diff options
| author | John Kohl <jtkohl@mit.edu> | 1990-01-30 16:50:50 +0000 |
|---|---|---|
| committer | John Kohl <jtkohl@mit.edu> | 1990-01-30 16:50:50 +0000 |
| commit | 8a06755963d437a3870674ce4b0bf3d3790a8e6b (patch) | |
| tree | b9e1d1615d251ca48d4ed21eebf6ff58bc61bc50 /src/kdc/policy.c | |
| parent | b70673f44985430908ea7ee7660c7aa7531c34b4 (diff) | |
| download | krb5-8a06755963d437a3870674ce4b0bf3d3790a8e6b.tar.gz krb5-8a06755963d437a3870674ce4b0bf3d3790a8e6b.tar.xz krb5-8a06755963d437a3870674ce4b0bf3d3790a8e6b.zip | |
*** empty log message ***
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@202 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/policy.c')
| -rw-r--r-- | src/kdc/policy.c | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/src/kdc/policy.c b/src/kdc/policy.c new file mode 100644 index 0000000000..bb5e563a18 --- /dev/null +++ b/src/kdc/policy.c @@ -0,0 +1,83 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <krb5/mit-copyright.h>. + * + * Policy decision routines for KDC. + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_policy_c[] = +"$Id$"; +#endif /* !lint & !SABER */ + +#include <krb5/copyright.h> + + +#include <krb5/krb5.h> +#include <krb5/kdb.h> + +#include "kdc_util.h" + +/*ARGSUSED*/ +krb5_boolean +against_postdate_policy(fromtime) +krb5_timestamp fromtime; +{ + return FALSE; +} + +krb5_boolean +against_flag_policy_as(request) +register krb5_as_req *request; +{ + if (isset(request->kdc_options, KDC_OPT_FORWARDED) || + isset(request->kdc_options, KDC_OPT_PROXY) || + isset(request->kdc_options, KDC_OPT_RENEW) || + isset(request->kdc_options, KDC_OPT_VALIDATE) || + isset(request->kdc_options, KDC_OPT_REUSE_SKEY) || + isset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY)) + return TRUE; /* against policy */ + + return FALSE; /* not against policy */ +} + +krb5_boolean +against_flag_policy_tgs(request) +register krb5_tgs_req *request; +{ + if (((isset(request->kdc_options, KDC_OPT_FORWARDED) || + isset(request->kdc_options, KDC_OPT_FORWARDABLE)) && + !isset(request->header->ticket->enc_part2->flags, + TKT_FLG_FORWARDABLE)) || /* TGS must be forwardable to get + forwarded or forwardable ticket */ + + ((isset(request->kdc_options, KDC_OPT_PROXY) || + isset(request->kdc_options, KDC_OPT_PROXIABLE)) && + !isset(request->header->ticket->enc_part2->flags, + TKT_FLG_PROXIABLE)) || /* TGS must be proxiable to get + proxiable ticket */ + + ((isset(request->kdc_options, KDC_OPT_ALLOW_POSTDATE) || + isset(request->kdc_options, KDC_OPT_POSTDATED)) && + !isset(request->header->ticket->enc_part2->flags, + TKT_FLG_MAY_POSTDATE)) || /* TGS must allow postdating to get + postdated ticket */ + + (isset(request->kdc_options, KDC_OPT_VALIDATE) && + !isset(request->header->ticket->enc_part2->flags, + TKT_FLG_INVALID)) || /* can only validate invalid tix */ + + ((isset(request->kdc_options, KDC_OPT_RENEW) || + isset(request->kdc_options, KDC_OPT_RENEWABLE)) && + !isset(request->header->ticket->enc_part2->flags, + TKT_FLG_RENEWABLE))) /* can only renew renewable tix */ + + return TRUE; /* against policy */ + + return FALSE; /* XXX not against policy */ +} |