xref: /onnv-gate/usr/src/cmd/krb5/krb5kdc/extern.h (revision 2881:ea6360e7e1c5) 
10Sstevel@tonic-gate /*
2*2881Smp153739  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
30Sstevel@tonic-gate  * Use is subject to license terms.
40Sstevel@tonic-gate  */
50Sstevel@tonic-gate 
60Sstevel@tonic-gate #ifndef	__KRB5_KDC_EXTERN__
70Sstevel@tonic-gate #define	__KRB5_KDC_EXTERN__
80Sstevel@tonic-gate 
90Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
100Sstevel@tonic-gate 
110Sstevel@tonic-gate #include <netinet/in.h>
120Sstevel@tonic-gate 
130Sstevel@tonic-gate #ifdef	__cplusplus
140Sstevel@tonic-gate extern "C" {
150Sstevel@tonic-gate #endif
160Sstevel@tonic-gate 
170Sstevel@tonic-gate /*
18*2881Smp153739  * Copyright 1990,2001 by the Massachusetts Institute of Technology.
190Sstevel@tonic-gate  *
200Sstevel@tonic-gate  * Export of this software from the United States of America may
210Sstevel@tonic-gate  *   require a specific license from the United States Government.
220Sstevel@tonic-gate  *   It is the responsibility of any person or organization contemplating
230Sstevel@tonic-gate  *   export to obtain such a license before exporting.
240Sstevel@tonic-gate  *
250Sstevel@tonic-gate  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
260Sstevel@tonic-gate  * distribute this software and its documentation for any purpose and
270Sstevel@tonic-gate  * without fee is hereby granted, provided that the above copyright
280Sstevel@tonic-gate  * notice appear in all copies and that both that copyright notice and
290Sstevel@tonic-gate  * this permission notice appear in supporting documentation, and that
300Sstevel@tonic-gate  * the name of M.I.T. not be used in advertising or publicity pertaining
310Sstevel@tonic-gate  * to distribution of the software without specific, written prior
320Sstevel@tonic-gate  * permission.  Furthermore if you modify this software you must label
330Sstevel@tonic-gate  * your software as modified software and not distribute it in such a
340Sstevel@tonic-gate  * fashion that it might be confused with the original M.I.T. software.
350Sstevel@tonic-gate  * M.I.T. makes no representations about the suitability of
360Sstevel@tonic-gate  * this software for any purpose.  It is provided "as is" without express
370Sstevel@tonic-gate  * or implied warranty.
380Sstevel@tonic-gate  *
390Sstevel@tonic-gate  *
400Sstevel@tonic-gate  * <<< Description >>>
410Sstevel@tonic-gate  */
420Sstevel@tonic-gate 
430Sstevel@tonic-gate typedef struct __kdc_realm_data {
440Sstevel@tonic-gate     /*
450Sstevel@tonic-gate      * General Kerberos per-realm data.
460Sstevel@tonic-gate      */
470Sstevel@tonic-gate     char *		realm_name;	/* Realm name			    */
480Sstevel@tonic-gate /* XXX the real context should go away once the db_context is done.
490Sstevel@tonic-gate  * The db_context is then associated with the realm keytab using
500Sstevel@tonic-gate  * krb5_ktkdb_resolv(). There should be nothing in the context which
510Sstevel@tonic-gate  * cannot span multiple realms -- proven */
520Sstevel@tonic-gate     krb5_context	realm_context;	/* Context to be used for realm	    */
530Sstevel@tonic-gate     krb5_keytab		realm_keytab; 	/* keytab to be used for this realm */
540Sstevel@tonic-gate     char *		realm_profile;	/* Profile file for this realm	    */
550Sstevel@tonic-gate     /*
560Sstevel@tonic-gate      * Database per-realm data.
570Sstevel@tonic-gate      */
580Sstevel@tonic-gate     char *		realm_dbname;	/* Database name for realm	    */
590Sstevel@tonic-gate     char *		realm_stash;	/* Stash file name for realm	    */
600Sstevel@tonic-gate     char *		realm_mpname;	/* Master principal name for realm  */
610Sstevel@tonic-gate     krb5_principal	realm_mprinc;	/* Master principal for realm	    */
620Sstevel@tonic-gate     krb5_keyblock	realm_mkey;	/* Master key for this realm	    */
630Sstevel@tonic-gate     /*
640Sstevel@tonic-gate      * TGS per-realm data.
650Sstevel@tonic-gate      */
660Sstevel@tonic-gate     krb5_principal	realm_tgsprinc;	/* TGS principal for this realm	    */
670Sstevel@tonic-gate     /*
680Sstevel@tonic-gate      * Other per-realm data.
690Sstevel@tonic-gate      */
700Sstevel@tonic-gate     char		*realm_ports;	/* Per-realm KDC UDP port */
710Sstevel@tonic-gate     char		*realm_tcp_ports; /* Per-realm KDC TCP port */
720Sstevel@tonic-gate     /*
730Sstevel@tonic-gate      * Per-realm parameters.
740Sstevel@tonic-gate      */
750Sstevel@tonic-gate     krb5_deltat		realm_maxlife;	/* Maximum ticket life for realm    */
760Sstevel@tonic-gate     krb5_deltat		realm_maxrlife;	/* Maximum renewable life for realm */
77*2881Smp153739     krb5_boolean	realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */
780Sstevel@tonic-gate } kdc_realm_t;
790Sstevel@tonic-gate 
800Sstevel@tonic-gate extern kdc_realm_t	**kdc_realmlist;
810Sstevel@tonic-gate extern int		kdc_numrealms;
820Sstevel@tonic-gate extern kdc_realm_t	*kdc_active_realm;
830Sstevel@tonic-gate 
84*2881Smp153739 kdc_realm_t *find_realm_data (char *, krb5_ui_4);
85*2881Smp153739 
860Sstevel@tonic-gate /*
870Sstevel@tonic-gate  * Replace previously used global variables with the active (e.g. request's)
880Sstevel@tonic-gate  * realm data.  This allows us to support multiple realms with minimal logic
890Sstevel@tonic-gate  * changes.
900Sstevel@tonic-gate  */
910Sstevel@tonic-gate #define	kdc_context			kdc_active_realm->realm_context
920Sstevel@tonic-gate #define	max_life_for_realm		kdc_active_realm->realm_maxlife
930Sstevel@tonic-gate #define	max_renewable_life_for_realm	kdc_active_realm->realm_maxrlife
940Sstevel@tonic-gate #define	master_keyblock			kdc_active_realm->realm_mkey
950Sstevel@tonic-gate #define	master_princ			kdc_active_realm->realm_mprinc
960Sstevel@tonic-gate #define	tgs_server_struct		*(kdc_active_realm->realm_tgsprinc)
970Sstevel@tonic-gate #define	tgs_server			kdc_active_realm->realm_tgsprinc
980Sstevel@tonic-gate #define	dbm_db_name			kdc_active_realm->realm_dbname
990Sstevel@tonic-gate #define	primary_port			kdc_active_realm->realm_pport
100*2881Smp153739 #define reject_bad_transit		kdc_active_realm->realm_reject_bad_transit
1010Sstevel@tonic-gate 
1020Sstevel@tonic-gate /* various externs for KDC */
1030Sstevel@tonic-gate extern krb5_data 	empty_string;	/* an empty string */
1040Sstevel@tonic-gate extern krb5_timestamp 	kdc_infinity;	/* greater than all other timestamps */
1050Sstevel@tonic-gate extern krb5_rcache	kdc_rcache;	/* replay cache */
1060Sstevel@tonic-gate extern krb5_keyblock	psr_key;	/* key for predicted sam response */
1070Sstevel@tonic-gate 
1080Sstevel@tonic-gate extern volatile int signal_requests_exit;
1090Sstevel@tonic-gate extern volatile int signal_requests_hup;
1100Sstevel@tonic-gate 
1110Sstevel@tonic-gate /* libbsm */
1120Sstevel@tonic-gate extern void audit_krb5kdc_as_req(struct in_addr *, in_port_t, in_port_t,
1130Sstevel@tonic-gate 				char *, char *, int);
1140Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req(struct in_addr *, in_port_t, in_port_t,
1150Sstevel@tonic-gate 				char *, char *, int);
1160Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req_2ndtktmm(struct in_addr *, in_port_t,
1170Sstevel@tonic-gate 					in_port_t, char *, char *);
1180Sstevel@tonic-gate extern void audit_krb5kdc_tgs_req_alt_tgt(struct in_addr *, in_port_t,
1190Sstevel@tonic-gate 					in_port_t, char *, char *, int);
1200Sstevel@tonic-gate 
1210Sstevel@tonic-gate #ifdef	__cplusplus
1220Sstevel@tonic-gate }
1230Sstevel@tonic-gate #endif
1240Sstevel@tonic-gate 
1250Sstevel@tonic-gate #endif /* !__KRB5_KDC_EXTERN__ */
126