diff options
Diffstat (limited to 'kdc/kdc.h')
| -rw-r--r-- | kdc/kdc.h | 101 |
1 files changed, 49 insertions, 52 deletions
diff --git a/kdc/kdc.h b/kdc/kdc.h index be4257ff24df..34ff4ac8919c 100644 --- a/kdc/kdc.h +++ b/kdc/kdc.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2022 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * * Copyright (c) 2005 Andrew Bartlett <abartlet@samba.org> @@ -43,6 +43,8 @@ #include <hdb.h> #include <krb5.h> +#include <kx509_asn1.h> +#include <gssapi/gssapi.h> enum krb5_kdc_trpolicy { TRPOLICY_ALWAYS_CHECK, @@ -50,68 +52,63 @@ enum krb5_kdc_trpolicy { TRPOLICY_ALWAYS_HONOUR_REQUEST }; -typedef struct krb5_kdc_configuration { - krb5_boolean require_preauth; /* require preauth for all principals */ - time_t kdc_warn_pwexpire; /* time before expiration to print a warning */ +struct krb5_kdc_configuration; +typedef struct krb5_kdc_configuration krb5_kdc_configuration; - struct HDB **db; - int num_db; - - int num_kdc_processes; +/* + * Access to request fields by plugins and other out-of-tree + * consumers should be via the functions in kdc-accessors.h. + */ - krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */ +struct kdc_request_desc; +typedef struct kdc_request_desc *kdc_request_t; - krb5_boolean tgt_use_strongest_session_key; - krb5_boolean preauth_use_strongest_session_key; - krb5_boolean svc_use_strongest_session_key; - krb5_boolean use_strongest_server_key; +struct astgs_request_desc; +typedef struct astgs_request_desc *astgs_request_t; - krb5_boolean check_ticket_addresses; - krb5_boolean allow_null_ticket_addresses; - krb5_boolean allow_anonymous; - krb5_boolean historical_anon_realm; - krb5_boolean strict_nametypes; - enum krb5_kdc_trpolicy trpolicy; +struct kx509_req_context_desc; +typedef struct kx509_req_context_desc *kx509_req_context; - krb5_boolean enable_pkinit; - krb5_boolean pkinit_princ_in_cert; - const char *pkinit_kdc_identity; - const char *pkinit_kdc_anchors; - const char *pkinit_kdc_friendly_name; - const char *pkinit_kdc_ocsp_file; - char **pkinit_kdc_cert_pool; - char **pkinit_kdc_revoke; - int pkinit_dh_min_bits; - int pkinit_require_binding; - int pkinit_allow_proxy_certs; +struct krb5_kdc_service { + unsigned int flags; +#define KS_KRB5 1 +#define KS_NO_LENGTH 2 + const char *name; + krb5_error_code (*process)(kdc_request_t *, int *claim); +}; - krb5_log_facility *logf; +/* + * The following fields are guaranteed stable within a major + * release of Heimdal and can be manipulated by applications + * that manage KDC requests themselves using libkdc. + * + * Applications can make custom KDC configuration available + * to libkdc by using krb5_set_config(). + */ - int enable_digest; - int digests_allowed; +#define KRB5_KDC_CONFIGURATION_COMMON_ELEMENTS \ + krb5_log_facility *logf; \ + struct HDB **db; \ + size_t num_db; \ + const char *app - size_t max_datagram_reply_length; +#ifndef __KDC_LOCL_H__ +struct krb5_kdc_configuration { + KRB5_KDC_CONFIGURATION_COMMON_ELEMENTS; +}; +#endif - int enable_kx509; - const char *kx509_template; - const char *kx509_ca; +typedef void *kdc_object_t; +typedef struct kdc_array_data *kdc_array_t; +typedef struct kdc_dict_data *kdc_dict_t; +typedef struct kdc_string_data *kdc_string_t; +typedef struct kdc_data_data *kdc_data_t; +typedef struct kdc_number_data *kdc_number_t; -} krb5_kdc_configuration; +typedef void (KRB5_CALLCONV *kdc_array_iterator_t)(kdc_object_t, void *, int *); -struct krb5_kdc_service { - unsigned int flags; -#define KS_KRB5 1 -#define KS_NO_LENGTH 2 - krb5_error_code (*process)(krb5_context context, - krb5_kdc_configuration *config, - krb5_data *req_buffer, - krb5_data *reply, - const char *from, - struct sockaddr *addr, - int datagram_reply, - int *claim); -}; +typedef void (KRB5_CALLCONV *kdc_type_dealloc)(kdc_object_t); #include <kdc-protos.h> -#endif +#endif /* __KDC_H__ */ |