17c478bd9Sstevel@tonic-gate /* 2*56a424ccSmp153739 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate * Use is subject to license terms. 47c478bd9Sstevel@tonic-gate */ 57c478bd9Sstevel@tonic-gate 67c478bd9Sstevel@tonic-gate #ifndef __KRB5_KDC_EXTERN__ 77c478bd9Sstevel@tonic-gate #define __KRB5_KDC_EXTERN__ 87c478bd9Sstevel@tonic-gate 97c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 107c478bd9Sstevel@tonic-gate 117c478bd9Sstevel@tonic-gate #include <netinet/in.h> 127c478bd9Sstevel@tonic-gate 137c478bd9Sstevel@tonic-gate #ifdef __cplusplus 147c478bd9Sstevel@tonic-gate extern "C" { 157c478bd9Sstevel@tonic-gate #endif 167c478bd9Sstevel@tonic-gate 177c478bd9Sstevel@tonic-gate /* 18*56a424ccSmp153739 * Copyright 1990,2001 by the Massachusetts Institute of Technology. 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 217c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 227c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 237c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 247c478bd9Sstevel@tonic-gate * 257c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 267c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 277c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 287c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 297c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 307c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 317c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 327c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 337c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 347c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 357c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 367c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 377c478bd9Sstevel@tonic-gate * or implied warranty. 387c478bd9Sstevel@tonic-gate * 397c478bd9Sstevel@tonic-gate * 407c478bd9Sstevel@tonic-gate * <<< Description >>> 417c478bd9Sstevel@tonic-gate */ 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate typedef struct __kdc_realm_data { 447c478bd9Sstevel@tonic-gate /* 457c478bd9Sstevel@tonic-gate * General Kerberos per-realm data. 467c478bd9Sstevel@tonic-gate */ 477c478bd9Sstevel@tonic-gate char * realm_name; /* Realm name */ 487c478bd9Sstevel@tonic-gate /* XXX the real context should go away once the db_context is done. 497c478bd9Sstevel@tonic-gate * The db_context is then associated with the realm keytab using 507c478bd9Sstevel@tonic-gate * krb5_ktkdb_resolv(). There should be nothing in the context which 517c478bd9Sstevel@tonic-gate * cannot span multiple realms -- proven */ 527c478bd9Sstevel@tonic-gate krb5_context realm_context; /* Context to be used for realm */ 537c478bd9Sstevel@tonic-gate krb5_keytab realm_keytab; /* keytab to be used for this realm */ 547c478bd9Sstevel@tonic-gate char * realm_profile; /* Profile file for this realm */ 557c478bd9Sstevel@tonic-gate /* 567c478bd9Sstevel@tonic-gate * Database per-realm data. 577c478bd9Sstevel@tonic-gate */ 587c478bd9Sstevel@tonic-gate char * realm_dbname; /* Database name for realm */ 597c478bd9Sstevel@tonic-gate char * realm_stash; /* Stash file name for realm */ 607c478bd9Sstevel@tonic-gate char * realm_mpname; /* Master principal name for realm */ 617c478bd9Sstevel@tonic-gate krb5_principal realm_mprinc; /* Master principal for realm */ 627c478bd9Sstevel@tonic-gate krb5_keyblock realm_mkey; /* Master key for this realm */ 637c478bd9Sstevel@tonic-gate /* 647c478bd9Sstevel@tonic-gate * TGS per-realm data. 657c478bd9Sstevel@tonic-gate */ 667c478bd9Sstevel@tonic-gate krb5_principal realm_tgsprinc; /* TGS principal for this realm */ 677c478bd9Sstevel@tonic-gate /* 687c478bd9Sstevel@tonic-gate * Other per-realm data. 697c478bd9Sstevel@tonic-gate */ 707c478bd9Sstevel@tonic-gate char *realm_ports; /* Per-realm KDC UDP port */ 717c478bd9Sstevel@tonic-gate char *realm_tcp_ports; /* Per-realm KDC TCP port */ 727c478bd9Sstevel@tonic-gate /* 737c478bd9Sstevel@tonic-gate * Per-realm parameters. 747c478bd9Sstevel@tonic-gate */ 757c478bd9Sstevel@tonic-gate krb5_deltat realm_maxlife; /* Maximum ticket life for realm */ 767c478bd9Sstevel@tonic-gate krb5_deltat realm_maxrlife; /* Maximum renewable life for realm */ 77*56a424ccSmp153739 krb5_boolean realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */ 787c478bd9Sstevel@tonic-gate } kdc_realm_t; 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate extern kdc_realm_t **kdc_realmlist; 817c478bd9Sstevel@tonic-gate extern int kdc_numrealms; 827c478bd9Sstevel@tonic-gate extern kdc_realm_t *kdc_active_realm; 837c478bd9Sstevel@tonic-gate 84*56a424ccSmp153739 kdc_realm_t *find_realm_data (char *, krb5_ui_4); 85*56a424ccSmp153739 867c478bd9Sstevel@tonic-gate /* 877c478bd9Sstevel@tonic-gate * Replace previously used global variables with the active (e.g. request's) 887c478bd9Sstevel@tonic-gate * realm data. This allows us to support multiple realms with minimal logic 897c478bd9Sstevel@tonic-gate * changes. 907c478bd9Sstevel@tonic-gate */ 917c478bd9Sstevel@tonic-gate #define kdc_context kdc_active_realm->realm_context 927c478bd9Sstevel@tonic-gate #define max_life_for_realm kdc_active_realm->realm_maxlife 937c478bd9Sstevel@tonic-gate #define max_renewable_life_for_realm kdc_active_realm->realm_maxrlife 947c478bd9Sstevel@tonic-gate #define master_keyblock kdc_active_realm->realm_mkey 957c478bd9Sstevel@tonic-gate #define master_princ kdc_active_realm->realm_mprinc 967c478bd9Sstevel@tonic-gate #define tgs_server_struct *(kdc_active_realm->realm_tgsprinc) 977c478bd9Sstevel@tonic-gate #define tgs_server kdc_active_realm->realm_tgsprinc 987c478bd9Sstevel@tonic-gate #define dbm_db_name kdc_active_realm->realm_dbname 997c478bd9Sstevel@tonic-gate #define primary_port kdc_active_realm->realm_pport 100*56a424ccSmp153739 #define reject_bad_transit kdc_active_realm->realm_reject_bad_transit 1017c478bd9Sstevel@tonic-gate 1027c478bd9Sstevel@tonic-gate /* various externs for KDC */ 1037c478bd9Sstevel@tonic-gate extern krb5_data empty_string; /* an empty string */ 1047c478bd9Sstevel@tonic-gate extern krb5_timestamp kdc_infinity; /* greater than all other timestamps */ 1057c478bd9Sstevel@tonic-gate extern krb5_rcache kdc_rcache; /* replay cache */ 1067c478bd9Sstevel@tonic-gate extern krb5_keyblock psr_key; /* key for predicted sam response */ 1077c478bd9Sstevel@tonic-gate 1087c478bd9Sstevel@tonic-gate extern volatile int signal_requests_exit; 1097c478bd9Sstevel@tonic-gate extern volatile int signal_requests_hup; 1107c478bd9Sstevel@tonic-gate 1117c478bd9Sstevel@tonic-gate /* libbsm */ 1127c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_as_req(struct in_addr *, in_port_t, in_port_t, 1137c478bd9Sstevel@tonic-gate char *, char *, int); 1147c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req(struct in_addr *, in_port_t, in_port_t, 1157c478bd9Sstevel@tonic-gate char *, char *, int); 1167c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req_2ndtktmm(struct in_addr *, in_port_t, 1177c478bd9Sstevel@tonic-gate in_port_t, char *, char *); 1187c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req_alt_tgt(struct in_addr *, in_port_t, 1197c478bd9Sstevel@tonic-gate in_port_t, char *, char *, int); 1207c478bd9Sstevel@tonic-gate 1217c478bd9Sstevel@tonic-gate #ifdef __cplusplus 1227c478bd9Sstevel@tonic-gate } 1237c478bd9Sstevel@tonic-gate #endif 1247c478bd9Sstevel@tonic-gate 1257c478bd9Sstevel@tonic-gate #endif /* !__KRB5_KDC_EXTERN__ */ 126