diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-10-25 16:55:12 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-10-25 16:55:12 +0000 |
commit | 8d31a9d396f5bea88def4db395ad12dca2ac2e9f (patch) | |
tree | 244f8f5b525432a2a2a280403f38d7b2fbdc0dfd /src/include | |
parent | b82e46df9b6cbf663512985a99c6d79f2b0cb796 (diff) | |
download | krb5-8d31a9d396f5bea88def4db395ad12dca2ac2e9f.tar.gz krb5-8d31a9d396f5bea88def4db395ad12dca2ac2e9f.tar.xz krb5-8d31a9d396f5bea88def4db395ad12dca2ac2e9f.zip |
Account lockout
Merge Luke's users/lhoward/lockout2 branch to trunk. Implements
account lockout policies for preauth-using principals using existing
principal metadata fields and new policy fields. The kadmin API
version is bumped from 2 to 3 to compatibly extend the policy_ent_rec
structure.
ticket: 6577
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/iprop.h | 6 | ||||
-rw-r--r-- | src/include/iprop_hdr.h | 7 | ||||
-rw-r--r-- | src/include/kdb.h | 12 |
3 files changed, 19 insertions, 6 deletions
diff --git a/src/include/iprop.h b/src/include/iprop.h index 208f4dce0a..9cfbb30936 100644 --- a/src/include/iprop.h +++ b/src/include/iprop.h @@ -205,6 +205,9 @@ extern kdb_incr_result_t * iprop_get_updates_1_svc(kdb_last_t *, struct svc_req #define IPROP_FULL_RESYNC 2 extern kdb_fullresync_result_t * iprop_full_resync_1(void *, CLIENT *); extern kdb_fullresync_result_t * iprop_full_resync_1_svc(void *, struct svc_req *); +#define IPROP_FULL_RESYNC_EXT 3 +extern kdb_fullresync_result_t * iprop_full_resync_ext_1(uint32_t *, CLIENT *); +extern kdb_fullresync_result_t * iprop_full_resync_ext_1_svc(uint32_t *, struct svc_req *); extern int krb5_iprop_prog_1_freeresult (SVCXPRT *, xdrproc_t, caddr_t); #else /* K&R C */ @@ -217,6 +220,9 @@ extern kdb_incr_result_t * iprop_get_updates_1_svc(); #define IPROP_FULL_RESYNC 2 extern kdb_fullresync_result_t * iprop_full_resync_1(); extern kdb_fullresync_result_t * iprop_full_resync_1_svc(); +#define IPROP_FULL_RESYNC_EXT 3 +extern kdb_fullresync_result_t * iprop_full_resync_ext_1(uint32_t *, CLIENT *); +extern kdb_fullresync_result_t * iprop_full_resync_ext_1_svc(uint32_t *, struct svc_req *); extern int krb5_iprop_prog_1_freeresult (); #endif /* K&R C */ diff --git a/src/include/iprop_hdr.h b/src/include/iprop_hdr.h index d629542bbb..cd6d3b440b 100644 --- a/src/include/iprop_hdr.h +++ b/src/include/iprop_hdr.h @@ -35,6 +35,13 @@ enum iprop_role { }; typedef enum iprop_role iprop_role; +/* + * Full resync dump versioning + */ +#define IPROPX_VERSION_0 0 +#define IPROPX_VERSION_1 1 +#define IPROPX_VERSION IPROPX_VERSION_1 + #ifdef __cplusplus } #endif diff --git a/src/include/kdb.h b/src/include/kdb.h index 8c0cd247a2..d74e3e3235 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -169,6 +169,10 @@ typedef struct _osa_policy_ent_t { krb5_ui_4 pw_min_classes; krb5_ui_4 pw_history_num; krb5_ui_4 policy_refcnt; + /* Only valid if version > 1 */ + krb5_ui_4 pw_max_fail; /* pwdMaxFailure */ + krb5_ui_4 pw_failcnt_interval; /* pwdFailureCountInterval */ + krb5_ui_4 pw_lockout_duration; /* pwdLockoutDuration */ } osa_policy_ent_rec, *osa_policy_ent_t; typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t); @@ -180,7 +184,7 @@ typedef struct __krb5_key_salt_tuple { #define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb #define KRB5_KDB_V1_BASE_LENGTH 38 - + #define KRB5_TL_LAST_PWD_CHANGE 0x0001 #define KRB5_TL_MOD_PRINC 0x0002 #define KRB5_TL_KADM_DATA 0x0003 @@ -479,11 +483,6 @@ krb5_dbe_update_mod_princ_data( krb5_context context, krb5_timestamp mod_date, krb5_const_principal mod_princ); -krb5_error_code -krb5_dbe_update_last_pwd_change( krb5_context context, - krb5_db_entry * entry, - krb5_timestamp stamp); - void *krb5_db_alloc( krb5_context kcontext, void *ptr, size_t size ); @@ -913,6 +912,7 @@ typedef struct _kdb_vftabl { const krb5_data *req, krb5_data *rep ); } kdb_vftabl; + #endif /* !defined(_WIN32) */ #endif /* KRB5_KDB5__ */ |