xref: /titanic_44/usr/src/cmd/krb5/krb5kdc/kdc_util.h (revision 55434c770c89aa1b84474f2559a106803511aba0)
1 /*
2  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * kdc/kdc_util.h
8  *
9  * Copyright 1990 by the Massachusetts Institute of Technology.
10  *
11  * Export of this software from the United States of America may
12  *   require a specific license from the United States Government.
13  *   It is the responsibility of any person or organization contemplating
14  *   export to obtain such a license before exporting.
15  *
16  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
17  * distribute this software and its documentation for any purpose and
18  * without fee is hereby granted, provided that the above copyright
19  * notice appear in all copies and that both that copyright notice and
20  * this permission notice appear in supporting documentation, and that
21  * the name of M.I.T. not be used in advertising or publicity pertaining
22  * to distribution of the software without specific, written prior
23  * permission.  Furthermore if you modify this software you must label
24  * your software as modified software and not distribute it in such a
25  * fashion that it might be confused with the original M.I.T. software.
26  * M.I.T. makes no representations about the suitability of
27  * this software for any purpose.  It is provided "as is" without express
28  * or implied warranty.
29  *
30  *
31  * Declarations for policy.c
32  */
33 
34 #ifndef __KRB5_KDC_UTIL__
35 #define __KRB5_KDC_UTIL__
36 
37 #pragma ident	"%Z%%M%	%I%	%E% SMI"
38 
39 #ifdef	__cplusplus
40 extern "C" {
41 #endif
42 
43 typedef struct _krb5_fulladdr {
44     krb5_address *	address;
45     krb5_ui_4		port;
46 } krb5_fulladdr;
47 
48 krb5_error_code check_hot_list (krb5_ticket *);
49 krb5_boolean realm_compare (krb5_principal, krb5_principal);
50 krb5_boolean krb5_is_tgs_principal (krb5_principal);
51 krb5_error_code add_to_transited (krb5_data *,
52 					    krb5_data *,
53 					    krb5_principal,
54 					    krb5_principal,
55 					    krb5_principal);
56 krb5_error_code compress_transited (krb5_data *,
57 					      krb5_principal,
58 					      krb5_data *);
59 krb5_error_code concat_authorization_data (krb5_authdata **,
60 						     krb5_authdata **,
61 						     krb5_authdata ***);
62 krb5_error_code fetch_last_req_info (krb5_db_entry *,
63 					       krb5_last_req_entry ***);
64 
65 krb5_error_code kdc_convert_key (krb5_keyblock *,
66 					   krb5_keyblock *,
67 					   int);
68 krb5_error_code kdc_process_tgs_req
69 	(krb5_kdc_req *,
70 	           const krb5_fulladdr *,
71 	           krb5_data *,
72 	           krb5_ticket **,
73 	           krb5_keyblock **);
74 
75 krb5_error_code kdc_get_server_key (krb5_ticket *,
76 					      krb5_keyblock **,
77 					      krb5_kvno *);
78 
79 int validate_as_request (krb5_kdc_req *, krb5_db_entry,
80 					  krb5_db_entry, krb5_timestamp,
81 					  const char **);
82 
83 int validate_tgs_request (krb5_kdc_req *, krb5_db_entry,
84 					  krb5_ticket *, krb5_timestamp,
85 					  const char **);
86 
87 int fetch_asn1_field (unsigned char *, unsigned int, unsigned int,
88 				 krb5_data *);
89 
90 int
91 dbentry_has_key_for_enctype (krb5_context context,
92 				       krb5_db_entry *client,
93 				       krb5_enctype enctype);
94 
95 int
96 dbentry_supports_enctype (krb5_context context,
97 				    krb5_db_entry *client,
98 				    krb5_enctype enctype);
99 
100 krb5_enctype
101 select_session_keytype (krb5_context context,
102 				  krb5_db_entry *server,
103 				  int nktypes,
104 				  krb5_enctype *ktypes);
105 
106 krb5_error_code
107 get_salt_from_key (krb5_context, krb5_principal,
108 			     krb5_key_data *, krb5_data *);
109 
110 void limit_string (char *name);
111 
112 void
113 ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype);
114 
115 void
116 rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
117 
118 /* do_as_req.c */
119 krb5_error_code process_as_req (krb5_kdc_req *,
120 					  const krb5_fulladdr *,
121 					  krb5_data ** );
122 
123 /* do_tgs_req.c */
124 krb5_error_code process_tgs_req (krb5_data *,
125 					   const krb5_fulladdr *,
126 					   krb5_data ** );
127 /* dispatch.c */
128 krb5_error_code dispatch (krb5_data *,
129 				    const krb5_fulladdr *,
130 				    krb5_data **);
131 
132 /* main.c */
133 krb5_error_code kdc_initialize_rcache (krb5_context, char *);
134 
135 krb5_error_code setup_server_realm (krb5_principal);
136 
137 /* network.c */
138 krb5_error_code listen_and_process (const char *);
139 krb5_error_code setup_network (const char *);
140 krb5_error_code closedown_network (const char *);
141 
142 /* policy.c */
143 int against_local_policy_as (krb5_kdc_req *, krb5_db_entry,
144 					krb5_db_entry, krb5_timestamp,
145 					const char **);
146 
147 int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry,
148 					krb5_ticket *, const char **);
149 
150 /* kdc_preauth.c */
151 const char * missing_required_preauth
152     (krb5_db_entry *client, krb5_db_entry *server,
153 	       krb5_enc_tkt_part *enc_tkt_reply);
154 void get_preauth_hint_list (krb5_kdc_req * request,
155 				      krb5_db_entry *client,
156 				      krb5_db_entry *server,
157 				      krb5_data *e_data);
158 krb5_error_code check_padata
159     (krb5_context context, krb5_db_entry *client,
160 	       krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply);
161 
162 krb5_error_code return_padata
163     (krb5_context context, krb5_db_entry *client,
164 	       krb5_kdc_req *request, krb5_kdc_rep *reply,
165 	       krb5_key_data *client_key, krb5_keyblock *encrypting_key);
166 
167 /* replay.c */
168 krb5_boolean kdc_check_lookaside (krb5_data *, const krb5_fulladdr *,
169 					    krb5_data **);
170 void kdc_insert_lookaside (krb5_data *, const krb5_fulladdr *,
171 				     krb5_data *);
172 void kdc_free_lookaside(krb5_context);
173 
174 /* which way to convert key? */
175 #define CONVERT_INTO_DB	0
176 #define CONVERT_OUTOF_DB 1
177 
178 #define isflagset(flagfield, flag) (flagfield & (flag))
179 #define setflag(flagfield, flag) (flagfield |= (flag))
180 #define clear(flagfield, flag) (flagfield &= ~(flag))
181 
182 #ifdef KRB5_KRB4_COMPAT
183 krb5_error_code process_v4 (const krb5_data *,
184 				      const krb5_fulladdr *,
185 				      krb5_data **);
186 void process_v4_mode (const char *, const char *);
187 void enable_v4_crossrealm(char *);
188 #else
189 #define process_v4(foo,bar,quux,foobar)	KRB5KRB_AP_ERR_BADVERSION
190 #endif
191 
192 #ifndef	min
193 #define	min(a, b)	((a) < (b) ? (a) : (b))
194 #define	max(a, b)	((a) > (b) ? (a) : (b))
195 #endif
196 
197 #ifdef KRB5_USE_INET6
198 #define ADDRTYPE2FAMILY(X) \
199   ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
200 #else
201 #define ADDRTYPE2FAMILY(X) \
202   ((X) == ADDRTYPE_INET ? AF_INET : -1)
203 #endif
204 
205 #ifdef	__cplusplus
206 }
207 #endif
208 
209 #endif	/* !__KRB5_KDC_UTIL__ */
210