kdc_util.h revision 505d05c73a6e56769f263d4803b22eddd168ee24
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* kdc/kdc_util.h
*
* Copyright 1990 by the Massachusetts Institute of Technology.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* Declarations for policy.c
*/
#ifndef __KRB5_KDC_UTIL__
#define __KRB5_KDC_UTIL__
#pragma ident "%Z%%M% %I% %E% SMI"
#ifdef __cplusplus
extern "C" {
#endif
typedef struct _krb5_fulladdr {
krb5_address * address;
krb5_ui_4 port;
} krb5_fulladdr;
krb5_error_code check_hot_list (krb5_ticket *);
krb5_boolean realm_compare (krb5_principal, krb5_principal);
krb5_boolean krb5_is_tgs_principal (krb5_principal);
krb5_error_code add_to_transited (krb5_data *,
krb5_data *,
krb5_principal,
krb5_principal,
krb5_principal);
krb5_error_code compress_transited (krb5_data *,
krb5_principal,
krb5_data *);
krb5_error_code concat_authorization_data (krb5_authdata **,
krb5_authdata **,
krb5_authdata ***);
krb5_error_code fetch_last_req_info (krb5_db_entry *,
krb5_last_req_entry ***);
krb5_error_code kdc_convert_key (krb5_keyblock *,
krb5_keyblock *,
int);
krb5_error_code kdc_process_tgs_req
(krb5_kdc_req *,
const krb5_fulladdr *,
krb5_data *,
krb5_ticket **,
krb5_keyblock **);
krb5_error_code kdc_get_server_key (krb5_ticket *,
krb5_keyblock **,
krb5_kvno *);
int validate_as_request (krb5_kdc_req *, krb5_db_entry,
krb5_db_entry, krb5_timestamp,
const char **);
int validate_tgs_request (krb5_kdc_req *, krb5_db_entry,
krb5_ticket *, krb5_timestamp,
const char **);
int fetch_asn1_field (unsigned char *, unsigned int, unsigned int,
krb5_data *);
int
dbentry_has_key_for_enctype (krb5_context context,
krb5_db_entry *client,
krb5_enctype enctype);
int
dbentry_supports_enctype (krb5_context context,
krb5_db_entry *client,
krb5_enctype enctype);
krb5_enctype
select_session_keytype (krb5_context context,
krb5_db_entry *server,
int nktypes,
krb5_enctype *ktypes);
krb5_error_code
get_salt_from_key (krb5_context, krb5_principal,
krb5_key_data *, krb5_data *);
void limit_string (char *name);
/* do_as_req.c */
krb5_error_code process_as_req (krb5_kdc_req *,
const krb5_fulladdr *,
int,
krb5_data ** );
/* do_tgs_req.c */
krb5_error_code process_tgs_req (krb5_data *,
const krb5_fulladdr *,
int,
krb5_data ** );
/* dispatch.c */
krb5_error_code dispatch (krb5_data *,
const krb5_fulladdr *,
int,
krb5_data **);
/* main.c */
krb5_error_code kdc_initialize_rcache (krb5_context, char *);
krb5_error_code setup_server_realm (krb5_principal);
/* network.c */
krb5_error_code listen_and_process (const char *);
krb5_error_code setup_network (const char *);
krb5_error_code closedown_network (const char *);
/* policy.c */
int against_local_policy_as (krb5_kdc_req *, krb5_db_entry,
krb5_db_entry, krb5_timestamp,
const char **);
int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry,
krb5_ticket *, const char **);
/* kdc_preauth.c */
const char * missing_required_preauth
(krb5_db_entry *client, krb5_db_entry *server,
krb5_enc_tkt_part *enc_tkt_reply);
void get_preauth_hint_list (krb5_kdc_req * request,
krb5_db_entry *client,
krb5_db_entry *server,
krb5_data *e_data);
krb5_error_code check_padata
(krb5_context context, krb5_db_entry *client,
krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply);
krb5_error_code return_padata
(krb5_context context, krb5_db_entry *client,
krb5_kdc_req *request, krb5_kdc_rep *reply,
krb5_key_data *client_key, krb5_keyblock *encrypting_key);
/* replay.c */
krb5_boolean kdc_check_lookaside (krb5_data *, const krb5_fulladdr *,
krb5_data **);
void kdc_insert_lookaside (krb5_data *, const krb5_fulladdr *,
krb5_data *);
/* sock2p.c */
#ifndef HAVE_INET_NTOP
/* It's provided by sock2p.c in this case. */
extern const char *inet_ntop (int, const void *, char *, size_t);
#endif
extern void sockaddr2p (const struct sockaddr *, char *, size_t, int *);
/* which way to convert key? */
#define CONVERT_INTO_DB 0
#define CONVERT_OUTOF_DB 1
#define isflagset(flagfield, flag) (flagfield & (flag))
#define setflag(flagfield, flag) (flagfield |= (flag))
#define clear(flagfield, flag) (flagfield &= ~(flag))
#ifdef KRB5_KRB4_COMPAT
krb5_error_code process_v4 (const krb5_data *,
const krb5_fulladdr *,
int is_secondary,
krb5_data **);
#else
#define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION
#endif
#ifndef min
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
#endif
#ifdef KRB5_USE_INET6
#define ADDRTYPE2FAMILY(X) \
((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
#else
#define ADDRTYPE2FAMILY(X) \
((X) == ADDRTYPE_INET ? AF_INET : -1)
#endif
#ifdef __cplusplus
}
#endif
#endif /* !__KRB5_KDC_UTIL__ */