xref: /titanic_50/usr/src/cmd/krb5/krb5kdc/kdc_util.h (revision 4703203d9b3e06246d73931f07359a7ef70f47bf)
1 /*
2  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 /*
7  * kdc/kdc_util.h
8  *
9  * Copyright 1990 by the Massachusetts Institute of Technology.
10  *
11  * Export of this software from the United States of America may
12  *   require a specific license from the United States Government.
13  *   It is the responsibility of any person or organization contemplating
14  *   export to obtain such a license before exporting.
15  *
16  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
17  * distribute this software and its documentation for any purpose and
18  * without fee is hereby granted, provided that the above copyright
19  * notice appear in all copies and that both that copyright notice and
20  * this permission notice appear in supporting documentation, and that
21  * the name of M.I.T. not be used in advertising or publicity pertaining
22  * to distribution of the software without specific, written prior
23  * permission.  Furthermore if you modify this software you must label
24  * your software as modified software and not distribute it in such a
25  * fashion that it might be confused with the original M.I.T. software.
26  * M.I.T. makes no representations about the suitability of
27  * this software for any purpose.  It is provided "as is" without express
28  * or implied warranty.
29  *
30  *
31  * Declarations for policy.c
32  */
33 
34 #ifndef __KRB5_KDC_UTIL__
35 #define __KRB5_KDC_UTIL__
36 
37 #pragma ident	"%Z%%M%	%I%	%E% SMI"
38 
39 #include "kdb.h"
40 
41 #ifdef	__cplusplus
42 extern "C" {
43 #endif
44 
45 typedef struct _krb5_fulladdr {
46     krb5_address *	address;
47     krb5_ui_4		port;
48 } krb5_fulladdr;
49 
50 krb5_error_code check_hot_list (krb5_ticket *);
51 krb5_boolean realm_compare (krb5_principal, krb5_principal);
52 krb5_boolean krb5_is_tgs_principal (krb5_principal);
53 krb5_error_code add_to_transited (krb5_data *,
54 					    krb5_data *,
55 					    krb5_principal,
56 					    krb5_principal,
57 					    krb5_principal);
58 krb5_error_code compress_transited (krb5_data *,
59 					      krb5_principal,
60 					      krb5_data *);
61 krb5_error_code concat_authorization_data (krb5_authdata **,
62 						     krb5_authdata **,
63 						     krb5_authdata ***);
64 krb5_error_code fetch_last_req_info (krb5_db_entry *,
65 					       krb5_last_req_entry ***);
66 
67 krb5_error_code kdc_convert_key (krb5_keyblock *,
68 					   krb5_keyblock *,
69 					   int);
70 krb5_error_code kdc_process_tgs_req
71 	(krb5_kdc_req *,
72 	           const krb5_fulladdr *,
73 	           krb5_data *,
74 	           krb5_ticket **,
75 	           krb5_keyblock **);
76 
77 krb5_error_code kdc_get_server_key (krb5_ticket *,
78 					      krb5_keyblock **,
79 					      krb5_kvno *);
80 
81 int validate_as_request (krb5_kdc_req *, krb5_db_entry,
82 					  krb5_db_entry, krb5_timestamp,
83 					  const char **);
84 
85 int validate_tgs_request (krb5_kdc_req *, krb5_db_entry,
86 					  krb5_ticket *, krb5_timestamp,
87 					  const char **);
88 
89 int fetch_asn1_field (unsigned char *, unsigned int, unsigned int,
90 				 krb5_data *);
91 
92 int
93 dbentry_has_key_for_enctype (krb5_context context,
94 				       krb5_db_entry *client,
95 				       krb5_enctype enctype);
96 
97 int
98 dbentry_supports_enctype (krb5_context context,
99 				    krb5_db_entry *client,
100 				    krb5_enctype enctype);
101 
102 krb5_enctype
103 select_session_keytype (krb5_context context,
104 				  krb5_db_entry *server,
105 				  int nktypes,
106 				  krb5_enctype *ktypes);
107 
108 krb5_error_code
109 get_salt_from_key (krb5_context, krb5_principal,
110 			     krb5_key_data *, krb5_data *);
111 
112 void limit_string (char *name);
113 
114 void
115 ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype);
116 
117 void
118 rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
119 
120 /* do_as_req.c */
121 krb5_error_code process_as_req (krb5_kdc_req *,
122 					  const krb5_fulladdr *,
123 					  krb5_data ** );
124 
125 /* do_tgs_req.c */
126 krb5_error_code process_tgs_req (krb5_data *,
127 					   const krb5_fulladdr *,
128 					   krb5_data ** );
129 /* dispatch.c */
130 krb5_error_code dispatch (krb5_data *,
131 				    const krb5_fulladdr *,
132 				    krb5_data **);
133 
134 /* main.c */
135 krb5_error_code kdc_initialize_rcache (krb5_context, char *);
136 
137 krb5_error_code setup_server_realm (krb5_principal);
138 
139 /* network.c */
140 krb5_error_code listen_and_process (const char *);
141 krb5_error_code setup_network (const char *);
142 krb5_error_code closedown_network (const char *);
143 
144 /* policy.c */
145 int against_local_policy_as (krb5_kdc_req *, krb5_db_entry,
146 					krb5_db_entry, krb5_timestamp,
147 					const char **);
148 
149 int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry,
150 					krb5_ticket *, const char **);
151 
152 /* kdc_preauth.c */
153 const char * missing_required_preauth
154     (krb5_db_entry *client, krb5_db_entry *server,
155 	       krb5_enc_tkt_part *enc_tkt_reply);
156 void get_preauth_hint_list (krb5_kdc_req * request,
157 				      krb5_db_entry *client,
158 				      krb5_db_entry *server,
159 				      krb5_data *e_data);
160 krb5_error_code check_padata
161     (krb5_context context, krb5_db_entry *client,
162 	       krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply);
163 
164 krb5_error_code return_padata
165     (krb5_context context, krb5_db_entry *client,
166 	       krb5_kdc_req *request, krb5_kdc_rep *reply,
167 	       krb5_key_data *client_key, krb5_keyblock *encrypting_key);
168 
169 /* replay.c */
170 krb5_boolean kdc_check_lookaside (krb5_data *, const krb5_fulladdr *,
171 					    krb5_data **);
172 void kdc_insert_lookaside (krb5_data *, const krb5_fulladdr *,
173 				     krb5_data *);
174 void kdc_free_lookaside(krb5_context);
175 
176 /* which way to convert key? */
177 #define CONVERT_INTO_DB	0
178 #define CONVERT_OUTOF_DB 1
179 
180 #define isflagset(flagfield, flag) (flagfield & (flag))
181 #define setflag(flagfield, flag) (flagfield |= (flag))
182 #define clear(flagfield, flag) (flagfield &= ~(flag))
183 
184 #ifdef KRB5_KRB4_COMPAT
185 krb5_error_code process_v4 (const krb5_data *,
186 				      const krb5_fulladdr *,
187 				      krb5_data **);
188 void process_v4_mode (const char *, const char *);
189 void enable_v4_crossrealm(char *);
190 #else
191 #define process_v4(foo,bar,quux,foobar)	KRB5KRB_AP_ERR_BADVERSION
192 #endif
193 
194 #ifndef	min
195 #define	min(a, b)	((a) < (b) ? (a) : (b))
196 #define	max(a, b)	((a) > (b) ? (a) : (b))
197 #endif
198 
199 #ifdef KRB5_USE_INET6
200 #define ADDRTYPE2FAMILY(X) \
201   ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
202 #else
203 #define ADDRTYPE2FAMILY(X) \
204   ((X) == ADDRTYPE_INET ? AF_INET : -1)
205 #endif
206 
207 #ifdef	__cplusplus
208 }
209 #endif
210 
211 #endif	/* !__KRB5_KDC_UTIL__ */
212