diff options
| author | Nicolas Williams <nico@cryptonector.com> | 2012-07-18 16:27:35 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-07-30 19:11:28 -0400 |
| commit | 5829ca2b348974e52a67b553afc7f7491007c33a (patch) | |
| tree | 3fdbcdfc56a26445c2f2fce9fb72b6deddb28d0f /src/include | |
| parent | 796366a03ea170efb937913acae36a2083a5329e (diff) | |
| download | krb5-5829ca2b348974e52a67b553afc7f7491007c33a.tar.gz krb5-5829ca2b348974e52a67b553afc7f7491007c33a.tar.xz krb5-5829ca2b348974e52a67b553afc7f7491007c33a.zip | |
Policy extensions + new policy: allowed ks types
This simply adds KADM5_API_VERSION_4 and various fields to the
policy structures:
- attributes (policy-ish principal attributes)
- max_life (max ticket life)
- max_renewable_life (max ticket renewable life)
- allowed_keysalts (allowed key/salt types)
- TL data (future policy extensions)
Of these only allowed_keysalts is currently implemented.
Some refactoring of TL data handling is also done.
ticket: 7223 (new)
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/kdb.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/include/kdb.h b/src/include/kdb.h index 291a05bb6..2a5d2d5fc 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -220,6 +220,13 @@ typedef struct _osa_policy_ent_t { krb5_ui_4 pw_max_fail; /* pwdMaxFailure */ krb5_ui_4 pw_failcnt_interval; /* pwdFailureCountInterval */ krb5_ui_4 pw_lockout_duration; /* pwdLockoutDuration */ + /* Only valid if version > 2 */ + krb5_ui_4 attributes; + krb5_ui_4 max_life; + krb5_ui_4 max_renewable_life; + char * allowed_keysalts; + krb5_int16 n_tl_data; + krb5_tl_data * tl_data; } osa_policy_ent_rec, *osa_policy_ent_t; typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t); @@ -232,6 +239,8 @@ typedef struct __krb5_key_salt_tuple { #define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb #define KRB5_KDB_V1_BASE_LENGTH 38 +#define KRB5_KDB_MAX_ALLOWED_KS_LEN 512 + #define KRB5_TL_LAST_PWD_CHANGE 0x0001 #define KRB5_TL_MOD_PRINC 0x0002 #define KRB5_TL_KADM_DATA 0x0003 @@ -566,6 +575,12 @@ krb5_dbe_delete_tl_data( krb5_context context, krb5_int16 tl_data_type); krb5_error_code +krb5_db_update_tl_data(krb5_context context, + krb5_int16 * n_tl_datap, + krb5_tl_data **tl_datap, + krb5_tl_data * new_tl_data); + +krb5_error_code krb5_dbe_update_tl_data( krb5_context context, krb5_db_entry * entry, krb5_tl_data * new_tl_data); |