1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*/
/**
* $Id$
* @file krb5.h
* @brief types and function signatures for rlm_krb5.
*
* @copyright 2013 The FreeRADIUS server project
* @copyright 2013 Arran Cudbard-Bell <a.cudbardb@freeradius.org>
*/
RCSIDH(krb5_h, "$Id$")
#if defined(KRB5_IS_THREAD_SAFE) && !defined(HAVE_PTHREAD_H)
# undef KRB5_IS_THREAD_SAFE
#endif
/* krb5 includes */
USES_APPLE_DEPRECATED_API
#include <krb5.h>
typedef struct rlm_krb5_handle {
krb5_context context;
krb5_keytab keytab;
#ifdef HEIMDAL_KRB5
krb5_ccache ccache;
krb5_verify_opt options;
#endif
} rlm_krb5_handle_t;
/** Instance configuration for rlm_krb5
*
* Holds the configuration and preparsed data for a instance of rlm_krb5.
*/
typedef struct rlm_krb5_t {
#ifdef KRB5_IS_THREAD_SAFE
fr_connection_pool_t *pool; //!< Connection pool instance.
#else
rlm_krb5_handle_t *conn;
#endif
char const *xlat_name; //!< This module's instance name.
char const *keytabname; //!< The keytab to resolve the service in.
char const *service_princ; //!< The service name provided by the
//!< config parser.
char *hostname; //!< The hostname component of
//!< service_princ, or NULL.
char *service; //!< The service component of service_princ, or NULL.
krb5_context context; //!< The kerberos context (cloned once per request).
#ifndef HEIMDAL_KRB5
krb5_get_init_creds_opt *gic_options; //!< Options to pass to the get_initial_credentials
//!< function.
krb5_verify_init_creds_opt *vic_options; //!< Options to pass to the validate_initial_creds
//!< function.
krb5_principal server; //!< A structure representing the parsed
//!< service_princ.
#endif
} rlm_krb5_t;
/*
* MIT Kerberos uses comm_err, so the macro just expands to a call
* to error_message.
*/
#ifndef HAVE_KRB5_GET_ERROR_MESSAGE
# ifdef ET_COMM_ERR
# include <et/com_err.h>
# else
# include <com_err.h>
# endif
# define rlm_krb5_error(_x, _y) error_message(_y)
#else
char const *rlm_krb5_error(krb5_context context, krb5_error_code code);
#endif
void *mod_conn_create(TALLOC_CTX *ctx, void *instance);
|
