1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 4*7c478bd9Sstevel@tonic-gate */ 5*7c478bd9Sstevel@tonic-gate 6*7c478bd9Sstevel@tonic-gate #ifndef __KRB5_KDC_EXTERN__ 7*7c478bd9Sstevel@tonic-gate #define __KRB5_KDC_EXTERN__ 8*7c478bd9Sstevel@tonic-gate 9*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 10*7c478bd9Sstevel@tonic-gate 11*7c478bd9Sstevel@tonic-gate #include <netinet/in.h> 12*7c478bd9Sstevel@tonic-gate 13*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 14*7c478bd9Sstevel@tonic-gate extern "C" { 15*7c478bd9Sstevel@tonic-gate #endif 16*7c478bd9Sstevel@tonic-gate 17*7c478bd9Sstevel@tonic-gate /* 18*7c478bd9Sstevel@tonic-gate * Copyright 1990 by the Massachusetts Institute of Technology. 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * Export of this software from the United States of America may 21*7c478bd9Sstevel@tonic-gate * require a specific license from the United States Government. 22*7c478bd9Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating 23*7c478bd9Sstevel@tonic-gate * export to obtain such a license before exporting. 24*7c478bd9Sstevel@tonic-gate * 25*7c478bd9Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 26*7c478bd9Sstevel@tonic-gate * distribute this software and its documentation for any purpose and 27*7c478bd9Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright 28*7c478bd9Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and 29*7c478bd9Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that 30*7c478bd9Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining 31*7c478bd9Sstevel@tonic-gate * to distribution of the software without specific, written prior 32*7c478bd9Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label 33*7c478bd9Sstevel@tonic-gate * your software as modified software and not distribute it in such a 34*7c478bd9Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software. 35*7c478bd9Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of 36*7c478bd9Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express 37*7c478bd9Sstevel@tonic-gate * or implied warranty. 38*7c478bd9Sstevel@tonic-gate * 39*7c478bd9Sstevel@tonic-gate * 40*7c478bd9Sstevel@tonic-gate * <<< Description >>> 41*7c478bd9Sstevel@tonic-gate */ 42*7c478bd9Sstevel@tonic-gate 43*7c478bd9Sstevel@tonic-gate typedef struct __kdc_realm_data { 44*7c478bd9Sstevel@tonic-gate /* 45*7c478bd9Sstevel@tonic-gate * General Kerberos per-realm data. 46*7c478bd9Sstevel@tonic-gate */ 47*7c478bd9Sstevel@tonic-gate char * realm_name; /* Realm name */ 48*7c478bd9Sstevel@tonic-gate /* XXX the real context should go away once the db_context is done. 49*7c478bd9Sstevel@tonic-gate * The db_context is then associated with the realm keytab using 50*7c478bd9Sstevel@tonic-gate * krb5_ktkdb_resolv(). There should be nothing in the context which 51*7c478bd9Sstevel@tonic-gate * cannot span multiple realms -- proven */ 52*7c478bd9Sstevel@tonic-gate krb5_context realm_context; /* Context to be used for realm */ 53*7c478bd9Sstevel@tonic-gate krb5_keytab realm_keytab; /* keytab to be used for this realm */ 54*7c478bd9Sstevel@tonic-gate char * realm_profile; /* Profile file for this realm */ 55*7c478bd9Sstevel@tonic-gate /* 56*7c478bd9Sstevel@tonic-gate * Database per-realm data. 57*7c478bd9Sstevel@tonic-gate */ 58*7c478bd9Sstevel@tonic-gate char * realm_dbname; /* Database name for realm */ 59*7c478bd9Sstevel@tonic-gate char * realm_stash; /* Stash file name for realm */ 60*7c478bd9Sstevel@tonic-gate char * realm_mpname; /* Master principal name for realm */ 61*7c478bd9Sstevel@tonic-gate krb5_principal realm_mprinc; /* Master principal for realm */ 62*7c478bd9Sstevel@tonic-gate krb5_keyblock realm_mkey; /* Master key for this realm */ 63*7c478bd9Sstevel@tonic-gate krb5_kvno realm_mkvno; /* Master key vno for this realm */ 64*7c478bd9Sstevel@tonic-gate /* 65*7c478bd9Sstevel@tonic-gate * TGS per-realm data. 66*7c478bd9Sstevel@tonic-gate */ 67*7c478bd9Sstevel@tonic-gate krb5_principal realm_tgsprinc; /* TGS principal for this realm */ 68*7c478bd9Sstevel@tonic-gate krb5_keyblock realm_tgskey; /* TGS' key for this realm */ 69*7c478bd9Sstevel@tonic-gate krb5_kvno realm_tgskvno; /* TGS' key vno for this realm */ 70*7c478bd9Sstevel@tonic-gate /* 71*7c478bd9Sstevel@tonic-gate * Other per-realm data. 72*7c478bd9Sstevel@tonic-gate */ 73*7c478bd9Sstevel@tonic-gate char *realm_ports; /* Per-realm KDC UDP port */ 74*7c478bd9Sstevel@tonic-gate char *realm_tcp_ports; /* Per-realm KDC TCP port */ 75*7c478bd9Sstevel@tonic-gate /* 76*7c478bd9Sstevel@tonic-gate * Per-realm parameters. 77*7c478bd9Sstevel@tonic-gate */ 78*7c478bd9Sstevel@tonic-gate krb5_deltat realm_maxlife; /* Maximum ticket life for realm */ 79*7c478bd9Sstevel@tonic-gate krb5_deltat realm_maxrlife; /* Maximum renewable life for realm */ 80*7c478bd9Sstevel@tonic-gate void *realm_kstypes; /* Key/Salts supported for realm */ 81*7c478bd9Sstevel@tonic-gate krb5_int32 realm_nkstypes; /* Number of key/salts */ 82*7c478bd9Sstevel@tonic-gate } kdc_realm_t; 83*7c478bd9Sstevel@tonic-gate 84*7c478bd9Sstevel@tonic-gate extern kdc_realm_t **kdc_realmlist; 85*7c478bd9Sstevel@tonic-gate extern int kdc_numrealms; 86*7c478bd9Sstevel@tonic-gate extern kdc_realm_t *kdc_active_realm; 87*7c478bd9Sstevel@tonic-gate 88*7c478bd9Sstevel@tonic-gate /* 89*7c478bd9Sstevel@tonic-gate * Replace previously used global variables with the active (e.g. request's) 90*7c478bd9Sstevel@tonic-gate * realm data. This allows us to support multiple realms with minimal logic 91*7c478bd9Sstevel@tonic-gate * changes. 92*7c478bd9Sstevel@tonic-gate */ 93*7c478bd9Sstevel@tonic-gate #define kdc_context kdc_active_realm->realm_context 94*7c478bd9Sstevel@tonic-gate #define max_life_for_realm kdc_active_realm->realm_maxlife 95*7c478bd9Sstevel@tonic-gate #define max_renewable_life_for_realm kdc_active_realm->realm_maxrlife 96*7c478bd9Sstevel@tonic-gate #define master_keyblock kdc_active_realm->realm_mkey 97*7c478bd9Sstevel@tonic-gate #define master_princ kdc_active_realm->realm_mprinc 98*7c478bd9Sstevel@tonic-gate #define tgs_key kdc_active_realm->realm_tgskey 99*7c478bd9Sstevel@tonic-gate #define tgs_kvno kdc_active_realm->realm_tgskvno 100*7c478bd9Sstevel@tonic-gate #define tgs_server_struct *(kdc_active_realm->realm_tgsprinc) 101*7c478bd9Sstevel@tonic-gate #define tgs_server kdc_active_realm->realm_tgsprinc 102*7c478bd9Sstevel@tonic-gate #define dbm_db_name kdc_active_realm->realm_dbname 103*7c478bd9Sstevel@tonic-gate #define primary_port kdc_active_realm->realm_pport 104*7c478bd9Sstevel@tonic-gate 105*7c478bd9Sstevel@tonic-gate /* various externs for KDC */ 106*7c478bd9Sstevel@tonic-gate extern krb5_data empty_string; /* an empty string */ 107*7c478bd9Sstevel@tonic-gate extern krb5_timestamp kdc_infinity; /* greater than all other timestamps */ 108*7c478bd9Sstevel@tonic-gate extern krb5_rcache kdc_rcache; /* replay cache */ 109*7c478bd9Sstevel@tonic-gate extern krb5_keyblock psr_key; /* key for predicted sam response */ 110*7c478bd9Sstevel@tonic-gate 111*7c478bd9Sstevel@tonic-gate extern volatile int signal_requests_exit; 112*7c478bd9Sstevel@tonic-gate extern volatile int signal_requests_hup; 113*7c478bd9Sstevel@tonic-gate 114*7c478bd9Sstevel@tonic-gate /* libbsm */ 115*7c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_as_req(struct in_addr *, in_port_t, in_port_t, 116*7c478bd9Sstevel@tonic-gate char *, char *, int); 117*7c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req(struct in_addr *, in_port_t, in_port_t, 118*7c478bd9Sstevel@tonic-gate char *, char *, int); 119*7c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req_2ndtktmm(struct in_addr *, in_port_t, 120*7c478bd9Sstevel@tonic-gate in_port_t, char *, char *); 121*7c478bd9Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req_alt_tgt(struct in_addr *, in_port_t, 122*7c478bd9Sstevel@tonic-gate in_port_t, char *, char *, int); 123*7c478bd9Sstevel@tonic-gate 124*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 125*7c478bd9Sstevel@tonic-gate } 126*7c478bd9Sstevel@tonic-gate #endif 127*7c478bd9Sstevel@tonic-gate 128*7c478bd9Sstevel@tonic-gate #endif /* !__KRB5_KDC_EXTERN__ */ 129