xref: /illumos-gate/usr/src/cmd/krb5/krb5kdc/extern.h (revision a6e6969cf9cfe2070eae4cd6071f76b0fa4f539f)
1 /*
2  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 #ifndef	__KRB5_KDC_EXTERN__
7 #define	__KRB5_KDC_EXTERN__
8 
9 #pragma ident	"%Z%%M%	%I%	%E% SMI"
10 
11 #include <netinet/in.h>
12 
13 #ifdef	__cplusplus
14 extern "C" {
15 #endif
16 
17 /*
18  * Copyright 1990,2001 by the Massachusetts Institute of Technology.
19  *
20  * Export of this software from the United States of America may
21  *   require a specific license from the United States Government.
22  *   It is the responsibility of any person or organization contemplating
23  *   export to obtain such a license before exporting.
24  *
25  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
26  * distribute this software and its documentation for any purpose and
27  * without fee is hereby granted, provided that the above copyright
28  * notice appear in all copies and that both that copyright notice and
29  * this permission notice appear in supporting documentation, and that
30  * the name of M.I.T. not be used in advertising or publicity pertaining
31  * to distribution of the software without specific, written prior
32  * permission.  Furthermore if you modify this software you must label
33  * your software as modified software and not distribute it in such a
34  * fashion that it might be confused with the original M.I.T. software.
35  * M.I.T. makes no representations about the suitability of
36  * this software for any purpose.  It is provided "as is" without express
37  * or implied warranty.
38  *
39  *
40  * <<< Description >>>
41  */
42 
43 typedef struct __kdc_realm_data {
44     /*
45      * General Kerberos per-realm data.
46      */
47     char *		realm_name;	/* Realm name			    */
48 /* XXX the real context should go away once the db_context is done.
49  * The db_context is then associated with the realm keytab using
50  * krb5_ktkdb_resolv(). There should be nothing in the context which
51  * cannot span multiple realms -- proven */
52     krb5_context	realm_context;	/* Context to be used for realm	    */
53     krb5_keytab		realm_keytab; 	/* keytab to be used for this realm */
54     char *		realm_profile;	/* Profile file for this realm	    */
55     /*
56      * Database per-realm data.
57      */
58     char *		realm_dbname;	/* Database name for realm	    */
59     char *		realm_stash;	/* Stash file name for realm	    */
60     char *		realm_mpname;	/* Master principal name for realm  */
61     krb5_principal	realm_mprinc;	/* Master principal for realm	    */
62     krb5_keyblock	realm_mkey;	/* Master key for this realm	    */
63     /*
64      * TGS per-realm data.
65      */
66     krb5_principal	realm_tgsprinc;	/* TGS principal for this realm	    */
67     /*
68      * Other per-realm data.
69      */
70     char		*realm_ports;	/* Per-realm KDC UDP port */
71     char		*realm_tcp_ports; /* Per-realm KDC TCP port */
72     /*
73      * Per-realm parameters.
74      */
75     krb5_deltat		realm_maxlife;	/* Maximum ticket life for realm    */
76     krb5_deltat		realm_maxrlife;	/* Maximum renewable life for realm */
77     krb5_boolean	realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */
78 } kdc_realm_t;
79 
80 extern kdc_realm_t	**kdc_realmlist;
81 extern int		kdc_numrealms;
82 extern kdc_realm_t	*kdc_active_realm;
83 
84 kdc_realm_t *find_realm_data (char *, krb5_ui_4);
85 
86 /*
87  * Replace previously used global variables with the active (e.g. request's)
88  * realm data.  This allows us to support multiple realms with minimal logic
89  * changes.
90  */
91 #define	kdc_context			kdc_active_realm->realm_context
92 #define	max_life_for_realm		kdc_active_realm->realm_maxlife
93 #define	max_renewable_life_for_realm	kdc_active_realm->realm_maxrlife
94 #define	master_keyblock			kdc_active_realm->realm_mkey
95 #define	master_princ			kdc_active_realm->realm_mprinc
96 #define	tgs_server_struct		*(kdc_active_realm->realm_tgsprinc)
97 #define	tgs_server			kdc_active_realm->realm_tgsprinc
98 #define	dbm_db_name			kdc_active_realm->realm_dbname
99 #define	primary_port			kdc_active_realm->realm_pport
100 #define reject_bad_transit		kdc_active_realm->realm_reject_bad_transit
101 
102 /* various externs for KDC */
103 extern krb5_data 	empty_string;	/* an empty string */
104 extern krb5_timestamp 	kdc_infinity;	/* greater than all other timestamps */
105 extern krb5_rcache	kdc_rcache;	/* replay cache */
106 extern krb5_keyblock	psr_key;	/* key for predicted sam response */
107 
108 extern volatile int signal_requests_exit;
109 extern volatile int signal_requests_hup;
110 
111 /* libbsm */
112 extern void audit_krb5kdc_as_req(struct in_addr *, in_port_t, in_port_t,
113 				char *, char *, int);
114 extern void audit_krb5kdc_tgs_req(struct in_addr *, in_port_t, in_port_t,
115 				char *, char *, int);
116 extern void audit_krb5kdc_tgs_req_2ndtktmm(struct in_addr *, in_port_t,
117 					in_port_t, char *, char *);
118 extern void audit_krb5kdc_tgs_req_alt_tgt(struct in_addr *, in_port_t,
119 					in_port_t, char *, char *, int);
120 
121 #ifdef	__cplusplus
122 }
123 #endif
124 
125 #endif /* !__KRB5_KDC_EXTERN__ */
126