diff options
Diffstat (limited to 'src/kdc/kdc_util.h')
-rw-r--r-- | src/kdc/kdc_util.h | 64 |
1 files changed, 25 insertions, 39 deletions
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index 0cd7989fc..2f215a741 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -32,10 +32,12 @@ #include "kdb.h" #include "net-server.h" +#include "realm_data.h" +#include "reqstate.h" krb5_error_code check_hot_list (krb5_ticket *); -krb5_boolean realm_compare (krb5_const_principal, krb5_const_principal); -krb5_boolean is_local_principal(krb5_const_principal princ1); +krb5_boolean is_local_principal(kdc_realm_t *kdc_active_realm, + krb5_const_principal princ1); krb5_boolean krb5_is_tgs_principal (krb5_const_principal); krb5_boolean is_cross_tgs_principal(krb5_const_principal); krb5_error_code @@ -49,7 +51,8 @@ compress_transited (krb5_data *, krb5_principal, krb5_data *); krb5_error_code -concat_authorization_data (krb5_authdata **, +concat_authorization_data (krb5_context, + krb5_authdata **, krb5_authdata **, krb5_authdata ***); krb5_error_code @@ -58,7 +61,7 @@ fetch_last_req_info (krb5_db_entry *, krb5_last_req_entry ***); krb5_error_code kdc_convert_key (krb5_keyblock *, krb5_keyblock *, int); krb5_error_code -kdc_process_tgs_req (krb5_kdc_req *, +kdc_process_tgs_req (kdc_realm_t *, krb5_kdc_req *, const krb5_fulladdr *, krb5_data *, krb5_ticket **, @@ -67,12 +70,12 @@ kdc_process_tgs_req (krb5_kdc_req *, krb5_pa_data **pa_tgs_req); krb5_error_code -kdc_get_server_key (krb5_ticket *, unsigned int, +kdc_get_server_key (krb5_context, krb5_ticket *, unsigned int, krb5_boolean match_enctype, krb5_db_entry **, krb5_keyblock **, krb5_kvno *); int -validate_as_request (krb5_kdc_req *, krb5_db_entry, +validate_as_request (kdc_realm_t *, krb5_kdc_req *, krb5_db_entry, krb5_db_entry, krb5_timestamp, const char **, krb5_pa_data ***); @@ -82,7 +85,7 @@ validate_forwardable(krb5_kdc_req *, krb5_db_entry, const char **); int -validate_tgs_request (krb5_kdc_req *, krb5_db_entry, +validate_tgs_request (kdc_realm_t *, krb5_kdc_req *, krb5_db_entry, krb5_ticket *, krb5_timestamp, const char **, krb5_pa_data ***); @@ -90,7 +93,7 @@ int fetch_asn1_field (unsigned char *, unsigned int, unsigned int, krb5_data *); krb5_enctype -select_session_keytype (krb5_context context, +select_session_keytype (kdc_realm_t *kdc_active_realm, krb5_db_entry *server, int nktypes, krb5_enctype *ktypes); @@ -106,12 +109,12 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep); /* do_as_req.c */ void process_as_req (krb5_kdc_req *, krb5_data *, - const krb5_fulladdr *, + const krb5_fulladdr *, kdc_realm_t *, verto_ctx *, loop_respond_fn, void *); /* do_tgs_req.c */ krb5_error_code -process_tgs_req (krb5_data *, +process_tgs_req (struct server_handle *, krb5_data *, const krb5_fulladdr *, krb5_data ** ); /* dispatch.c */ @@ -125,8 +128,6 @@ dispatch (void *, loop_respond_fn, void *); -krb5_error_code -setup_server_realm (krb5_principal); void kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...) #if !defined(__cplusplus) && (__GNUC__ > 2) @@ -159,7 +160,7 @@ get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock, krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond, void *arg); void -load_preauth_plugins(krb5_context context); +load_preauth_plugins(struct server_handle * handle, krb5_context context); void unload_preauth_plugins(krb5_context context); @@ -180,9 +181,6 @@ return_padata(krb5_context context, krb5_kdcpreauth_rock rock, void free_padata_context(krb5_context context, void *padata_context); -krb5_pa_data * -find_pa_data (krb5_pa_data **padata, krb5_preauthtype pa_type); - krb5_error_code add_pa_data_element (krb5_context context, krb5_pa_data *padata, @@ -222,13 +220,13 @@ handle_authdata (krb5_context context, /* replay.c */ krb5_error_code kdc_init_lookaside(krb5_context context); -krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **); -void kdc_insert_lookaside (krb5_data *, krb5_data *); +krb5_boolean kdc_check_lookaside (krb5_context, krb5_data *, krb5_data **); +void kdc_insert_lookaside (krb5_context, krb5_data *, krb5_data *); void kdc_remove_lookaside (krb5_context kcontext, krb5_data *); void kdc_free_lookaside(krb5_context); /* kdc_util.c */ -void reset_for_hangup(void); +void reset_for_hangup(void *); krb5_boolean include_pac_p(krb5_context context, krb5_kdc_req *request); @@ -242,7 +240,7 @@ return_enc_padata(krb5_context context, krb5_boolean is_referral); krb5_error_code -kdc_process_s4u2self_req (krb5_context context, +kdc_process_s4u2self_req (kdc_realm_t *kdc_active_realm, krb5_kdc_req *request, krb5_const_principal client_princ, const krb5_db_entry *server, @@ -262,7 +260,7 @@ kdc_make_s4u2self_rep (krb5_context context, krb5_enc_kdc_rep_part *reply_encpart); krb5_error_code -kdc_process_s4u2proxy_req (krb5_context context, +kdc_process_s4u2proxy_req (kdc_realm_t *kdc_active_realm, krb5_kdc_req *request, const krb5_enc_tkt_part *t2enc, const krb5_db_entry *server, @@ -271,7 +269,7 @@ kdc_process_s4u2proxy_req (krb5_context context, const char **status); krb5_error_code -kdc_check_transited_list (krb5_context context, +kdc_check_transited_list (kdc_realm_t *kdc_active_realm, const krb5_data *trans, const krb5_data *realm1, const krb5_data *realm2); @@ -296,7 +294,7 @@ validate_transit_path(krb5_context context, krb5_db_entry *server, krb5_db_entry *krbtgt); void -kdc_get_ticket_endtime(krb5_context context, +kdc_get_ticket_endtime(kdc_realm_t *kdc_active_realm, krb5_timestamp now, krb5_timestamp endtime, krb5_timestamp till, @@ -305,7 +303,7 @@ kdc_get_ticket_endtime(krb5_context context, krb5_timestamp *out_endtime); void -log_as_req(const krb5_fulladdr *from, +log_as_req(krb5_context context, const krb5_fulladdr *from, krb5_kdc_req *request, krb5_kdc_rep *reply, krb5_db_entry *client, const char *cname, krb5_db_entry *server, const char *sname, @@ -319,20 +317,7 @@ log_tgs_req(const krb5_fulladdr *from, unsigned int c_flags, const char *s4u_name, const char *status, krb5_error_code errcode, const char *emsg); void -log_tgs_alt_tgt(krb5_principal p); - -/*Request state*/ - -struct kdc_request_state { - krb5_keyblock *armor_key; - krb5_keyblock *strengthen_key; - krb5_pa_data *cookie; - krb5_int32 fast_options; - krb5_int32 fast_internal_flags; -}; - -krb5_error_code kdc_make_rstate(struct kdc_request_state **out); -void kdc_free_rstate (struct kdc_request_state *s); +log_tgs_alt_tgt(krb5_context context, krb5_principal p); /* FAST*/ enum krb5_fast_kdc_flags { @@ -374,7 +359,8 @@ krb5_error_code kdc_fast_handle_reply_key(struct kdc_request_state *state, krb5_error_code kdc_preauth_get_cookie(struct kdc_request_state *state, krb5_pa_data **cookie); krb5_error_code -kdc_handle_protected_negotiation( krb5_data *req_pkt, krb5_kdc_req *request, +kdc_handle_protected_negotiation( krb5_context context, + krb5_data *req_pkt, krb5_kdc_req *request, const krb5_keyblock *reply_key, krb5_pa_data ***out_enc_padata); krb5_error_code |