1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* kdc/realm_data.h */ 3 /* 4 * Copyright (C) 2012 by the Massachusetts Institute of Technology. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * * Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 14 * * Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 30 * OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #ifndef REALM_DATA_H 34 #define REALM_DATA_H 35 36 typedef struct __kdc_realm_data { 37 /* 38 * General Kerberos per-realm data. 39 */ 40 char * realm_name; /* Realm name */ 41 /* XXX the real context should go away once the db_context is done. 42 * The db_context is then associated with the realm keytab using 43 * krb5_ktkdb_resolv(). There should be nothing in the context which 44 * cannot span multiple realms -- proven */ 45 krb5_context realm_context; /* Context to be used for realm */ 46 krb5_keytab realm_keytab; /* keytab to be used for this realm */ 47 char * realm_hostbased; /* referral services for NT-UNKNOWN */ 48 char * realm_no_referral; /* non-referral services */ 49 /* 50 * Database per-realm data. 51 */ 52 char * realm_stash; /* Stash file name for realm */ 53 char * realm_mpname; /* Master principal name for realm */ 54 krb5_principal realm_mprinc; /* Master principal for realm */ 55 /* 56 * Note realm_mkey is mkey read from stash or keyboard and may not be the 57 * latest. 58 */ 59 krb5_keyblock realm_mkey; /* Master key for this realm */ 60 /* 61 * TGS per-realm data. 62 */ 63 krb5_principal realm_tgsprinc; /* TGS principal for this realm */ 64 /* 65 * Other per-realm data. 66 */ 67 char *realm_listen; /* Per-realm KDC UDP listen */ 68 char *realm_tcp_listen; /* Per-realm KDC TCP listen */ 69 /* 70 * Per-realm parameters. 71 */ 72 krb5_deltat realm_maxlife; /* Maximum ticket life for realm */ 73 krb5_deltat realm_maxrlife; /* Maximum renewable life for realm */ 74 krb5_boolean realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */ 75 krb5_boolean realm_restrict_anon; /* Anon to local TGT only */ 76 krb5_boolean realm_disable_pac; /* Prevent issuance of PACs. */ 77 } kdc_realm_t; 78 79 struct server_handle { 80 kdc_realm_t **kdc_realmlist; 81 int kdc_numrealms; 82 krb5_context kdc_err_context; 83 }; 84 85 kdc_realm_t *find_realm_data(struct server_handle *, char *, krb5_ui_4); 86 kdc_realm_t *setup_server_realm(struct server_handle *, krb5_principal); 87 88 #endif /* REALM_DATA_H */ 89