#ifndef __kdc_private_h__
#define __kdc_private_h__
#include <stdarg.h>
krb5_error_code
_kdc_add_KRB5SignedPath (
krb5_context ,
krb5_kdc_configuration *,
hdb_entry_ex *,
krb5_enctype ,
krb5_principal ,
krb5_const_principal ,
krb5_principals ,
EncTicketPart *);
krb5_error_code
_kdc_add_inital_verified_cas (
krb5_context ,
krb5_kdc_configuration *,
pk_client_params *,
EncTicketPart *);
krb5_error_code
_kdc_as_rep(kdc_request_t r,
krb5_data *reply,
const char *from,
struct sockaddr *from_addr,
size_t max_reply_size);
krb5_error_code
_kdc_check_access(krb5_context context,
krb5_kdc_configuration *config,
hdb_entry_ex *client_ex, const char *client_name,
hdb_entry_ex *server_ex, const char *server_name,
KDC_REQ *req,
METHOD_DATA *method_data);
krb5_boolean
_kdc_check_addresses (
krb5_context ,
krb5_kdc_configuration *,
HostAddresses *,
const struct sockaddr *);
krb5_error_code
_kdc_db_fetch (
krb5_context ,
krb5_kdc_configuration *,
krb5_const_principal ,
unsigned ,
krb5int32 *,
HDB **,
hdb_entry_ex **);
krb5_error_code
_kdc_do_digest (
krb5_context ,
krb5_kdc_configuration *,
const struct DigestREQ *,
krb5_data *,
const char *,
struct sockaddr *);
krb5_error_code
_kdc_do_kx509 (
krb5_context ,
krb5_kdc_configuration *,
const struct Kx509Request *,
krb5_data *,
const char *,
struct sockaddr *);
krb5_error_code
_kdc_encode_reply(krb5_context context,
krb5_kdc_configuration *config,
kdc_request_t r,
uint32_t nonce,
KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
krb5_enctype etype,
int skvno, const EncryptionKey *skey,
int ckvno,
int rk_is_subkey,
const char **e_text,
krb5_data *reply);
krb5_error_code
_kdc_find_etype (
krb5_context ,
krb5_boolean ,
krb5_boolean ,
hdb_entry_ex *,
krb5_enctype *,
unsigned ,
krb5_enctype *,
Key **);
const PA_DATA*
_kdc_find_padata (
const KDC_REQ *,
int *,
int );
void
_kdc_fix_time (time_t **);
void
_kdc_free_ent (
krb5_context ,
hdb_entry_ex *);
krb5_error_code
_kdc_get_preferred_key (
krb5_context ,
krb5_kdc_configuration *,
hdb_entry_ex *,
const char *,
krb5_enctype *,
Key **);
krb5_boolean
_kdc_is_anonymous (
krb5_context ,
krb5_principal );
krb5_boolean
_kdc_is_weak_exception (
krb5_principal ,
krb5_enctype );
void
_kdc_log_timestamp (
krb5_context ,
krb5_kdc_configuration *,
const char *,
KerberosTime ,
KerberosTime *,
KerberosTime ,
KerberosTime *);
krb5_error_code
_kdc_make_anonymous_principalname (PrincipalName *);
krb5_error_code
_kdc_pac_generate (
krb5_context ,
hdb_entry_ex *,
krb5_pac *);
krb5_error_code
_kdc_pac_verify (
krb5_context ,
const krb5_principal ,
const krb5_principal ,
hdb_entry_ex *,
hdb_entry_ex *,
hdb_entry_ex *,
krb5_pac *,
int *);
krb5_error_code
_kdc_pk_check_client(krb5_context context,
krb5_kdc_configuration *config,
HDB *clientdb,
hdb_entry_ex *client,
InitiatorName *pku2uInitiatorAssertion,
pk_client_params *cp,
char **subject_name);
void
_kdc_pk_free_client_param (
krb5_context ,
pk_client_params *);
krb5_error_code
_kdc_pk_mk_pa_reply (
kdc_request_t ,
pk_client_params *);
krb5_error_code
_kdc_pk_rd_padata (
krb5_context ,
krb5_kdc_configuration *,
const KDC_REQ *,
const PA_DATA *,
hdb_entry_ex *,
pk_client_params **);
krb5_error_code
_kdc_tgs_rep(kdc_request_t r,
krb5_data *data,
const char *from,
struct sockaddr *from_addr,
size_t max_reply_size);
krb5_error_code
_kdc_tkt_add_if_relevant_ad (
krb5_context ,
EncTicketPart *,
int ,
const krb5_data *);
krb5_error_code
_kdc_try_kx509_request (
void *,
size_t ,
struct Kx509Request *,
size_t *);
krb5_error_code
_kdc_fast_mk_error(krb5_context context,
kdc_request_t r,
METHOD_DATA *error_method,
krb5_crypto armor_crypto,
const KDC_REQ_BODY *req_body,
krb5_error_code outer_error,
const char *e_text,
krb5_principal error_client,
krb5_principal error_server,
time_t *csec, int *cusec,
krb5_data *error_msg);
krb5_error_code
_kdc_fast_mk_response(krb5_context context,
krb5_crypto armor_crypto,
METHOD_DATA *pa_data,
krb5_keyblock *strengthen_key,
KrbFastFinished *finished,
krb5uint32 nonce,
krb5_data *data);
krb5_error_code
_kdc_fast_unwrap_request(kdc_request_t r,
krb5_ticket *tgs_ticket,
krb5_auth_context tgs_ac);
krb5_error_code
_kdc_fast_strengthen_reply_key(kdc_request_t r);
krb5_error_code
_kdc_get_preferred_enctype(krb5_context context,
krb5_kdc_configuration *config,
const hdb_entry_ex *entry,
const char *name,
krb5_enctype *etypes,
unsigned num_etypes,
krb5_enctype *etype);
#endif