diff options
| author | Simo Sorce <ssorce@redhat.com> | 2011-06-10 14:25:03 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2011-08-26 08:24:49 -0400 |
| commit | 0a4f7960b9cb2cc43c014a9ba5f96ddfbf5713fe (patch) | |
| tree | 1b66f96cfc6ae1d6c0f0cb1cd85994cedef8a380 /daemons/ipa-kdb/ipa_kdb.h | |
| parent | e9e426354f28ca01586b1b5ef7130b19b392232b (diff) | |
| download | freeipa-0a4f7960b9cb2cc43c014a9ba5f96ddfbf5713fe.tar.gz freeipa-0a4f7960b9cb2cc43c014a9ba5f96ddfbf5713fe.tar.xz freeipa-0a4f7960b9cb2cc43c014a9ba5f96ddfbf5713fe.zip | |
ipa-kdb: Get/Store Master Key directly from LDAP
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb.h')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index 26c6a3df6..b76cfdc9d 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -70,6 +70,8 @@ * In krb5 1.10 this should be superceeded by a better mechanism */ #define KDB_TL_USER_INFO 0x7ffe +#define IPA_SETUP "ipa-setup-override-restrictions" + struct ipadb_context { char *uri; char *base; @@ -77,6 +79,7 @@ struct ipadb_context { char *realm_base; LDAP *lcontext; krb5_context kcontext; + bool override_restrictions; krb5_key_salt_tuple *supp_encs; int n_supp_encs; }; @@ -129,3 +132,17 @@ krb5_error_code ipadb_iterate(krb5_context kcontext, char *match_entry, int (*func)(krb5_pointer, krb5_db_entry *), krb5_pointer func_arg); + +/* MASTER KEY FUNCTIONS */ +krb5_error_code ipadb_fetch_master_key(krb5_context kcontext, + krb5_principal mname, + krb5_keyblock *key, + krb5_kvno *kvno, + char *db_args); +krb5_error_code ipadb_store_master_key_list(krb5_context kcontext, + char *db_arg, + krb5_principal mname, + krb5_keylist_node *keylist, + char *master_pwd); + +krb5_error_code ipadb_create_master_key(krb5_context kcontext); |