4 * Copyright 1990 by the Massachusetts Institute of Technology.
6 * Export of this software from the United States of America may
7 * require a specific license from the United States Government.
8 * It is the responsibility of any person or organization contemplating
9 * export to obtain such a license before exporting.
11 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12 * distribute this software and its documentation for any purpose and
13 * without fee is hereby granted, provided that the above copyright
14 * notice appear in all copies and that both that copyright notice and
15 * this permission notice appear in supporting documentation, and that
16 * the name of M.I.T. not be used in advertising or publicity pertaining
17 * to distribution of the software without specific, written prior
18 * permission. Furthermore if you modify this software you must label
19 * your software as modified software and not distribute it in such a
20 * fashion that it might be confused with the original M.I.T. software.
21 * M.I.T. makes no representations about the suitability of
22 * this software for any purpose. It is provided "as is" without express
23 * or implied warranty.
26 * Declarations for policy.c
29 #ifndef __KRB5_KDC_UTIL__
30 #define __KRB5_KDC_UTIL__
34 typedef struct _krb5_fulladdr {
35 krb5_address * address;
39 krb5_error_code check_hot_list (krb5_ticket *);
40 krb5_boolean realm_compare (krb5_principal, krb5_principal);
41 krb5_boolean krb5_is_tgs_principal (krb5_principal);
42 krb5_error_code add_to_transited (krb5_data *,
47 krb5_error_code compress_transited (krb5_data *,
50 krb5_error_code concat_authorization_data (krb5_authdata **,
53 krb5_error_code fetch_last_req_info (krb5_db_entry *,
54 krb5_last_req_entry ***);
56 krb5_error_code kdc_convert_key (krb5_keyblock *,
59 krb5_error_code kdc_process_tgs_req
61 const krb5_fulladdr *,
66 krb5_error_code kdc_get_server_key (krb5_ticket *,
70 int validate_as_request (krb5_kdc_req *, krb5_db_entry,
71 krb5_db_entry, krb5_timestamp,
74 int validate_tgs_request (krb5_kdc_req *, krb5_db_entry,
75 krb5_ticket *, krb5_timestamp,
78 int fetch_asn1_field (unsigned char *, unsigned int, unsigned int,
82 dbentry_has_key_for_enctype (krb5_context context,
83 krb5_db_entry *client,
84 krb5_enctype enctype);
87 dbentry_supports_enctype (krb5_context context,
88 krb5_db_entry *client,
89 krb5_enctype enctype);
92 select_session_keytype (krb5_context context,
93 krb5_db_entry *server,
95 krb5_enctype *ktypes);
98 get_salt_from_key (krb5_context, krb5_principal,
99 krb5_key_data *, krb5_data *);
101 void limit_string (char *name);
104 ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype);
107 rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
110 krb5_error_code process_as_req (krb5_kdc_req *, krb5_data *,
111 const krb5_fulladdr *,
115 krb5_error_code process_tgs_req (krb5_data *,
116 const krb5_fulladdr *,
119 krb5_error_code dispatch (krb5_data *,
120 const krb5_fulladdr *,
124 krb5_error_code kdc_initialize_rcache (krb5_context, char *);
126 krb5_error_code setup_server_realm (krb5_principal);
129 krb5_error_code listen_and_process (const char *);
130 krb5_error_code setup_network (const char *);
131 krb5_error_code closedown_network (const char *);
134 int against_local_policy_as (krb5_kdc_req *, krb5_db_entry,
135 krb5_db_entry, krb5_timestamp,
138 int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry,
139 krb5_ticket *, const char **);
142 const char * missing_required_preauth
143 (krb5_db_entry *client, krb5_db_entry *server,
144 krb5_enc_tkt_part *enc_tkt_reply);
145 void get_preauth_hint_list (krb5_kdc_req * request,
146 krb5_db_entry *client,
147 krb5_db_entry *server,
149 krb5_error_code load_preauth_plugins(krb5_context context);
150 krb5_error_code unload_preauth_plugins(krb5_context context);
152 krb5_error_code check_padata
153 (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
154 krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
155 void **padata_context, krb5_data *e_data);
157 krb5_error_code return_padata
158 (krb5_context context, krb5_db_entry *client,
159 krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply,
160 krb5_key_data *client_key, krb5_keyblock *encrypting_key,
161 void **padata_context);
163 krb5_error_code free_padata_context
164 (krb5_context context, void **padata_context);
167 krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **);
168 void kdc_insert_lookaside (krb5_data *, krb5_data *);
169 void kdc_free_lookaside(krb5_context);
171 /* which way to convert key? */
172 #define CONVERT_INTO_DB 0
173 #define CONVERT_OUTOF_DB 1
175 #define isflagset(flagfield, flag) (flagfield & (flag))
176 #define setflag(flagfield, flag) (flagfield |= (flag))
177 #define clear(flagfield, flag) (flagfield &= ~(flag))
179 #ifdef KRB5_KRB4_COMPAT
180 krb5_error_code process_v4 (const krb5_data *,
181 const krb5_fulladdr *,
183 void process_v4_mode (const char *, const char *);
184 void enable_v4_crossrealm(char *);
186 #define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION
190 #define min(a, b) ((a) < (b) ? (a) : (b))
191 #define max(a, b) ((a) > (b) ? (a) : (b))
194 #ifdef KRB5_USE_INET6
195 #define ADDRTYPE2FAMILY(X) \
196 ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
198 #define ADDRTYPE2FAMILY(X) \
199 ((X) == ADDRTYPE_INET ? AF_INET : -1)
202 /* RFC 4120: KRB5KDC_ERR_KEY_TOO_WEAK
203 * RFC 4556: KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED */
204 #define KRB5KDC_ERR_KEY_TOO_WEAK KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED
206 #endif /* __KRB5_KDC_UTIL__ */