1c19800e8SDoug Rabson /* 2ae771770SStanislav Sedov * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan 3c19800e8SDoug Rabson * (Royal Institute of Technology, Stockholm, Sweden). 4c19800e8SDoug Rabson * 5c19800e8SDoug Rabson * Copyright (c) 2005 Andrew Bartlett <abartlet@samba.org> 6c19800e8SDoug Rabson * 7c19800e8SDoug Rabson * All rights reserved. 8c19800e8SDoug Rabson * 9c19800e8SDoug Rabson * Redistribution and use in source and binary forms, with or without 10c19800e8SDoug Rabson * modification, are permitted provided that the following conditions 11c19800e8SDoug Rabson * are met: 12c19800e8SDoug Rabson * 13c19800e8SDoug Rabson * 1. Redistributions of source code must retain the above copyright 14c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer. 15c19800e8SDoug Rabson * 16c19800e8SDoug Rabson * 2. Redistributions in binary form must reproduce the above copyright 17c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer in the 18c19800e8SDoug Rabson * documentation and/or other materials provided with the distribution. 19c19800e8SDoug Rabson * 20c19800e8SDoug Rabson * 3. Neither the name of the Institute nor the names of its contributors 21c19800e8SDoug Rabson * may be used to endorse or promote products derived from this software 22c19800e8SDoug Rabson * without specific prior written permission. 23c19800e8SDoug Rabson * 24c19800e8SDoug Rabson * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 25c19800e8SDoug Rabson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26c19800e8SDoug Rabson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27c19800e8SDoug Rabson * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 28c19800e8SDoug Rabson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29c19800e8SDoug Rabson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30c19800e8SDoug Rabson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31c19800e8SDoug Rabson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32c19800e8SDoug Rabson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33c19800e8SDoug Rabson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34c19800e8SDoug Rabson * SUCH DAMAGE. 35c19800e8SDoug Rabson */ 36c19800e8SDoug Rabson 37c19800e8SDoug Rabson /* 38ae771770SStanislav Sedov * $Id$ 39c19800e8SDoug Rabson */ 40c19800e8SDoug Rabson 41c19800e8SDoug Rabson #ifndef __KDC_H__ 42c19800e8SDoug Rabson #define __KDC_H__ 43c19800e8SDoug Rabson 44ae771770SStanislav Sedov #include <hdb.h> 45c19800e8SDoug Rabson #include <krb5.h> 46c19800e8SDoug Rabson 47c19800e8SDoug Rabson enum krb5_kdc_trpolicy { 48c19800e8SDoug Rabson TRPOLICY_ALWAYS_CHECK, 49c19800e8SDoug Rabson TRPOLICY_ALLOW_PER_PRINCIPAL, 50c19800e8SDoug Rabson TRPOLICY_ALWAYS_HONOUR_REQUEST 51c19800e8SDoug Rabson }; 52c19800e8SDoug Rabson 53c19800e8SDoug Rabson typedef struct krb5_kdc_configuration { 54c19800e8SDoug Rabson krb5_boolean require_preauth; /* require preauth for all principals */ 55c19800e8SDoug Rabson time_t kdc_warn_pwexpire; /* time before expiration to print a warning */ 56c19800e8SDoug Rabson 57c19800e8SDoug Rabson struct HDB **db; 58c19800e8SDoug Rabson int num_db; 59c19800e8SDoug Rabson 60c19800e8SDoug Rabson krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */ 61c19800e8SDoug Rabson 62*cf771f22SStanislav Sedov krb5_boolean tgt_use_strongest_session_key; 63ae771770SStanislav Sedov krb5_boolean preauth_use_strongest_session_key; 64*cf771f22SStanislav Sedov krb5_boolean svc_use_strongest_session_key; 65ae771770SStanislav Sedov krb5_boolean use_strongest_server_key; 66ae771770SStanislav Sedov 67c19800e8SDoug Rabson krb5_boolean check_ticket_addresses; 68c19800e8SDoug Rabson krb5_boolean allow_null_ticket_addresses; 69c19800e8SDoug Rabson krb5_boolean allow_anonymous; 70c19800e8SDoug Rabson enum krb5_kdc_trpolicy trpolicy; 71c19800e8SDoug Rabson 72c19800e8SDoug Rabson krb5_boolean enable_pkinit; 73c19800e8SDoug Rabson krb5_boolean pkinit_princ_in_cert; 74ae771770SStanislav Sedov const char *pkinit_kdc_identity; 75ae771770SStanislav Sedov const char *pkinit_kdc_anchors; 76ae771770SStanislav Sedov const char *pkinit_kdc_friendly_name; 77ae771770SStanislav Sedov const char *pkinit_kdc_ocsp_file; 78ae771770SStanislav Sedov char **pkinit_kdc_cert_pool; 79ae771770SStanislav Sedov char **pkinit_kdc_revoke; 80c19800e8SDoug Rabson int pkinit_dh_min_bits; 81c19800e8SDoug Rabson int pkinit_require_binding; 82ae771770SStanislav Sedov int pkinit_allow_proxy_certs; 83c19800e8SDoug Rabson 84c19800e8SDoug Rabson krb5_log_facility *logf; 85c19800e8SDoug Rabson 86c19800e8SDoug Rabson int enable_digest; 87c19800e8SDoug Rabson int digests_allowed; 88c19800e8SDoug Rabson 89c19800e8SDoug Rabson size_t max_datagram_reply_length; 90c19800e8SDoug Rabson 91c19800e8SDoug Rabson int enable_kx509; 92c19800e8SDoug Rabson const char *kx509_template; 93c19800e8SDoug Rabson const char *kx509_ca; 94c19800e8SDoug Rabson 95c19800e8SDoug Rabson } krb5_kdc_configuration; 96c19800e8SDoug Rabson 97ae771770SStanislav Sedov struct krb5_kdc_service { 98ae771770SStanislav Sedov unsigned int flags; 99ae771770SStanislav Sedov #define KS_KRB5 1 100ae771770SStanislav Sedov #define KS_NO_LENGTH 2 101ae771770SStanislav Sedov krb5_error_code (*process)(krb5_context context, 102ae771770SStanislav Sedov krb5_kdc_configuration *config, 103ae771770SStanislav Sedov krb5_data *req_buffer, 104ae771770SStanislav Sedov krb5_data *reply, 105ae771770SStanislav Sedov const char *from, 106ae771770SStanislav Sedov struct sockaddr *addr, 107ae771770SStanislav Sedov int datagram_reply, 108ae771770SStanislav Sedov int *claim); 109ae771770SStanislav Sedov }; 110ae771770SStanislav Sedov 111c19800e8SDoug Rabson #include <kdc-protos.h> 112c19800e8SDoug Rabson 113c19800e8SDoug Rabson #endif 114