src/kdc/kdc_util.h

   1 /*
   2  * kdc/kdc_util.h
   3  *
   4  * Copyright 1990 by the Massachusetts Institute of Technology.
   5  *
   6  * Export of this software from the United States of America may
   7  *   require a specific license from the United States Government.
   8  *   It is the responsibility of any person or organization contemplating
   9  *   export to obtain such a license before exporting.
  10  *
  11  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  12  * distribute this software and its documentation for any purpose and
  13  * without fee is hereby granted, provided that the above copyright
  14  * notice appear in all copies and that both that copyright notice and
  15  * this permission notice appear in supporting documentation, and that
  16  * the name of M.I.T. not be used in advertising or publicity pertaining
  17  * to distribution of the software without specific, written prior
  18  * permission.  Furthermore if you modify this software you must label
  19  * your software as modified software and not distribute it in such a
  20  * fashion that it might be confused with the original M.I.T. software.
  21  * M.I.T. makes no representations about the suitability of
  22  * this software for any purpose.  It is provided "as is" without express
  23  * or implied warranty.
  24  *
  25  *
  26  * Declarations for policy.c
  27  */
  28
  29 #ifndef __KRB5_KDC_UTIL__
  30 #define __KRB5_KDC_UTIL__
  31
  32 #include "kdb.h"
  33
  34 typedef struct _krb5_fulladdr {
  35     krb5_address *      address;
  36     krb5_ui_4           port;
  37 } krb5_fulladdr;
  38
  39 krb5_error_code check_hot_list (krb5_ticket *);
  40 krb5_boolean realm_compare (krb5_principal, krb5_principal);
  41 krb5_boolean krb5_is_tgs_principal (krb5_principal);
  42 krb5_error_code add_to_transited (krb5_data *,
  43                                             krb5_data *,
  44                                             krb5_principal,
  45                                             krb5_principal,
  46                                             krb5_principal);
  47 krb5_error_code compress_transited (krb5_data *,
  48                                               krb5_principal,
  49                                               krb5_data *);
  50 krb5_error_code concat_authorization_data (krb5_authdata **,
  51                                                      krb5_authdata **,
  52                                                      krb5_authdata ***);
  53 krb5_error_code fetch_last_req_info (krb5_db_entry *,
  54                                                krb5_last_req_entry ***);
  55
  56 krb5_error_code kdc_convert_key (krb5_keyblock *,
  57                                            krb5_keyblock *,
  58                                            int);
  59 krb5_error_code kdc_process_tgs_req
  60         (krb5_kdc_req *,
  61                    const krb5_fulladdr *,
  62                    krb5_data *,
  63                    krb5_ticket **,
  64                    krb5_keyblock **);
  65
  66 krb5_error_code kdc_get_server_key (krb5_ticket *,
  67                                               krb5_keyblock **,
  68                                               krb5_kvno *);
  69
  70 int validate_as_request (krb5_kdc_req *, krb5_db_entry,
  71                                           krb5_db_entry, krb5_timestamp,
  72                                           const char **);
  73
  74 int validate_tgs_request (krb5_kdc_req *, krb5_db_entry,
  75                                           krb5_ticket *, krb5_timestamp,
  76                                           const char **);
  77
  78 int fetch_asn1_field (unsigned char *, unsigned int, unsigned int,
  79                                  krb5_data *);
  80
  81 int
  82 dbentry_has_key_for_enctype (krb5_context context,
  83                                        krb5_db_entry *client,
  84                                        krb5_enctype enctype);
  85
  86 int
  87 dbentry_supports_enctype (krb5_context context,
  88                                     krb5_db_entry *client,
  89                                     krb5_enctype enctype);
  90
  91 krb5_enctype
  92 select_session_keytype (krb5_context context,
  93                                   krb5_db_entry *server,
  94                                   int nktypes,
  95                                   krb5_enctype *ktypes);
  96
  97 krb5_error_code
  98 get_salt_from_key (krb5_context, krb5_principal,
  99                              krb5_key_data *, krb5_data *);
 100
 101 void limit_string (char *name);
 102
 103 void
 104 ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype);
 105
 106 void
 107 rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
 108
 109 /* do_as_req.c */
 110 krb5_error_code process_as_req (krb5_kdc_req *, krb5_data *,
 111                                           const krb5_fulladdr *,
 112                                           krb5_data ** );
 113
 114 /* do_tgs_req.c */
 115 krb5_error_code process_tgs_req (krb5_data *,
 116                                            const krb5_fulladdr *,
 117                                            krb5_data ** );
 118 /* dispatch.c */
 119 krb5_error_code dispatch (krb5_data *,
 120                                     const krb5_fulladdr *,
 121                                     krb5_data **);
 122
 123 /* main.c */
 124 krb5_error_code kdc_initialize_rcache (krb5_context, char *);
 125
 126 krb5_error_code setup_server_realm (krb5_principal);
 127
 128 /* network.c */
 129 krb5_error_code listen_and_process (const char *);
 130 krb5_error_code setup_network (const char *);
 131 krb5_error_code closedown_network (const char *);
 132
 133 /* policy.c */
 134 int against_local_policy_as (krb5_kdc_req *, krb5_db_entry,
 135                                         krb5_db_entry, krb5_timestamp,
 136                                         const char **);
 137
 138 int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry,
 139                                         krb5_ticket *, const char **);
 140
 141 /* kdc_preauth.c */
 142 const char * missing_required_preauth
 143     (krb5_db_entry *client, krb5_db_entry *server,
 144                krb5_enc_tkt_part *enc_tkt_reply);
 145 void get_preauth_hint_list (krb5_kdc_req * request,
 146                                       krb5_db_entry *client,
 147                                       krb5_db_entry *server,
 148                                       krb5_data *e_data);
 149 krb5_error_code load_preauth_plugins(krb5_context context);
 150 krb5_error_code unload_preauth_plugins(krb5_context context);
 151
 152 krb5_error_code check_padata
 153     (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
 154                krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
 155                void **padata_context, krb5_data *e_data);
 156
 157 krb5_error_code return_padata
 158     (krb5_context context, krb5_db_entry *client,
 159                krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply,
 160                krb5_key_data *client_key, krb5_keyblock *encrypting_key,
 161                void **padata_context);
 162
 163 krb5_error_code free_padata_context
 164     (krb5_context context, void **padata_context);
 165
 166 /* replay.c */
 167 krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **);
 168 void kdc_insert_lookaside (krb5_data *, krb5_data *);
 169 void kdc_free_lookaside(krb5_context);
 170
 171 /* which way to convert key? */
 172 #define CONVERT_INTO_DB 0
 173 #define CONVERT_OUTOF_DB 1
 174
 175 #define isflagset(flagfield, flag) (flagfield & (flag))
 176 #define setflag(flagfield, flag) (flagfield |= (flag))
 177 #define clear(flagfield, flag) (flagfield &= ~(flag))
 178
 179 #ifdef KRB5_KRB4_COMPAT
 180 krb5_error_code process_v4 (const krb5_data *,
 181                                       const krb5_fulladdr *,
 182                                       krb5_data **);
 183 void process_v4_mode (const char *, const char *);
 184 void enable_v4_crossrealm(char *);
 185 #else
 186 #define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION
 187 #endif
 188
 189 #ifndef min
 190 #define min(a, b)       ((a) < (b) ? (a) : (b))
 191 #define max(a, b)       ((a) > (b) ? (a) : (b))
 192 #endif
 193
 194 #ifdef KRB5_USE_INET6
 195 #define ADDRTYPE2FAMILY(X) \
 196   ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
 197 #else
 198 #define ADDRTYPE2FAMILY(X) \
 199   ((X) == ADDRTYPE_INET ? AF_INET : -1)
 200 #endif
 201
 202 /* RFC 4120: KRB5KDC_ERR_KEY_TOO_WEAK
 203  * RFC 4556: KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED */
 204 #define KRB5KDC_ERR_KEY_TOO_WEAK KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED
 205
 206 #endif /* __KRB5_KDC_UTIL__ */