1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krad/internal.h - Internal declarations for libkrad */
3 /*
4  * Copyright 2013 Red Hat, Inc.  All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions are met:
8  *
9  *    1. Redistributions of source code must retain the above copyright
10  *       notice, this list of conditions and the following disclaimer.
11  *
12  *    2. Redistributions in binary form must reproduce the above copyright
13  *       notice, this list of conditions and the following disclaimer in
14  *       the documentation and/or other materials provided with the
15  *       distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
18  * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
19  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
20  * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
21  * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
23  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
24  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
25  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  */
29 
30 #ifndef INTERNAL_H_
31 #define INTERNAL_H_
32 
33 #include <k5-int.h>
34 #include "krad.h"
35 
36 #include <errno.h>
37 
38 #include <sys/types.h>
39 #include <sys/socket.h>
40 #include <netdb.h>
41 
42 #ifndef UCHAR_MAX
43 #define UCHAR_MAX 255
44 #endif
45 
46 /* RFC 2865 */
47 #define MAX_ATTRSIZE (UCHAR_MAX - 2)
48 #define MAX_ATTRSETSIZE (KRAD_PACKET_SIZE_MAX - 20)
49 
50 typedef struct krad_remote_st krad_remote;
51 
52 /* Validate constraints of an attribute. */
53 krb5_error_code
54 kr_attr_valid(krad_attr type, const krb5_data *data);
55 
56 /* Encode an attribute. */
57 krb5_error_code
58 kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth,
59                krad_attr type, const krb5_data *in,
60                unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
61 
62 /* Decode an attribute. */
63 krb5_error_code
64 kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
65                krad_attr type, const krb5_data *in,
66                unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
67 
68 /* Encode the attributes into the buffer. */
69 krb5_error_code
70 kr_attrset_encode(const krad_attrset *set, const char *secret,
71                   const unsigned char *auth,
72                   unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen);
73 
74 /* Decode attributes from a buffer. */
75 krb5_error_code
76 kr_attrset_decode(krb5_context ctx, const krb5_data *in, const char *secret,
77                   const unsigned char *auth, krad_attrset **set);
78 
79 /* Create a new remote object which manages a socket and the state of
80  * outstanding requests. */
81 krb5_error_code
82 kr_remote_new(krb5_context kctx, verto_ctx *vctx, const struct addrinfo *info,
83               const char *secret, krad_remote **rr);
84 
85 /* Free a remote object. */
86 void
87 kr_remote_free(krad_remote *rr);
88 
89 /*
90  * Send the packet to the remote. The cb will be called when a response is
91  * received, the request times out, the request is canceled or an error occurs.
92  *
93  * The timeout parameter is the total timeout across all retries in
94  * milliseconds.
95  *
96  * If the cb is called with a retval of ETIMEDOUT it indicates that the
97  * allotted time has elapsed. However, in the case of a timeout, we continue to
98  * listen for the packet until krad_remote_cancel() is called or a response is
99  * received. This means that cb will always be called twice in the event of a
100  * timeout. This permits you to pursue other remotes while still listening for
101  * a response from the first one.
102  */
103 krb5_error_code
104 kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs,
105                krad_cb cb, void *data, int timeout, size_t retries,
106                const krad_packet **pkt);
107 
108 /* Remove packet from the queue of requests awaiting responses. */
109 void
110 kr_remote_cancel(krad_remote *rr, const krad_packet *pkt);
111 
112 /* Determine if this remote object refers to the remote resource identified
113  * by the addrinfo struct and the secret. */
114 krb5_boolean
115 kr_remote_equals(const krad_remote *rr, const struct addrinfo *info,
116                  const char *secret);
117 
118 /* Adapted from lib/krb5/os/sendto_kdc.c. */
119 static inline krb5_error_code
gai_error_code(int err)120 gai_error_code(int err)
121 {
122     switch (err) {
123     case 0:
124         return 0;
125     case EAI_BADFLAGS:
126     case EAI_FAMILY:
127     case EAI_SOCKTYPE:
128     case EAI_SERVICE:
129 #ifdef EAI_ADDRFAMILY
130     case EAI_ADDRFAMILY:
131 #endif
132         return EINVAL;
133     case EAI_AGAIN:
134         return EAGAIN;
135     case EAI_MEMORY:
136         return ENOMEM;
137 #if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME
138     case EAI_NODATA:
139 #endif
140     case EAI_NONAME:
141         return EADDRNOTAVAIL;
142 #ifdef EAI_OVERFLOW
143     case EAI_OVERFLOW:
144         return EOVERFLOW;
145 #endif
146 #ifdef EAI_SYSTEM
147     case EAI_SYSTEM:
148         return errno;
149 #endif
150     default:
151         return EINVAL;
152     }
153 }
154 
155 #endif /* INTERNAL_H_ */
156