1 files changed, 56 insertions, 19 deletions

diff --git a/src/kdc/extern.h b/src/kdc/extern.h
index 6bb9092967..fc9e575219 100644
--- a/src/kdc/extern.h
+++ b/src/kdc/extern.h
@@ -26,28 +26,65 @@
 #ifndef __KRB5_KDC_EXTERN__
 #define __KRB5_KDC_EXTERN__
 
-/* various externs for KDC */
-extern krb5_context 	kdc_context;	/* New context for API changes */
-extern krb5_rcache 	kdc_rcache;     /* KDC's replay cache */
+typedef struct __kdc_realm_data {
+    /*
+     * General Kerberos per-realm data.
+     */
+    char *		realm_name;	/* Realm name			    */
+    krb5_context	realm_context;	/* Context to be used for realm	    */
+    /*
+     * Database per-realm data.
+     */
+    char *		realm_dbname;	/* Database name for realm	    */
+    char *		realm_stash;	/* Stash file name for realm	    */
+    char *		realm_mpname;	/* Master principal name for realm  */
+    krb5_principal	realm_mprinc;	/* Master principal for realm	    */
+    krb5_keyblock	realm_mkey;	/* Master key for this realm	    */
+    krb5_kvno		realm_mkvno;	/* Master key vno for this realm    */
+    /*
+     * TGS per-realm data.
+     */
+    krb5_principal	realm_tgsprinc;	/* TGS principal for this realm	    */
+    krb5_keyblock	realm_tgskey;	/* TGS' key for this realm	    */
+    krb5_kvno		realm_tgskvno;	/* TGS' key vno for this realm	    */
+    /*
+     * Other per-realm data.
+     */
+    krb5_encrypt_block	realm_encblock;	/* Per-realm master encryption block*/
+    krb5_int32		realm_pport;	/* Per-realm primary KDC port.	    */
+    /*
+     * Per-realm parameters.
+     */
+    krb5_deltat		realm_maxlife;	/* Maximum ticket life for realm    */
+    krb5_deltat		realm_maxrlife;	/* Maximum renewable life for realm */
+} kdc_realm_t;
 
-extern krb5_data 	empty_string;	/* an empty string */
-extern krb5_timestamp 	kdc_infinity;	/* greater than all other timestamps */
+extern kdc_realm_t	**kdc_realmlist;
+extern int		kdc_numrealms;
+extern kdc_realm_t	*kdc_active_realm;
 
-extern krb5_deltat max_life_for_realm;	/* XXX should be a parameter? */
-extern krb5_deltat max_renewable_life_for_realm; /* XXX should be a parameter? */
-extern krb5_encrypt_block master_encblock;
+/*
+ * Replace previously used global variables with the active (e.g. request's)
+ * realm data.  This allows us to support multiple realms with minimal logic
+ * changes.
+ */
+#define	kdc_context			kdc_active_realm->realm_context
+#define	max_life_for_realm		kdc_active_realm->realm_maxlife
+#define	max_renewable_life_for_realm	kdc_active_realm->realm_maxrlife
+#define	master_encblock			kdc_active_realm->realm_encblock
+#define	master_keyblock			kdc_active_realm->realm_mkey
+#define	master_princ			kdc_active_realm->realm_mprinc
+#define	tgs_key				kdc_active_realm->realm_tgskey
+#define	tgs_kvno			kdc_active_realm->realm_tgskvno
+#define	tgs_server_struct		*(kdc_active_realm->realm_tgsprinc)
+#define	tgs_server			kdc_active_realm->realm_tgsprinc
+#define	dbm_db_name			kdc_active_realm->realm_dbname
+#define	primary_port			kdc_active_realm->realm_pport
 
-extern krb5_keyblock master_keyblock;
-extern krb5_principal master_princ;
+/* various externs for KDC */
+extern krb5_data 	empty_string;	/* an empty string */
+extern krb5_timestamp 	kdc_infinity;	/* greater than all other timestamps */
+extern krb5_rcache	kdc_rcache;	/* replay cache */
 
 extern volatile int signal_requests_exit;
-extern char *dbm_db_name;
-
-extern krb5_keyblock tgs_key;
-extern krb5_kvno tgs_kvno;
-extern krb5_principal_data tgs_server_struct;
-#define	tgs_server (&tgs_server_struct)
-
-extern short primary_port;
-
 #endif /* __KRB5_KDC_EXTERN__ */