1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
5 * Copyright 1990,2001,2007,2009 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
30 #ifndef __KRB5_KDC_EXTERN__
31 #define __KRB5_KDC_EXTERN__
33 typedef struct __kdc_realm_data {
35 * General Kerberos per-realm data.
37 char * realm_name; /* Realm name */
38 /* XXX the real context should go away once the db_context is done.
39 * The db_context is then associated with the realm keytab using
40 * krb5_ktkdb_resolv(). There should be nothing in the context which
41 * cannot span multiple realms -- proven */
42 krb5_context realm_context; /* Context to be used for realm */
43 krb5_keytab realm_keytab; /* keytab to be used for this realm */
44 char * realm_profile; /* Profile file for this realm */
45 char * realm_host_based_services; /* do referral processing for these services
46 * If '*' - allow all referrals */
47 char * realm_no_host_referral; /* no referral for these services.
48 * If '*' - disallow all referrals and
49 * ignore realm_host_based_services */
51 * Database per-realm data.
53 char * realm_dbname; /* Database name for realm */
54 char * realm_stash; /* Stash file name for realm */
55 char * realm_mpname; /* Master principal name for realm */
56 krb5_principal realm_mprinc; /* Master principal for realm */
58 * Note realm_mkey is mkey read from stash or keyboard and may not be the
59 * latest. The mkey_list will have all the mkeys in use.
61 krb5_keyblock realm_mkey; /* Master key for this realm */
62 krb5_keylist_node * mkey_list; /* list of mkeys in use for this realm */
66 krb5_principal realm_tgsprinc; /* TGS principal for this realm */
68 * Other per-realm data.
70 char *realm_ports; /* Per-realm KDC UDP port */
71 char *realm_tcp_ports; /* Per-realm KDC TCP port */
73 * Per-realm parameters.
75 krb5_deltat realm_maxlife; /* Maximum ticket life for realm */
76 krb5_deltat realm_maxrlife; /* Maximum renewable life for realm */
77 krb5_boolean realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */
80 extern kdc_realm_t **kdc_realmlist;
81 extern int kdc_numrealms;
82 extern kdc_realm_t *kdc_active_realm;
84 kdc_realm_t *find_realm_data (char *, krb5_ui_4);
87 * Replace previously used global variables with the active (e.g. request's)
88 * realm data. This allows us to support multiple realms with minimal logic
91 #define kdc_context kdc_active_realm->realm_context
92 #define max_life_for_realm kdc_active_realm->realm_maxlife
93 #define max_renewable_life_for_realm kdc_active_realm->realm_maxrlife
94 #define master_keyblock kdc_active_realm->realm_mkey
95 #define master_keylist kdc_active_realm->mkey_list
96 #define master_princ kdc_active_realm->realm_mprinc
97 #define tgs_server kdc_active_realm->realm_tgsprinc
98 #define reject_bad_transit kdc_active_realm->realm_reject_bad_transit
100 /* various externs for KDC */
101 extern krb5_data empty_string; /* an empty string */
102 extern krb5_timestamp kdc_infinity; /* greater than all other timestamps */
103 extern krb5_rcache kdc_rcache; /* replay cache */
104 extern krb5_keyblock psr_key; /* key for predicted sam response */
105 extern const int kdc_modifies_kdb;
106 extern char **db_args;
107 extern krb5_int32 max_dgram_reply_size; /* maximum datagram size */
109 extern const int vague_errors;
111 extern volatile int signal_requests_exit;
112 extern volatile int signal_requests_hup;
113 #endif /* __KRB5_KDC_EXTERN__ */