17c478bd9Sstevel@tonic-gate /* 256a424ccSmp * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate #ifndef __KRB5_KDC_EXTERN__ 77c478bd9Sstevel@tonic-gate #define __KRB5_KDC_EXTERN__ 87c478bd9Sstevel@tonic-gate 97c478bd9Sstevel@tonic-gate #include <netinet/in.h> 107c478bd9Sstevel@tonic-gate 117c478bd9Sstevel@tonic-gate #ifdef __cplusplus 127c478bd9Sstevel@tonic-gate extern "C" { 137c478bd9Sstevel@tonic-gate #endif 147c478bd9Sstevel@tonic-gate 157c478bd9Sstevel@tonic-gate /* 1656a424ccSmp * Copyright 1990,2001 by the Massachusetts Institute of Technology. 177c478bd9Sstevel@tonic-gate * 187c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 197c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 207c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 217c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 22*2a8bcb4eSToomas Soome * 237c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 247c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 257c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 267c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 277c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 287c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 297c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 307c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 317c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 327c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 337c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 347c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 357c478bd9Sstevel@tonic-gate * or implied warranty. 36*2a8bcb4eSToomas Soome * 377c478bd9Sstevel@tonic-gate * 387c478bd9Sstevel@tonic-gate * <<< Description >>> 397c478bd9Sstevel@tonic-gate */ 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate typedef struct __kdc_realm_data { 427c478bd9Sstevel@tonic-gate /* 437c478bd9Sstevel@tonic-gate * General Kerberos per-realm data. 447c478bd9Sstevel@tonic-gate */ 457c478bd9Sstevel@tonic-gate char * realm_name; /* Realm name */ 46*2a8bcb4eSToomas Soome /* XXX the real context should go away once the db_context is done. 47*2a8bcb4eSToomas Soome * The db_context is then associated with the realm keytab using 48*2a8bcb4eSToomas Soome * krb5_ktkdb_resolv(). There should be nothing in the context which 497c478bd9Sstevel@tonic-gate * cannot span multiple realms -- proven */ 507c478bd9Sstevel@tonic-gate krb5_context realm_context; /* Context to be used for realm */ 517c478bd9Sstevel@tonic-gate krb5_keytab realm_keytab; /* keytab to be used for this realm */ 527c478bd9Sstevel@tonic-gate char * realm_profile; /* Profile file for this realm */ 537c478bd9Sstevel@tonic-gate /* 547c478bd9Sstevel@tonic-gate * Database per-realm data. 557c478bd9Sstevel@tonic-gate */ 567c478bd9Sstevel@tonic-gate char * realm_dbname; /* Database name for realm */ 577c478bd9Sstevel@tonic-gate char * realm_stash; /* Stash file name for realm */ 587c478bd9Sstevel@tonic-gate char * realm_mpname; /* Master principal name for realm */ 597c478bd9Sstevel@tonic-gate krb5_principal realm_mprinc; /* Master principal for realm */ 607c478bd9Sstevel@tonic-gate krb5_keyblock realm_mkey; /* Master key for this realm */ 617c478bd9Sstevel@tonic-gate /* 627c478bd9Sstevel@tonic-gate * TGS per-realm data. 637c478bd9Sstevel@tonic-gate */ 647c478bd9Sstevel@tonic-gate krb5_principal realm_tgsprinc; /* TGS principal for this realm */ 657c478bd9Sstevel@tonic-gate /* 667c478bd9Sstevel@tonic-gate * Other per-realm data. 677c478bd9Sstevel@tonic-gate */ 687c478bd9Sstevel@tonic-gate char *realm_ports; /* Per-realm KDC UDP port */ 697c478bd9Sstevel@tonic-gate char *realm_tcp_ports; /* Per-realm KDC TCP port */ 707c478bd9Sstevel@tonic-gate /* 717c478bd9Sstevel@tonic-gate * Per-realm parameters. 727c478bd9Sstevel@tonic-gate */ 737c478bd9Sstevel@tonic-gate krb5_deltat realm_maxlife; /* Maximum ticket life for realm */ 747c478bd9Sstevel@tonic-gate krb5_deltat realm_maxrlife; /* Maximum renewable life for realm */ 7556a424ccSmp krb5_boolean realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */ 767c478bd9Sstevel@tonic-gate } kdc_realm_t; 777c478bd9Sstevel@tonic-gate 787c478bd9Sstevel@tonic-gate extern kdc_realm_t **kdc_realmlist; 797c478bd9Sstevel@tonic-gate extern int kdc_numrealms; 807c478bd9Sstevel@tonic-gate extern kdc_realm_t *kdc_active_realm; 817c478bd9Sstevel@tonic-gate 8256a424ccSmp kdc_realm_t *find_realm_data (char *, krb5_ui_4); 8356a424ccSmp 847c478bd9Sstevel@tonic-gate /* 857c478bd9Sstevel@tonic-gate * Replace previously used global variables with the active (e.g. request's) 867c478bd9Sstevel@tonic-gate * realm data. This allows us to support multiple realms with minimal logic 877c478bd9Sstevel@tonic-gate * changes. 887c478bd9Sstevel@tonic-gate */ 897c478bd9Sstevel@tonic-gate #define kdc_context kdc_active_realm->realm_context 907c478bd9Sstevel@tonic-gate #define max_life_for_realm kdc_active_realm->realm_maxlife 917c478bd9Sstevel@tonic-gate #define max_renewable_life_for_realm kdc_active_realm->realm_maxrlife 927c478bd9Sstevel@tonic-gate #define master_keyblock kdc_active_realm->realm_mkey 937c478bd9Sstevel@tonic-gate #define master_princ kdc_active_realm->realm_mprinc 947c478bd9Sstevel@tonic-gate #define tgs_server_struct *(kdc_active_realm->realm_tgsprinc) 957c478bd9Sstevel@tonic-gate #define tgs_server kdc_active_realm->realm_tgsprinc 967c478bd9Sstevel@tonic-gate #define dbm_db_name kdc_active_realm->realm_dbname 977c478bd9Sstevel@tonic-gate #define primary_port kdc_active_realm->realm_pport 9856a424ccSmp #define reject_bad_transit kdc_active_realm->realm_reject_bad_transit 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate /* various externs for KDC */ 1017c478bd9Sstevel@tonic-gate extern krb5_data empty_string; /* an empty string */ 1027c478bd9Sstevel@tonic-gate extern krb5_timestamp kdc_infinity; /* greater than all other timestamps */ 1037c478bd9Sstevel@tonic-gate extern krb5_rcache kdc_rcache; /* replay cache */ 1047c478bd9Sstevel@tonic-gate extern krb5_keyblock psr_key; /* key for predicted sam response */ 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate extern volatile int signal_requests_exit; 1077c478bd9Sstevel@tonic-gate extern volatile int signal_requests_hup; 1087c478bd9Sstevel@tonic-gate 109*2a8bcb4eSToomas Soome /* libbsm */ 1107c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_as_req(struct in_addr *, in_port_t, in_port_t, 1117c478bd9Sstevel@tonic-gate char *, char *, int); 1127c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req(struct in_addr *, in_port_t, in_port_t, 1137c478bd9Sstevel@tonic-gate char *, char *, int); 1147c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req_2ndtktmm(struct in_addr *, in_port_t, 1157c478bd9Sstevel@tonic-gate in_port_t, char *, char *); 1167c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req_alt_tgt(struct in_addr *, in_port_t, 1177c478bd9Sstevel@tonic-gate in_port_t, char *, char *, int); 1187c478bd9Sstevel@tonic-gate 1197c478bd9Sstevel@tonic-gate #ifdef __cplusplus 1207c478bd9Sstevel@tonic-gate } 1217c478bd9Sstevel@tonic-gate #endif 1227c478bd9Sstevel@tonic-gate 1237c478bd9Sstevel@tonic-gate #endif /* !__KRB5_KDC_EXTERN__ */ 124