From 5829ca2b348974e52a67b553afc7f7491007c33a Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Wed, 18 Jul 2012 16:27:35 -0500 Subject: Policy extensions + new policy: allowed ks types This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new) --- src/include/kdb.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'src/include') diff --git a/src/include/kdb.h b/src/include/kdb.h index 291a05bb6c..2a5d2d5fcc 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -220,6 +220,13 @@ typedef struct _osa_policy_ent_t { krb5_ui_4 pw_max_fail; /* pwdMaxFailure */ krb5_ui_4 pw_failcnt_interval; /* pwdFailureCountInterval */ krb5_ui_4 pw_lockout_duration; /* pwdLockoutDuration */ + /* Only valid if version > 2 */ + krb5_ui_4 attributes; + krb5_ui_4 max_life; + krb5_ui_4 max_renewable_life; + char * allowed_keysalts; + krb5_int16 n_tl_data; + krb5_tl_data * tl_data; } osa_policy_ent_rec, *osa_policy_ent_t; typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t); @@ -232,6 +239,8 @@ typedef struct __krb5_key_salt_tuple { #define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb #define KRB5_KDB_V1_BASE_LENGTH 38 +#define KRB5_KDB_MAX_ALLOWED_KS_LEN 512 + #define KRB5_TL_LAST_PWD_CHANGE 0x0001 #define KRB5_TL_MOD_PRINC 0x0002 #define KRB5_TL_KADM_DATA 0x0003 @@ -565,6 +574,12 @@ krb5_dbe_delete_tl_data( krb5_context context, krb5_db_entry * entry, krb5_int16 tl_data_type); +krb5_error_code +krb5_db_update_tl_data(krb5_context context, + krb5_int16 * n_tl_datap, + krb5_tl_data **tl_datap, + krb5_tl_data * new_tl_data); + krb5_error_code krb5_dbe_update_tl_data( krb5_context context, krb5_db_entry * entry, -- cgit