diff options
| author | Nicolas Williams <nico@cryptonector.com> | 2012-07-18 16:27:35 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-07-30 19:11:28 -0400 |
| commit | 5829ca2b348974e52a67b553afc7f7491007c33a (patch) | |
| tree | 3fdbcdfc56a26445c2f2fce9fb72b6deddb28d0f /src/lib/kdb | |
| parent | 796366a03ea170efb937913acae36a2083a5329e (diff) | |
| download | krb5-5829ca2b348974e52a67b553afc7f7491007c33a.tar.gz krb5-5829ca2b348974e52a67b553afc7f7491007c33a.tar.xz krb5-5829ca2b348974e52a67b553afc7f7491007c33a.zip | |
Policy extensions + new policy: allowed ks types
This simply adds KADM5_API_VERSION_4 and various fields to the
policy structures:
- attributes (policy-ish principal attributes)
- max_life (max ticket life)
- max_renewable_life (max ticket renewable life)
- allowed_keysalts (allowed key/salt types)
- TL data (future policy extensions)
Of these only allowed_keysalts is currently implemented.
Some refactoring of TL data handling is also done.
ticket: 7223 (new)
Diffstat (limited to 'src/lib/kdb')
| -rw-r--r-- | src/lib/kdb/kdb5.c | 20 | ||||
| -rw-r--r-- | src/lib/kdb/libkdb5.exports | 1 |
2 files changed, 15 insertions, 6 deletions
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index a3c2a5f9cf..3cf116b76e 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -2185,8 +2185,8 @@ krb5_dbe_delete_tl_data(krb5_context context, krb5_db_entry *entry, } krb5_error_code -krb5_dbe_update_tl_data(krb5_context context, krb5_db_entry *entry, - krb5_tl_data *new_tl_data) +krb5_db_update_tl_data(krb5_context context, krb5_int16 *n_tl_datap, + krb5_tl_data **tl_datap, krb5_tl_data *new_tl_data) { krb5_tl_data *tl_data = NULL; krb5_octet *tmp; @@ -2206,7 +2206,7 @@ krb5_dbe_update_tl_data(krb5_context context, krb5_db_entry *entry, */ if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) { /* db_args can be multiple */ - for (tl_data = entry->tl_data; tl_data; + for (tl_data = *tl_datap; tl_data; tl_data = tl_data->tl_data_next) if (tl_data->tl_data_type == new_tl_data->tl_data_type) break; @@ -2221,9 +2221,9 @@ krb5_dbe_update_tl_data(krb5_context context, krb5_db_entry *entry, return (ENOMEM); } memset(tl_data, 0, sizeof(krb5_tl_data)); - tl_data->tl_data_next = entry->tl_data; - entry->tl_data = tl_data; - entry->n_tl_data++; + tl_data->tl_data_next = *tl_datap; + *tl_datap = tl_data; + (*n_tl_datap)++; } /* fill in the record */ @@ -2240,6 +2240,14 @@ krb5_dbe_update_tl_data(krb5_context context, krb5_db_entry *entry, } krb5_error_code +krb5_dbe_update_tl_data(krb5_context context, krb5_db_entry *entry, + krb5_tl_data *new_tl_data) +{ + return krb5_db_update_tl_data(context, &entry->n_tl_data, &entry->tl_data, + new_tl_data); +} + +krb5_error_code krb5_dbe_compute_salt(krb5_context context, const krb5_key_data *key, krb5_const_principal princ, krb5_int16 *salttype_out, krb5_data **salt_out) diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports index 0e58262b2d..9aa8d1a4ad 100644 --- a/src/lib/kdb/libkdb5.exports +++ b/src/lib/kdb/libkdb5.exports @@ -65,6 +65,7 @@ krb5_dbe_update_mkey_aux krb5_dbe_update_mkvno krb5_dbe_update_mod_princ_data krb5_dbe_update_tl_data +krb5_db_update_tl_data krb5_dbe_def_encrypt_key_data krb5_dbe_def_decrypt_key_data krb5_dbe_decrypt_key_data |