1 /* 2 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * kdc/kdc_util.h 8 * 9 * Copyright 1990 by the Massachusetts Institute of Technology. 10 * 11 * Export of this software from the United States of America may 12 * require a specific license from the United States Government. 13 * It is the responsibility of any person or organization contemplating 14 * export to obtain such a license before exporting. 15 * 16 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 17 * distribute this software and its documentation for any purpose and 18 * without fee is hereby granted, provided that the above copyright 19 * notice appear in all copies and that both that copyright notice and 20 * this permission notice appear in supporting documentation, and that 21 * the name of M.I.T. not be used in advertising or publicity pertaining 22 * to distribution of the software without specific, written prior 23 * permission. Furthermore if you modify this software you must label 24 * your software as modified software and not distribute it in such a 25 * fashion that it might be confused with the original M.I.T. software. 26 * M.I.T. makes no representations about the suitability of 27 * this software for any purpose. It is provided "as is" without express 28 * or implied warranty. 29 * 30 * 31 * Declarations for policy.c 32 */ 33 34 #ifndef __KRB5_KDC_UTIL__ 35 #define __KRB5_KDC_UTIL__ 36 37 #pragma ident "%Z%%M% %I% %E% SMI" 38 39 #include "kdb.h" 40 41 #ifdef __cplusplus 42 extern "C" { 43 #endif 44 45 typedef struct _krb5_fulladdr { 46 krb5_address * address; 47 krb5_ui_4 port; 48 } krb5_fulladdr; 49 50 krb5_error_code check_hot_list (krb5_ticket *); 51 krb5_boolean realm_compare (krb5_principal, krb5_principal); 52 krb5_boolean krb5_is_tgs_principal (krb5_principal); 53 krb5_error_code add_to_transited (krb5_data *, 54 krb5_data *, 55 krb5_principal, 56 krb5_principal, 57 krb5_principal); 58 krb5_error_code compress_transited (krb5_data *, 59 krb5_principal, 60 krb5_data *); 61 krb5_error_code concat_authorization_data (krb5_authdata **, 62 krb5_authdata **, 63 krb5_authdata ***); 64 krb5_error_code fetch_last_req_info (krb5_db_entry *, 65 krb5_last_req_entry ***); 66 67 krb5_error_code kdc_convert_key (krb5_keyblock *, 68 krb5_keyblock *, 69 int); 70 krb5_error_code kdc_process_tgs_req 71 (krb5_kdc_req *, 72 const krb5_fulladdr *, 73 krb5_data *, 74 krb5_ticket **, 75 krb5_keyblock **); 76 77 krb5_error_code kdc_get_server_key (krb5_ticket *, 78 krb5_keyblock **, 79 krb5_kvno *); 80 81 int validate_as_request (krb5_kdc_req *, krb5_db_entry, 82 krb5_db_entry, krb5_timestamp, 83 const char **); 84 85 int validate_tgs_request (krb5_kdc_req *, krb5_db_entry, 86 krb5_ticket *, krb5_timestamp, 87 const char **); 88 89 int fetch_asn1_field (unsigned char *, unsigned int, unsigned int, 90 krb5_data *); 91 92 int 93 dbentry_has_key_for_enctype (krb5_context context, 94 krb5_db_entry *client, 95 krb5_enctype enctype); 96 97 int 98 dbentry_supports_enctype (krb5_context context, 99 krb5_db_entry *client, 100 krb5_enctype enctype); 101 102 krb5_enctype 103 select_session_keytype (krb5_context context, 104 krb5_db_entry *server, 105 int nktypes, 106 krb5_enctype *ktypes); 107 108 krb5_error_code 109 get_salt_from_key (krb5_context, krb5_principal, 110 krb5_key_data *, krb5_data *); 111 112 void limit_string (char *name); 113 114 void 115 ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype); 116 117 void 118 rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep); 119 120 /* do_as_req.c */ 121 krb5_error_code process_as_req (krb5_kdc_req *, 122 const krb5_fulladdr *, 123 krb5_data ** ); 124 125 /* do_tgs_req.c */ 126 krb5_error_code process_tgs_req (krb5_data *, 127 const krb5_fulladdr *, 128 krb5_data ** ); 129 /* dispatch.c */ 130 krb5_error_code dispatch (krb5_data *, 131 const krb5_fulladdr *, 132 krb5_data **); 133 134 /* main.c */ 135 krb5_error_code kdc_initialize_rcache (krb5_context, char *); 136 137 krb5_error_code setup_server_realm (krb5_principal); 138 139 /* network.c */ 140 krb5_error_code listen_and_process (const char *); 141 krb5_error_code setup_network (const char *); 142 krb5_error_code closedown_network (const char *); 143 144 /* policy.c */ 145 int against_local_policy_as (krb5_kdc_req *, krb5_db_entry, 146 krb5_db_entry, krb5_timestamp, 147 const char **); 148 149 int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry, 150 krb5_ticket *, const char **); 151 152 /* kdc_preauth.c */ 153 const char * missing_required_preauth 154 (krb5_db_entry *client, krb5_db_entry *server, 155 krb5_enc_tkt_part *enc_tkt_reply); 156 void get_preauth_hint_list (krb5_kdc_req * request, 157 krb5_db_entry *client, 158 krb5_db_entry *server, 159 krb5_data *e_data); 160 krb5_error_code check_padata 161 (krb5_context context, krb5_db_entry *client, 162 krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply); 163 164 krb5_error_code return_padata 165 (krb5_context context, krb5_db_entry *client, 166 krb5_kdc_req *request, krb5_kdc_rep *reply, 167 krb5_key_data *client_key, krb5_keyblock *encrypting_key); 168 169 /* replay.c */ 170 krb5_boolean kdc_check_lookaside (krb5_data *, const krb5_fulladdr *, 171 krb5_data **); 172 void kdc_insert_lookaside (krb5_data *, const krb5_fulladdr *, 173 krb5_data *); 174 void kdc_free_lookaside(krb5_context); 175 176 /* which way to convert key? */ 177 #define CONVERT_INTO_DB 0 178 #define CONVERT_OUTOF_DB 1 179 180 #define isflagset(flagfield, flag) (flagfield & (flag)) 181 #define setflag(flagfield, flag) (flagfield |= (flag)) 182 #define clear(flagfield, flag) (flagfield &= ~(flag)) 183 184 #ifdef KRB5_KRB4_COMPAT 185 krb5_error_code process_v4 (const krb5_data *, 186 const krb5_fulladdr *, 187 krb5_data **); 188 void process_v4_mode (const char *, const char *); 189 void enable_v4_crossrealm(char *); 190 #else 191 #define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION 192 #endif 193 194 #ifndef min 195 #define min(a, b) ((a) < (b) ? (a) : (b)) 196 #define max(a, b) ((a) > (b) ? (a) : (b)) 197 #endif 198 199 #ifdef KRB5_USE_INET6 200 #define ADDRTYPE2FAMILY(X) \ 201 ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1) 202 #else 203 #define ADDRTYPE2FAMILY(X) \ 204 ((X) == ADDRTYPE_INET ? AF_INET : -1) 205 #endif 206 207 #ifdef __cplusplus 208 } 209 #endif 210 211 #endif /* !__KRB5_KDC_UTIL__ */ 212