diff options
Diffstat (limited to 'src/kdc/kdc_util.h')
-rw-r--r-- | src/kdc/kdc_util.h | 109 |
1 files changed, 101 insertions, 8 deletions
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index a389955..0d8e36b 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -31,6 +31,7 @@ #define __KRB5_KDC_UTIL__ #include "kdb.h" +#include "kdb_ext.h" typedef struct _krb5_fulladdr { krb5_address * address; @@ -38,8 +39,9 @@ typedef struct _krb5_fulladdr { } krb5_fulladdr; krb5_error_code check_hot_list (krb5_ticket *); -krb5_boolean realm_compare (krb5_principal, krb5_principal); -krb5_boolean krb5_is_tgs_principal (krb5_principal); +krb5_boolean realm_compare (krb5_const_principal, krb5_const_principal); +krb5_boolean is_local_principal(krb5_const_principal princ1); +krb5_boolean krb5_is_tgs_principal (krb5_const_principal); krb5_error_code add_to_transited (krb5_data *, krb5_data *, krb5_principal, @@ -62,16 +64,22 @@ krb5_error_code kdc_process_tgs_req const krb5_fulladdr *, krb5_data *, krb5_ticket **, + krb5_db_entry *krbtgt, + int *nprincs, krb5_keyblock **); -krb5_error_code kdc_get_server_key (krb5_ticket *, - krb5_keyblock **, - krb5_kvno *); +krb5_error_code kdc_get_server_key (krb5_ticket *, unsigned int, + krb5_db_entry *, int *, + krb5_keyblock **, krb5_kvno *); int validate_as_request (krb5_kdc_req *, krb5_db_entry, krb5_db_entry, krb5_timestamp, const char **); +int validate_forwardable(krb5_kdc_req *, krb5_db_entry, + krb5_db_entry, krb5_timestamp, + const char **); + int validate_tgs_request (krb5_kdc_req *, krb5_db_entry, krb5_ticket *, krb5_timestamp, const char **); @@ -164,13 +172,26 @@ krb5_error_code return_padata krb5_error_code free_padata_context (krb5_context context, void **padata_context); +krb5_pa_data *find_pa_data + (krb5_pa_data **padata, krb5_preauthtype pa_type); + /* kdc_authdata.c */ krb5_error_code load_authdata_plugins(krb5_context context); krb5_error_code unload_authdata_plugins(krb5_context context); -krb5_error_code handle_authdata (krb5_context context, krb5_db_entry *client, - krb5_data *req_pkt, krb5_kdc_req *request, - krb5_enc_tkt_part *enc_tkt_reply); +krb5_error_code +handle_authdata (krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); /* replay.c */ krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **); @@ -188,6 +209,77 @@ get_principal (krb5_context kcontext, krb5_const_principal search_for, krb5_db_entry *entries, int *nentries, krb5_boolean *more); +krb5_boolean +include_pac_p(krb5_context context, krb5_kdc_req *request); + +krb5_error_code return_svr_referral_data + (krb5_context context, + krb5_db_entry *server, + krb5_enc_kdc_rep_part *reply_encpart); + +krb5_error_code sign_db_authdata + (krb5_context context, + unsigned int flags, + krb5_const_principal client_princ, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_timestamp authtime, + krb5_authdata **tgs_authdata, + krb5_authdata ***ret_authdata, + krb5_db_entry *ad_entry, + int *ad_nprincs); + +krb5_error_code kdc_process_s4u2self_req + (krb5_context context, + krb5_kdc_req *request, + krb5_const_principal client_princ, + const krb5_db_entry *server, + krb5_keyblock *subkey, + krb5_timestamp kdc_time, + krb5_pa_for_user **s4u2_req, + krb5_db_entry *princ, + int *nprincs, + const char **status); + +krb5_error_code kdc_process_s4u2proxy_req + (krb5_context context, + krb5_kdc_req *request, + const krb5_enc_tkt_part *t2enc, + const krb5_db_entry *server, + krb5_const_principal server_princ, + krb5_const_principal proxy_princ, + const char **status); + +krb5_error_code kdc_check_transited_list + (krb5_context context, + const krb5_data *trans, + const krb5_data *realm1, + const krb5_data *realm2); + +krb5_error_code audit_as_request + (krb5_kdc_req *request, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_timestamp authtime, + krb5_error_code errcode); + +krb5_error_code audit_tgs_request + (krb5_kdc_req *request, + krb5_const_principal client, + krb5_db_entry *server, + krb5_timestamp authtime, + krb5_error_code errcode); + +krb5_error_code +validate_transit_path(krb5_context context, + krb5_const_principal client, + krb5_db_entry *server, + krb5_db_entry *krbtgt); + + void log_as_req(const krb5_fulladdr *from, krb5_kdc_req *request, krb5_kdc_rep *reply, @@ -203,6 +295,7 @@ log_tgs_req(const krb5_fulladdr *from, void log_tgs_alt_tgt(krb5_principal p); + #define isflagset(flagfield, flag) (flagfield & (flag)) #define setflag(flagfield, flag) (flagfield |= (flag)) #define clear(flagfield, flag) (flagfield &= ~(flag)) |