2 * Copyright (c) 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #ifndef HEIMDAL_KDC_WINDC_PLUGIN_H
37 #define HEIMDAL_KDC_WINDC_PLUGIN_H 1
43 * The PAC generate function should allocate a krb5_pac using
44 * krb5_pac_init and fill in the PAC structure for the principal using
45 * krb5_pac_add_buffer.
47 * The PAC verify function should verify the PAC KDC signatures by fetching
48 * the right KDC key and calling krb5_pac_verify() with that KDC key.
49 * Optionally, update the PAC buffers upon success.
51 * Check client access function check if the client is authorized.
56 typedef krb5_error_code
57 (KRB5_CALLCONV
*krb5plugin_windc_pac_generate
)(void *, krb5_context
,
58 struct hdb_entry_ex
*, /* client */
59 struct hdb_entry_ex
*, /* server */
60 const krb5_keyblock
*, /* pk_replykey */
61 uint64_t, /* pac_attributes */
64 typedef krb5_error_code
65 (KRB5_CALLCONV
*krb5plugin_windc_pac_verify
)(void *, krb5_context
,
66 const krb5_principal
, /* new ticket client */
67 const krb5_principal
, /* delegation proxy */
68 struct hdb_entry_ex
*,/* client */
69 struct hdb_entry_ex
*,/* server */
70 struct hdb_entry_ex
*,/* krbtgt */
73 typedef krb5_error_code
74 (KRB5_CALLCONV
*krb5plugin_windc_client_access
)(void *, astgs_request_t
);
76 typedef krb5_error_code
77 (KRB5_CALLCONV
*krb5plugin_windc_finalize_reply
)(void *, astgs_request_t r
);
79 #define KRB5_WINDC_PLUGIN_MINOR 8
80 #define KRB5_WINDC_PLUGING_MINOR KRB5_WINDC_PLUGIN_MINOR
82 typedef struct krb5plugin_windc_ftable
{
84 krb5_error_code (KRB5_CALLCONV
*init
)(krb5_context
, void **);
85 void (KRB5_CALLCONV
*fini
)(void *);
86 krb5plugin_windc_pac_generate pac_generate
;
87 krb5plugin_windc_pac_verify pac_verify
;
88 krb5plugin_windc_client_access client_access
;
89 krb5plugin_windc_finalize_reply finalize_reply
;
90 } krb5plugin_windc_ftable
;
92 #endif /* HEIMDAL_KDC_WINDC_PLUGIN_H */