate krb5_db_entry *client, 94505d05c7Sgtb krb5_enctype enctype); 957c478bd9Sstevel@tonic-gate 967c478bd9Sstevel@tonic-gate int 97505d05c7Sgtb dbentry_supports_enctype (krb5_context context, 987c478bd9Sstevel@tonic-gate krb5_db_entry *client, 99505d05c7Sgtb krb5_enctype enctype); 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate krb5_enctype 102505d05c7Sgtb select_session_keytype (krb5_context context, 1037c478bd9Sstevel@tonic-gate krb5_db_entry *server, 1047c478bd9Sstevel@tonic-gate int nktypes, 105505d05c7Sgtb krb5_enctype *ktypes); 1067c478bd9Sstevel@tonic-gate 1077c478bd9Sstevel@tonic-gate krb5_error_code 108505d05c7Sgtb get_salt_from_key (krb5_context, krb5_principal, 109505d05c7Sgtb krb5_key_data *, krb5_data *); 1107c478bd9Sstevel@tonic-gate 111505d05c7Sgtb void limit_string (char *name); 1127c478bd9Sstevel@tonic-gate 11356a424ccSmp153739 void 11456a424ccSmp153739 ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype); 11556a424ccSmp153739 11656a424ccSmp153739 void 11756a424ccSmp153739 rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep); 11856a424ccSmp153739 1197c478bd9Sstevel@tonic-gate /* do_as_req.c */ 120*159d09a2SMark Phalan krb5_error_code process_as_req (krb5_kdc_req *, krb5_data *, 1217c478bd9Sstevel@tonic-gate const krb5_fulladdr *, 122505d05c7Sgtb krb5_data ** ); 1237c478bd9Sstevel@tonic-gate 1247c478bd9Sstevel@tonic-gate /* do_tgs_req.c */ 125505d05c7Sgtb krb5_error_code process_tgs_req (krb5_data *, 1267c478bd9Sstevel@tonic-gate const krb5_fulladdr *, 127505d05c7Sgtb krb5_data ** ); 1287c478bd9Sstevel@tonic-gate /* dispatch.c */ 129505d05c7Sgtb krb5_error_code dispatch (krb5_data *, 1307c478bd9Sstevel@tonic-gate const krb5_fulladdr *, 131505d05c7Sgtb krb5_data **); 1327c478bd9Sstevel@tonic-gate 1337c478bd9Sstevel@tonic-gate /* main.c */ 134505d05c7Sgtb krb5_error_code kdc_initialize_rcache (krb5_context, char *); 1357c478bd9Sstevel@tonic-gate 136505d05c7Sgtb krb5_error_code setup_server_realm (krb5_principal); 1377c478bd9Sstevel@tonic-gate 1387c478bd9Sstevel@tonic-gate /* network.c */ 139505d05c7Sgtb krb5_error_code listen_and_process (const char *); 140505d05c7Sgtb krb5_error_code setup_network (const char *); 141505d05c7Sgtb krb5_error_code closedown_network (const char *); 1427c478bd9Sstevel@tonic-gate 1437c478bd9Sstevel@tonic-gate /* policy.c */ 144505d05c7Sgtb int against_local_policy_as (krb5_kdc_req *, krb5_db_entry, 1457c478bd9Sstevel@tonic-gate krb5_db_entry, krb5_timestamp, 146505d05c7Sgtb const char **); 1477c478bd9Sstevel@tonic-gate 148505d05c7Sgtb int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry, 149505d05c7Sgtb krb5_ticket *, const char **); 1507c478bd9Sstevel@tonic-gate 1517c478bd9Sstevel@tonic-gate /* kdc_preauth.c */ 1527c478bd9Sstevel@tonic-gate const char * missing_required_preauth 153505d05c7Sgtb (krb5_db_entry *client, krb5_db_entry *server, 154505d05c7Sgtb krb5_enc_tkt_part *enc_tkt_reply); 155505d05c7Sgtb void get_preauth_hint_list (krb5_kdc_req * request, 1567c478bd9Sstevel@tonic-gate krb5_db_entry *client, 1577c478bd9Sstevel@tonic-gate krb5_db_entry *server, 158505d05c7Sgtb krb5_data *e_data); 159*159d09a2SMark Phalan krb5_error_code load_preauth_plugins(krb5_context context); 160*159d09a2SMark Phalan krb5_error_code unload_preauth_plugins(krb5_context context); 161*159d09a2SMark Phalan 1627c478bd9Sstevel@tonic-gate krb5_error_code check_padata 163*159d09a2SMark Phalan (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt, 164*159d09a2SMark Phalan krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply, 165*159d09a2SMark Phalan void **padata_context, krb5_data *e_data); 1667c478bd9Sstevel@tonic-gate 1677c478bd9Sstevel@tonic-gate krb5_error_code return_padata 168505d05c7Sgtb (krb5_context context, krb5_db_entry *client, 169*159d09a2SMark Phalan krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply, 170*159d09a2SMark Phalan krb5_key_data *client_key, krb5_keyblock *encrypting_key, 171*159d09a2SMark Phalan void **padata_context); 172*159d09a2SMark Phalan 173*159d09a2SMark Phalan krb5_error_code free_padata_context 174*159d09a2SMark Phalan (krb5_context context, void **padata_context); 1757c478bd9Sstevel@tonic-gate 1767c478bd9Sstevel@tonic-gate /* replay.c */ 177*159d09a2SMark Phalan krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **); 178*159d09a2SMark Phalan void kdc_insert_lookaside (krb5_data *, krb5_data *); 17956a424ccSmp153739 void kdc_free_lookaside(krb5_context); 1807c478bd9Sstevel@tonic-gate 1817c478bd9Sstevel@tonic-gate /* which way to convert key? */ 1827c478bd9Sstevel@tonic-gate #define CONVERT_INTO_DB 0 1837c478bd9Sstevel@tonic-gate #define CONVERT_OUTOF_DB 1 1847c478bd9Sstevel@tonic-gate 1857c478bd9Sstevel@tonic-gate #define isflagset(flagfield, flag) (flagfield & (flag)) 1867c478bd9Sstevel@tonic-gate #define setflag(flagfield, flag) (flagfield |= (flag)) 1877c478bd9Sstevel@tonic-gate #define clear(flagfield, flag) (flagfield &= ~(flag)) 1887c478bd9Sstevel@tonic-gate 1897c478bd9Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT 190505d05c7Sgtb krb5_error_code process_v4 (const krb5_data *, 1917c478bd9Sstevel@tonic-gate const krb5_fulladdr *, 192505d05c7Sgtb krb5_data **); 19356a424ccSmp153739 void process_v4_mode (const char *, const char *); 19456a424ccSmp153739 void enable_v4_crossrealm(char *); 1957c478bd9Sstevel@tonic-gate #else 1967c478bd9Sstevel@tonic-gate #define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION 1977c478bd9Sstevel@tonic-gate #endif 1987c478bd9Sstevel@tonic-gate 1997c478bd9Sstevel@tonic-gate #ifndef min 2007c478bd9Sstevel@tonic-gate #define min(a, b) ((a) < (b) ? (a) : (b)) 2017c478bd9Sstevel@tonic-gate #define max(a, b) ((a) > (b) ? (a) : (b)) 2027c478bd9Sstevel@tonic-gate #endif 2037c478bd9Sstevel@tonic-gate 2047c478bd9Sstevel@tonic-gate #ifdef KRB5_USE_INET6 2057c478bd9Sstevel@tonic-gate #define ADDRTYPE2FAMILY(X) \ 2067c478bd9Sstevel@tonic-gate ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1) 2077c478bd9Sstevel@tonic-gate #else 2087c478bd9Sstevel@tonic-gate #define ADDRTYPE2FAMILY(X) \ 2097c478bd9Sstevel@tonic-gate ((X) == ADDRTYPE_INET ? AF_INET : -1) 2107c478bd9Sstevel@tonic-gate #endif 2117c478bd9Sstevel@tonic-gate 212*159d09a2SMark Phalan /* RFC 4120: KRB5KDC_ERR_KEY_TOO_WEAK 213*159d09a2SMark Phalan * RFC 4556: KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED */ 214*159d09a2SMark Phalan #define KRB5KDC_ERR_KEY_TOO_WEAK KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED 215*159d09a2SMark Phalan 2167c478bd9Sstevel@tonic-gate #ifdef __cplusplus 2177c478bd9Sstevel@tonic-gate } 2187c478bd9Sstevel@tonic-gate #endif 2197c478bd9Sstevel@tonic-gate 2207c478bd9Sstevel@tonic-gate #endif /* !__KRB5_KDC_UTIL__ */ 221