1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
/*
* kdc/kdc_util.h
*
* Copyright 1990 by the Massachusetts Institute of Technology.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* Declarations for policy.c
*/
#ifndef __KRB5_KDC_UTIL__
#define __KRB5_KDC_UTIL__
typedef struct _krb5_fulladdr {
krb5_address * address;
krb5_ui_4 port;
} krb5_fulladdr;
krb5_error_code check_hot_list PROTOTYPE((krb5_ticket *));
krb5_boolean realm_compare PROTOTYPE((krb5_principal, krb5_principal));
krb5_boolean krb5_is_tgs_principal PROTOTYPE((krb5_principal));
krb5_error_code add_to_transited PROTOTYPE((krb5_data *,
krb5_data *,
krb5_principal,
krb5_principal,
krb5_principal));
krb5_error_code compress_transited PROTOTYPE((krb5_data *,
krb5_principal,
krb5_data *));
krb5_error_code concat_authorization_data PROTOTYPE((krb5_authdata **,
krb5_authdata **,
krb5_authdata ***));
krb5_error_code fetch_last_req_info PROTOTYPE((krb5_db_entry *,
krb5_last_req_entry ***));
krb5_error_code kdc_convert_key PROTOTYPE((krb5_keyblock *,
krb5_keyblock *,
int));
krb5_error_code kdc_process_tgs_req
PROTOTYPE((krb5_kdc_req *,
const krb5_fulladdr *,
krb5_data *,
krb5_ticket **,
krb5_keyblock **));
krb5_error_code kdc_get_server_key PROTOTYPE((krb5_ticket *,
krb5_keyblock **,
krb5_kvno *));
int validate_as_request PROTOTYPE((krb5_kdc_req *, krb5_db_entry,
krb5_db_entry, krb5_timestamp,
const char **));
int validate_tgs_request PROTOTYPE((krb5_kdc_req *, krb5_db_entry,
krb5_ticket *, krb5_timestamp,
const char **));
int fetch_asn1_field PROTOTYPE((unsigned char *, unsigned int, unsigned int,
krb5_data *));
int
dbentry_has_key_for_enctype PROTOTYPE((krb5_context context,
krb5_db_entry *client,
krb5_enctype enctype));
int
dbentry_supports_enctype PROTOTYPE((krb5_context context,
krb5_db_entry *client,
krb5_enctype enctype));
krb5_enctype
select_session_keytype PROTOTYPE((krb5_context context,
krb5_db_entry *server,
int nktypes,
krb5_enctype *ktypes));
krb5_error_code
get_salt_from_key PROTOTYPE((krb5_context, krb5_principal,
krb5_key_data *, krb5_data *));
void limit_string PROTOTYPE((char *name));
/* do_as_req.c */
krb5_error_code process_as_req PROTOTYPE((krb5_kdc_req *,
const krb5_fulladdr *,
int,
krb5_data ** ));
/* do_tgs_req.c */
krb5_error_code process_tgs_req PROTOTYPE((krb5_data *,
const krb5_fulladdr *,
int,
krb5_data ** ));
/* dispatch.c */
krb5_error_code dispatch PROTOTYPE((krb5_data *,
const krb5_fulladdr *,
int,
krb5_data **));
/* main.c */
krb5_error_code kdc_initialize_rcache PROTOTYPE((krb5_context, char *));
krb5_error_code setup_server_realm PROTOTYPE((krb5_principal));
/* network.c */
krb5_error_code listen_and_process PROTOTYPE((const char *));
krb5_error_code setup_network PROTOTYPE((const char *));
krb5_error_code closedown_network PROTOTYPE((const char *));
void process_packet PROTOTYPE((int, const char *, int));
/* policy.c */
int against_local_policy_as PROTOTYPE((krb5_kdc_req *, krb5_db_entry,
krb5_db_entry, krb5_timestamp,
const char **));
int against_local_policy_tgs PROTOTYPE((krb5_kdc_req *, krb5_db_entry,
krb5_ticket *, const char **));
/* kdc_preauth.c */
const char * missing_required_preauth
PROTOTYPE((krb5_db_entry *client, krb5_db_entry *server,
krb5_enc_tkt_part *enc_tkt_reply));
void get_preauth_hint_list PROTOTYPE((krb5_kdc_req * request,
krb5_db_entry *client,
krb5_db_entry *server,
krb5_data *e_data));
krb5_error_code check_padata
PROTOTYPE((krb5_context context, krb5_db_entry *client,
krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply));
krb5_error_code return_padata
PROTOTYPE((krb5_context context, krb5_db_entry *client,
krb5_kdc_req *request, krb5_kdc_rep *reply,
krb5_key_data *client_key, krb5_keyblock *encrypting_key));
/* replay.c */
krb5_boolean kdc_check_lookaside PROTOTYPE((krb5_data *, krb5_fulladdr *,
krb5_data **));
void kdc_insert_lookaside PROTOTYPE((krb5_data *, krb5_fulladdr *,
krb5_data *));
/* which way to convert key? */
#define CONVERT_INTO_DB 0
#define CONVERT_OUTOF_DB 1
#define isflagset(flagfield, flag) (flagfield & (flag))
#define setflag(flagfield, flag) (flagfield |= (flag))
#define clear(flagfield, flag) (flagfield &= ~(flag))
#ifdef KRB5_KRB4_COMPAT
krb5_error_code process_v4 PROTOTYPE((const krb5_data *,
const krb5_fulladdr *,
int is_secondary,
krb5_data **));
#else
#define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION
#endif
#ifndef min
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
#endif
#endif /* __KRB5_KDC_UTIL__ */
|
