1 /* $NetBSD: kdc.h,v 1.3 2023/06/19 21:41:41 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1997-2003 Kungliga Tekniska Hgskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * 7 * Copyright (c) 2005 Andrew Bartlett <abartlet (at) samba.org> 8 * 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 22 * 3. Neither the name of the Institute nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 /* 40 * Id 41 */ 42 43 #ifndef __KDC_H__ 44 #define __KDC_H__ 45 46 #include <krb5/hdb.h> 47 #include <krb5/krb5.h> 48 49 enum krb5_kdc_trpolicy { 50 TRPOLICY_ALWAYS_CHECK, 51 TRPOLICY_ALLOW_PER_PRINCIPAL, 52 TRPOLICY_ALWAYS_HONOUR_REQUEST 53 }; 54 55 typedef struct krb5_kdc_configuration { 56 krb5_boolean require_preauth; /* require preauth for all principals */ 57 time_t kdc_warn_pwexpire; /* time before expiration to print a warning */ 58 59 struct HDB **db; 60 int num_db; 61 62 int num_kdc_processes; 63 64 krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */ 65 66 krb5_boolean tgt_use_strongest_session_key; 67 krb5_boolean preauth_use_strongest_session_key; 68 krb5_boolean svc_use_strongest_session_key; 69 krb5_boolean use_strongest_server_key; 70 71 krb5_boolean check_ticket_addresses; 72 krb5_boolean allow_null_ticket_addresses; 73 krb5_boolean allow_anonymous; 74 krb5_boolean historical_anon_realm; 75 krb5_boolean strict_nametypes; 76 enum krb5_kdc_trpolicy trpolicy; 77 78 krb5_boolean enable_pkinit; 79 krb5_boolean pkinit_princ_in_cert; 80 const char *pkinit_kdc_identity; 81 const char *pkinit_kdc_anchors; 82 const char *pkinit_kdc_friendly_name; 83 const char *pkinit_kdc_ocsp_file; 84 char **pkinit_kdc_cert_pool; 85 char **pkinit_kdc_revoke; 86 int pkinit_dh_min_bits; 87 int pkinit_require_binding; 88 int pkinit_allow_proxy_certs; 89 90 krb5_log_facility *logf; 91 92 int enable_digest; 93 int digests_allowed; 94 95 size_t max_datagram_reply_length; 96 97 int enable_kx509; 98 const char *kx509_template; 99 const char *kx509_ca; 100 101 } krb5_kdc_configuration; 102 103 struct krb5_kdc_service { 104 unsigned int flags; 105 #define KS_KRB5 1 106 #define KS_NO_LENGTH 2 107 krb5_error_code (*process)(krb5_context context, 108 krb5_kdc_configuration *config, 109 krb5_data *req_buffer, 110 krb5_data *reply, 111 const char *from, 112 struct sockaddr *addr, 113 int datagram_reply, 114 int *claim); 115 }; 116 117 #include <krb5/kdc-protos.h> 118 119 #endif 120
Indexes created Mon Jun 29 00:24:49 UTC 2026