2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * @brief types and function signatures for rlm_krb5.
22 * @copyright 2013 The FreeRADIUS server project
23 * @copyright 2013 Arran Cudbard-Bell <a.cudbardb@freeradius.org>
25 RCSIDH(krb5_h, "$Id$")
27 #if defined(KRB5_IS_THREAD_SAFE) && !defined(HAVE_PTHREAD_H)
28 # undef KRB5_IS_THREAD_SAFE
32 USES_APPLE_DEPRECATED_API
35 typedef struct rlm_krb5_handle {
41 krb5_verify_opt options;
45 /** Instance configuration for rlm_krb5
47 * Holds the configuration and preparsed data for a instance of rlm_krb5.
49 typedef struct rlm_krb5_t {
50 #ifdef KRB5_IS_THREAD_SAFE
51 fr_connection_pool_t *pool; //!< Connection pool instance.
53 rlm_krb5_handle_t *conn;
56 char const *xlat_name; //!< This module's instance name.
57 char const *keytabname; //!< The keytab to resolve the service in.
58 char const *service_princ; //!< The service name provided by the
61 char *hostname; //!< The hostname component of
62 //!< service_princ, or NULL.
63 char *service; //!< The service component of service_princ, or NULL.
65 krb5_context context; //!< The kerberos context (cloned once per request).
68 krb5_get_init_creds_opt *gic_options; //!< Options to pass to the get_initial_credentials
70 krb5_verify_init_creds_opt *vic_options; //!< Options to pass to the validate_initial_creds
73 krb5_principal server; //!< A structure representing the parsed
79 * MIT Kerberos uses comm_err, so the macro just expands to a call
82 #ifndef HAVE_KRB5_GET_ERROR_MESSAGE
84 # include <et/com_err.h>
88 # define rlm_krb5_error(_x, _y) error_message(_y)
90 char const *rlm_krb5_error(krb5_context context, krb5_error_code code);
93 void *mod_conn_create(TALLOC_CTX *ctx, void *instance);