1178825Sdfr/* 2233294Sstas * Copyright (c) 1997-2003 Kungliga Tekniska H��gskolan 3233294Sstas * (Royal Institute of Technology, Stockholm, Sweden). 4178825Sdfr * 5178825Sdfr * Copyright (c) 2005 Andrew Bartlett <abartlet@samba.org> 6178825Sdfr * 7233294Sstas * All rights reserved. 8178825Sdfr * 9233294Sstas * Redistribution and use in source and binary forms, with or without 10233294Sstas * modification, are permitted provided that the following conditions 11233294Sstas * are met: 12178825Sdfr * 13233294Sstas * 1. Redistributions of source code must retain the above copyright 14233294Sstas * notice, this list of conditions and the following disclaimer. 15178825Sdfr * 16233294Sstas * 2. Redistributions in binary form must reproduce the above copyright 17233294Sstas * notice, this list of conditions and the following disclaimer in the 18233294Sstas * documentation and/or other materials provided with the distribution. 19178825Sdfr * 20233294Sstas * 3. Neither the name of the Institute nor the names of its contributors 21233294Sstas * may be used to endorse or promote products derived from this software 22233294Sstas * without specific prior written permission. 23233294Sstas * 24233294Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 25233294Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26233294Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27233294Sstas * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 28233294Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29233294Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30233294Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31233294Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32233294Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33233294Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34233294Sstas * SUCH DAMAGE. 35178825Sdfr */ 36178825Sdfr 37233294Sstas/* 38233294Sstas * $Id$ 39178825Sdfr */ 40178825Sdfr 41178825Sdfr#ifndef __KDC_H__ 42178825Sdfr#define __KDC_H__ 43178825Sdfr 44233294Sstas#include <hdb.h> 45178825Sdfr#include <krb5.h> 46178825Sdfr 47178825Sdfrenum krb5_kdc_trpolicy { 48178825Sdfr TRPOLICY_ALWAYS_CHECK, 49233294Sstas TRPOLICY_ALLOW_PER_PRINCIPAL, 50178825Sdfr TRPOLICY_ALWAYS_HONOUR_REQUEST 51178825Sdfr}; 52178825Sdfr 53178825Sdfrtypedef struct krb5_kdc_configuration { 54178825Sdfr krb5_boolean require_preauth; /* require preauth for all principals */ 55178825Sdfr time_t kdc_warn_pwexpire; /* time before expiration to print a warning */ 56178825Sdfr 57178825Sdfr struct HDB **db; 58178825Sdfr int num_db; 59178825Sdfr 60178825Sdfr krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */ 61233294Sstas 62234027Sstas krb5_boolean tgt_use_strongest_session_key; 63233294Sstas krb5_boolean preauth_use_strongest_session_key; 64234027Sstas krb5_boolean svc_use_strongest_session_key; 65233294Sstas krb5_boolean use_strongest_server_key; 66233294Sstas 67178825Sdfr krb5_boolean check_ticket_addresses; 68178825Sdfr krb5_boolean allow_null_ticket_addresses; 69178825Sdfr krb5_boolean allow_anonymous; 70178825Sdfr enum krb5_kdc_trpolicy trpolicy; 71178825Sdfr 72178825Sdfr krb5_boolean enable_pkinit; 73178825Sdfr krb5_boolean pkinit_princ_in_cert; 74233294Sstas const char *pkinit_kdc_identity; 75233294Sstas const char *pkinit_kdc_anchors; 76233294Sstas const char *pkinit_kdc_friendly_name; 77233294Sstas const char *pkinit_kdc_ocsp_file; 78233294Sstas char **pkinit_kdc_cert_pool; 79233294Sstas char **pkinit_kdc_revoke; 80178825Sdfr int pkinit_dh_min_bits; 81178825Sdfr int pkinit_require_binding; 82233294Sstas int pkinit_allow_proxy_certs; 83178825Sdfr 84178825Sdfr krb5_log_facility *logf; 85178825Sdfr 86178825Sdfr int enable_digest; 87178825Sdfr int digests_allowed; 88178825Sdfr 89178825Sdfr size_t max_datagram_reply_length; 90178825Sdfr 91178825Sdfr int enable_kx509; 92178825Sdfr const char *kx509_template; 93178825Sdfr const char *kx509_ca; 94178825Sdfr 95178825Sdfr} krb5_kdc_configuration; 96178825Sdfr 97233294Sstasstruct krb5_kdc_service { 98233294Sstas unsigned int flags; 99233294Sstas#define KS_KRB5 1 100233294Sstas#define KS_NO_LENGTH 2 101233294Sstas krb5_error_code (*process)(krb5_context context, 102233294Sstas krb5_kdc_configuration *config, 103233294Sstas krb5_data *req_buffer, 104233294Sstas krb5_data *reply, 105233294Sstas const char *from, 106233294Sstas struct sockaddr *addr, 107233294Sstas int datagram_reply, 108233294Sstas int *claim); 109233294Sstas}; 110233294Sstas 111178825Sdfr#include <kdc-protos.h> 112178825Sdfr 113178825Sdfr#endif 114