usr/src/cmd/krb5/krb5kdc/kdc_util.h

   1 /*
   2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5
   6 /*
   7  * kdc/kdc_util.h
   8  *
   9  * Copyright 1990 by the Massachusetts Institute of Technology.
  10  *
  11  * Export of this software from the United States of America may
  12  *   require a specific license from the United States Government.
  13  *   It is the responsibility of any person or organization contemplating
  14  *   export to obtain such a license before exporting.
  15  *
  16  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  17  * distribute this software and its documentation for any purpose and
  18  * without fee is hereby granted, provided that the above copyright
  19  * notice appear in all copies and that both that copyright notice and
  20  * this permission notice appear in supporting documentation, and that
  21  * the name of M.I.T. not be used in advertising or publicity pertaining
  22  * to distribution of the software without specific, written prior
  23  * permission.  Furthermore if you modify this software you must label
  24  * your software as modified software and not distribute it in such a
  25  * fashion that it might be confused with the original M.I.T. software.
  26  * M.I.T. makes no representations about the suitability of
  27  * this software for any purpose.  It is provided "as is" without express
  28  * or implied warranty.
  29  *
  30  *
  31  * Declarations for policy.c
  32  */
  33
  34 #ifndef __KRB5_KDC_UTIL__
  35 #define __KRB5_KDC_UTIL__
  36
  37
  38 #include "kdb.h"
  39
  40 #ifdef  __cplusplus
  41 extern "C" {
  42 #endif
  43
  44 typedef struct _krb5_fulladdr {
  45     krb5_address *      address;
  46     krb5_ui_4           port;
  47 } krb5_fulladdr;
  48
  49 krb5_error_code check_hot_list (krb5_ticket *);
  50 krb5_boolean realm_compare (krb5_principal, krb5_principal);
  51 krb5_boolean krb5_is_tgs_principal (krb5_principal);
  52 krb5_error_code add_to_transited (krb5_data *,
  53                                             krb5_data *,
  54                                             krb5_principal,
  55                                             krb5_principal,
  56                                             krb5_principal);
  57 krb5_error_code compress_transited (krb5_data *,
  58                                               krb5_principal,
  59                                               krb5_data *);
  60 krb5_error_code concat_authorization_data (krb5_authdata **,
  61                                                      krb5_authdata **,
  62                                                      krb5_authdata ***);
  63 krb5_error_code fetch_last_req_info (krb5_db_entry *,
  64                                                krb5_last_req_entry ***);
  65
  66 krb5_error_code kdc_convert_key (krb5_keyblock *,
  67                                            krb5_keyblock *,
  68                                            int);
  69 krb5_error_code kdc_process_tgs_req
  70         (krb5_kdc_req *,
  71                    const krb5_fulladdr *,
  72                    krb5_data *,
  73                    krb5_ticket **,
  74                    krb5_keyblock **);
  75
  76 krb5_error_code kdc_get_server_key (krb5_ticket *,
  77                                               krb5_keyblock **,
  78                                               krb5_kvno *);
  79
  80 int validate_as_request (krb5_kdc_req *, krb5_db_entry,
  81                                           krb5_db_entry, krb5_timestamp,
  82                                           const char **);
  83
  84 int validate_tgs_request (krb5_kdc_req *, krb5_db_entry,
  85                                           krb5_ticket *, krb5_timestamp,
  86                                           const char **);
  87
  88 int fetch_asn1_field (unsigned char *, unsigned int, unsigned int,
  89                                  krb5_data *);
  90
  91 int
  92 dbentry_has_key_for_enctype (krb5_context context,
  93                                        krb5_db_entry *client,
  94                                        krb5_enctype enctype);
  95
  96 int
  97 dbentry_supports_enctype (krb5_context context,
  98                                     krb5_db_entry *client,
  99                                     krb5_enctype enctype);
 100
 101 krb5_enctype
 102 select_session_keytype (krb5_context context,
 103                                   krb5_db_entry *server,
 104                                   int nktypes,
 105                                   krb5_enctype *ktypes);
 106
 107 krb5_error_code
 108 get_salt_from_key (krb5_context, krb5_principal,
 109                              krb5_key_data *, krb5_data *);
 110
 111 void limit_string (char *name);
 112
 113 void
 114 ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype);
 115
 116 void
 117 rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
 118
 119 /* do_as_req.c */
 120 krb5_error_code process_as_req (krb5_kdc_req *, krb5_data *,
 121                                           const krb5_fulladdr *,
 122                                           krb5_data ** );
 123
 124 /* do_tgs_req.c */
 125 krb5_error_code process_tgs_req (krb5_data *,
 126                                            const krb5_fulladdr *,
 127                                            krb5_data ** );
 128 /* dispatch.c */
 129 krb5_error_code dispatch (krb5_data *,
 130                                     const krb5_fulladdr *,
 131                                     krb5_data **);
 132
 133 /* main.c */
 134 krb5_error_code kdc_initialize_rcache (krb5_context, char *);
 135
 136 krb5_error_code setup_server_realm (krb5_principal);
 137
 138 /* network.c */
 139 krb5_error_code listen_and_process (const char *);
 140 krb5_error_code setup_network (const char *);
 141 krb5_error_code closedown_network (const char *);
 142
 143 /* policy.c */
 144 int against_local_policy_as (krb5_kdc_req *, krb5_db_entry,
 145                                         krb5_db_entry, krb5_timestamp,
 146                                         const char **);
 147
 148 int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry,
 149                                         krb5_ticket *, const char **);
 150
 151 /* kdc_preauth.c */
 152 const char * missing_required_preauth
 153     (krb5_db_entry *client, krb5_db_entry *server,
 154                krb5_enc_tkt_part *enc_tkt_reply);
 155 void get_preauth_hint_list (krb5_kdc_req * request,
 156                                       krb5_db_entry *client,
 157                                       krb5_db_entry *server,
 158                                       krb5_data *e_data);
 159 krb5_error_code load_preauth_plugins(krb5_context context);
 160 krb5_error_code unload_preauth_plugins(krb5_context context);
 161
 162 krb5_error_code check_padata
 163     (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
 164                krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
 165                void **padata_context, krb5_data *e_data);
 166
 167 krb5_error_code return_padata
 168     (krb5_context context, krb5_db_entry *client,
 169                krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply,
 170                krb5_key_data *client_key, krb5_keyblock *encrypting_key,
 171                void **padata_context);
 172
 173 krb5_error_code free_padata_context
 174     (krb5_context context, void **padata_context);
 175
 176 /* replay.c */
 177 krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **);
 178 void kdc_insert_lookaside (krb5_data *, krb5_data *);
 179 void kdc_free_lookaside(krb5_context);
 180
 181 /* which way to convert key? */
 182 #define CONVERT_INTO_DB 0
 183 #define CONVERT_OUTOF_DB 1
 184
 185 #define isflagset(flagfield, flag) (flagfield & (flag))
 186 #define setflag(flagfield, flag) (flagfield |= (flag))
 187 #define clear(flagfield, flag) (flagfield &= ~(flag))
 188
 189 #ifdef KRB5_KRB4_COMPAT
 190 krb5_error_code process_v4 (const krb5_data *,
 191                                       const krb5_fulladdr *,
 192                                       krb5_data **);
 193 void process_v4_mode (const char *, const char *);
 194 void enable_v4_crossrealm(char *);
 195 #else
 196 #define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION
 197 #endif
 198
 199 #ifndef min
 200 #define min(a, b)       ((a) < (b) ? (a) : (b))
 201 #define max(a, b)       ((a) > (b) ? (a) : (b))
 202 #endif
 203
 204 #ifdef KRB5_USE_INET6
 205 #define ADDRTYPE2FAMILY(X) \
 206   ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
 207 #else
 208 #define ADDRTYPE2FAMILY(X) \
 209   ((X) == ADDRTYPE_INET ? AF_INET : -1)
 210 #endif
 211
 212 /* RFC 4120: KRB5KDC_ERR_KEY_TOO_WEAK
 213  * RFC 4556: KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED */
 214 #define KRB5KDC_ERR_KEY_TOO_WEAK KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED
 215
 216 #ifdef  __cplusplus
 217 }
 218 #endif
 219
 220 #endif  /* !__KRB5_KDC_UTIL__ */