summaryrefslogtreecommitdiffstats
path: root/src/include
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2010-01-27 03:52:52 +0000
committerGreg Hudson <ghudson@mit.edu>2010-01-27 03:52:52 +0000
commitefb93f1098a314a060d850656ae77ffff176730b (patch)
treed9b0e71928d16dc998995fc66073ed814b82e4e3 /src/include
parentb3963547981b74413a6bafe1ae6c9c1c9e28416c (diff)
downloadkrb5-efb93f1098a314a060d850656ae77ffff176730b.tar.gz
krb5-efb93f1098a314a060d850656ae77ffff176730b.tar.xz
krb5-efb93f1098a314a060d850656ae77ffff176730b.zip
Get rid of kdb_ext.h and allow out-of-tree KDB plugins
Move the contents of kdb_ext.h into kdb.h, since there is no meaningful "extensions" category of DB interfaces now that this stuff is in our tree. Allows out-of-tree KDB plugins to be built since we install kdb.h. ticket: 6649 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23674 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
-rw-r--r--src/include/kdb.h133
-rw-r--r--src/include/kdb_ext.h169
2 files changed, 133 insertions, 169 deletions
diff --git a/src/include/kdb.h b/src/include/kdb.h
index 4c94d0adc..1a33235ec 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -104,6 +104,32 @@
#define KRB5_KDB_CREATE_BTREE 0x00000001
#define KRB5_KDB_CREATE_HASH 0x00000002
+/* Private flag used to indicate principal is local TGS */
+#define KRB5_KDB_TICKET_GRANTING_SERVICE 0x01000000
+/* Private flag used to indicate xrealm relationship is non-transitive */
+#define KRB5_KDB_XREALM_NON_TRANSITIVE 0x02000000
+
+/* Entry get flags */
+/* Name canonicalization requested */
+#define KRB5_KDB_FLAG_CANONICALIZE 0x00000010
+/* Include authorization data generated by backend */
+#define KRB5_KDB_FLAG_INCLUDE_PAC 0x00000020
+/* Is AS-REQ (client referrals only) */
+#define KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY 0x00000040
+/* Map cross-realm principals */
+#define KRB5_KDB_FLAG_MAP_PRINCIPALS 0x00000080
+/* Protocol transition */
+#define KRB5_KDB_FLAG_PROTOCOL_TRANSITION 0x00000100
+/* Constrained delegation */
+#define KRB5_KDB_FLAG_CONSTRAINED_DELEGATION 0x00000200
+/* User-to-user */
+#define KRB5_KDB_FLAG_USER_TO_USER 0x00000800
+/* Cross-realm */
+#define KRB5_KDB_FLAG_CROSS_REALM 0x00001000
+
+#define KRB5_KDB_FLAGS_S4U ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION | \
+ KRB5_KDB_FLAG_CONSTRAINED_DELEGATION )
+
#if !defined(_WIN32)
/*
@@ -200,6 +226,13 @@ typedef struct __krb5_key_salt_tuple {
#define KRB5_TL_ACTKVNO 0x0009
#define KRB5_TL_MKEY_AUX 0x000a
+#define KRB5_TL_PAC_LOGON_INFO 0x0100 /* NDR encoded validation info */
+#define KRB5_TL_SERVER_REFERRAL 0x0200 /* ASN.1 encoded ServerReferralInfo */
+#define KRB5_TL_SVR_REFERRAL_DATA 0x0300 /* ASN.1 encoded PA-SVR-REFERRAL-DATA */
+#define KRB5_TL_CONSTRAINED_DELEGATION_ACL 0x0400 /* Each entry is a permitted SPN */
+#define KRB5_TL_LM_KEY 0x0500 /* LM OWF */
+#define KRB5_TL_X509_SUBJECT_ISSUER_NAME 0x0600 /* <I>IssuerDN<S>SubjectDN */
+
/* version number for KRB5_TL_ACTKVNO data */
#define KRB5_TL_ACTKVNO_VER 1
@@ -283,6 +316,95 @@ extern char *krb5_mkey_pwd_prompt2;
#define KRB5_DB_LOCKMODE_DONTBLOCK 0x0004
#define KRB5_DB_LOCKMODE_PERMANENT 0x0008
+/* db_invoke methods */
+#define KRB5_KDB_METHOD_SIGN_AUTH_DATA 0x00000010
+#define KRB5_KDB_METHOD_CHECK_TRANSITED_REALMS 0x00000020
+#define KRB5_KDB_METHOD_CHECK_POLICY_AS 0x00000030
+#define KRB5_KDB_METHOD_CHECK_POLICY_TGS 0x00000040
+#define KRB5_KDB_METHOD_AUDIT_AS 0x00000050
+#define KRB5_KDB_METHOD_AUDIT_TGS 0x00000060
+#define KRB5_KDB_METHOD_REFRESH_POLICY 0x00000070
+#define KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE 0x00000080
+
+typedef struct _kdb_sign_auth_data_req {
+ krb5_magic magic;
+ unsigned int flags; /* KRB5_KDB flags */
+ krb5_const_principal client_princ; /* Client name used in ticket */
+ krb5_db_entry *client; /* DB entry for client principal */
+ krb5_db_entry *server; /* DB entry for server principal */
+ krb5_db_entry *krbtgt; /* DB entry for ticket granting service principal */
+ krb5_keyblock *client_key; /* Reply key, valid for AS-REQ only */
+ krb5_keyblock *server_key; /* Key used to generate server signature */
+ krb5_timestamp authtime; /* Authtime of TGT */
+ krb5_authdata **auth_data; /* Authorization data from TGT */
+ krb5_keyblock *session_key; /* Reply session key */
+ krb5_keyblock *krbtgt_key; /* Key used to decrypt TGT, valid for TGS-REQ only */
+} kdb_sign_auth_data_req;
+
+typedef struct _kdb_sign_auth_data_rep {
+ krb5_magic magic;
+ krb5_authdata **auth_data; /* Signed authorization data */
+} kdb_sign_auth_data_rep;
+
+typedef struct _kdb_check_transited_realms_req {
+ krb5_magic magic;
+ const krb5_data *tr_contents;
+ const krb5_data *client_realm;
+ const krb5_data *server_realm;
+} kdb_check_transited_realms_req;
+
+typedef struct _kdb_check_policy_as_req {
+ krb5_magic magic;
+ krb5_kdc_req *request;
+ krb5_db_entry *client;
+ krb5_db_entry *server;
+ krb5_timestamp kdc_time;
+} kdb_check_policy_as_req;
+
+typedef struct _kdb_check_policy_as_rep {
+ krb5_magic magic;
+ const char *status;
+ krb5_data e_data;
+} kdb_check_policy_as_rep;
+
+typedef struct _kdb_check_policy_tgs_req {
+ krb5_magic magic;
+ krb5_kdc_req *request;
+ krb5_db_entry *server;
+ krb5_ticket *ticket;
+} kdb_check_policy_tgs_req;
+
+typedef struct _kdb_check_policy_tgs_rep {
+ krb5_magic magic;
+ const char *status;
+ krb5_data e_data;
+} kdb_check_policy_tgs_rep;
+
+typedef struct _kdb_audit_as_req {
+ krb5_magic magic;
+ krb5_kdc_req *request;
+ krb5_db_entry *client;
+ krb5_db_entry *server;
+ krb5_timestamp authtime;
+ krb5_error_code error_code;
+} kdb_audit_as_req;
+
+typedef struct _kdb_audit_tgs_req {
+ krb5_magic magic;
+ krb5_kdc_req *request;
+ krb5_const_principal client;
+ krb5_db_entry *server;
+ krb5_timestamp authtime;
+ krb5_error_code error_code;
+} kdb_audit_tgs_req;
+
+typedef struct _kdb_check_allowed_to_delegate_req {
+ krb5_magic magic;
+ const krb5_db_entry *server;
+ krb5_const_principal proxy;
+ krb5_const_principal client;
+} kdb_check_allowed_to_delegate_req;
+
/* libkdb.spec */
krb5_error_code krb5_db_setup_lib_handle(krb5_context kcontext);
krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode );
@@ -303,6 +425,12 @@ krb5_error_code krb5_db_get_principal ( krb5_context kcontext,
krb5_db_entry *entries,
int *nentries,
krb5_boolean *more );
+krb5_error_code krb5_db_get_principal_ext ( krb5_context kcontext,
+ krb5_const_principal search_for,
+ unsigned int flags,
+ krb5_db_entry *entries,
+ int *nentries,
+ krb5_boolean *more );
krb5_error_code krb5_db_free_principal ( krb5_context kcontext,
krb5_db_entry *entry,
int count );
@@ -546,6 +674,11 @@ krb5_db_get_key_data_kvno( krb5_context context,
int count,
krb5_key_data * data);
+krb5_error_code krb5_db_invoke ( krb5_context kcontext,
+ unsigned int method,
+ const krb5_data *req,
+ krb5_data *rep );
+
/* default functions. Should not be directly called */
/*
diff --git a/src/include/kdb_ext.h b/src/include/kdb_ext.h
deleted file mode 100644
index f2ae6519e..000000000
--- a/src/include/kdb_ext.h
+++ /dev/null
@@ -1,169 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * include/krb5/kdb_ext.h
- *
- * Copyright (c) 2006-2008, Novell, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * The copyright holder's name is not used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef KRB5_KDB5_EXT__
-#define KRB5_KDB5_EXT__
-
-/* Private flag used to indicate principal is local TGS */
-#define KRB5_KDB_TICKET_GRANTING_SERVICE 0x01000000
-/* Private flag used to indicate xrealm relationship is non-transitive */
-#define KRB5_KDB_XREALM_NON_TRANSITIVE 0x02000000
-
-/* Entry get flags */
-/* Name canonicalization requested */
-#define KRB5_KDB_FLAG_CANONICALIZE 0x00000010
-/* Include authorization data generated by backend */
-#define KRB5_KDB_FLAG_INCLUDE_PAC 0x00000020
-/* Is AS-REQ (client referrals only) */
-#define KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY 0x00000040
-/* Map cross-realm principals */
-#define KRB5_KDB_FLAG_MAP_PRINCIPALS 0x00000080
-/* Protocol transition */
-#define KRB5_KDB_FLAG_PROTOCOL_TRANSITION 0x00000100
-/* Constrained delegation */
-#define KRB5_KDB_FLAG_CONSTRAINED_DELEGATION 0x00000200
-/* User-to-user */
-#define KRB5_KDB_FLAG_USER_TO_USER 0x00000800
-/* Cross-realm */
-#define KRB5_KDB_FLAG_CROSS_REALM 0x00001000
-
-#define KRB5_KDB_FLAGS_S4U ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION | \
- KRB5_KDB_FLAG_CONSTRAINED_DELEGATION )
-
-#define KRB5_TL_PAC_LOGON_INFO 0x0100 /* NDR encoded validation info */
-#define KRB5_TL_SERVER_REFERRAL 0x0200 /* ASN.1 encoded ServerReferralInfo */
-#define KRB5_TL_SVR_REFERRAL_DATA 0x0300 /* ASN.1 encoded PA-SVR-REFERRAL-DATA */
-#define KRB5_TL_CONSTRAINED_DELEGATION_ACL 0x0400 /* Each entry is a permitted SPN */
-#define KRB5_TL_LM_KEY 0x0500 /* LM OWF */
-#define KRB5_TL_X509_SUBJECT_ISSUER_NAME 0x0600 /* <I>IssuerDN<S>SubjectDN */
-
-krb5_error_code krb5_db_get_principal_ext ( krb5_context kcontext,
- krb5_const_principal search_for,
- unsigned int flags,
- krb5_db_entry *entries,
- int *nentries,
- krb5_boolean *more );
-
-krb5_error_code krb5_db_invoke ( krb5_context kcontext,
- unsigned int method,
- const krb5_data *req,
- krb5_data *rep );
-
-/* db_invoke methods */
-#define KRB5_KDB_METHOD_SIGN_AUTH_DATA 0x00000010
-#define KRB5_KDB_METHOD_CHECK_TRANSITED_REALMS 0x00000020
-#define KRB5_KDB_METHOD_CHECK_POLICY_AS 0x00000030
-#define KRB5_KDB_METHOD_CHECK_POLICY_TGS 0x00000040
-#define KRB5_KDB_METHOD_AUDIT_AS 0x00000050
-#define KRB5_KDB_METHOD_AUDIT_TGS 0x00000060
-#define KRB5_KDB_METHOD_REFRESH_POLICY 0x00000070
-#define KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE 0x00000080
-
-typedef struct _kdb_sign_auth_data_req {
- krb5_magic magic;
- unsigned int flags; /* KRB5_KDB flags */
- krb5_const_principal client_princ; /* Client name used in ticket */
- krb5_db_entry *client; /* DB entry for client principal */
- krb5_db_entry *server; /* DB entry for server principal */
- krb5_db_entry *krbtgt; /* DB entry for ticket granting service principal */
- krb5_keyblock *client_key; /* Reply key, valid for AS-REQ only */
- krb5_keyblock *server_key; /* Key used to generate server signature */
- krb5_timestamp authtime; /* Authtime of TGT */
- krb5_authdata **auth_data; /* Authorization data from TGT */
- krb5_keyblock *session_key; /* Reply session key */
- krb5_keyblock *krbtgt_key; /* Key used to decrypt TGT, valid for TGS-REQ only */
-} kdb_sign_auth_data_req;
-
-typedef struct _kdb_sign_auth_data_rep {
- krb5_magic magic;
- krb5_authdata **auth_data; /* Signed authorization data */
-} kdb_sign_auth_data_rep;
-
-typedef struct _kdb_check_transited_realms_req {
- krb5_magic magic;
- const krb5_data *tr_contents;
- const krb5_data *client_realm;
- const krb5_data *server_realm;
-} kdb_check_transited_realms_req;
-
-typedef struct _kdb_check_policy_as_req {
- krb5_magic magic;
- krb5_kdc_req *request;
- krb5_db_entry *client;
- krb5_db_entry *server;
- krb5_timestamp kdc_time;
-} kdb_check_policy_as_req;
-
-typedef struct _kdb_check_policy_as_rep {
- krb5_magic magic;
- const char *status;
- krb5_data e_data;
-} kdb_check_policy_as_rep;
-
-typedef struct _kdb_check_policy_tgs_req {
- krb5_magic magic;
- krb5_kdc_req *request;
- krb5_db_entry *server;
- krb5_ticket *ticket;
-} kdb_check_policy_tgs_req;
-
-typedef struct _kdb_check_policy_tgs_rep {
- krb5_magic magic;
- const char *status;
- krb5_data e_data;
-} kdb_check_policy_tgs_rep;
-
-typedef struct _kdb_audit_as_req {
- krb5_magic magic;
- krb5_kdc_req *request;
- krb5_db_entry *client;
- krb5_db_entry *server;
- krb5_timestamp authtime;
- krb5_error_code error_code;
-} kdb_audit_as_req;
-
-typedef struct _kdb_audit_tgs_req {
- krb5_magic magic;
- krb5_kdc_req *request;
- krb5_const_principal client;
- krb5_db_entry *server;
- krb5_timestamp authtime;
- krb5_error_code error_code;
-} kdb_audit_tgs_req;
-
-typedef struct _kdb_check_allowed_to_delegate_req {
- krb5_magic magic;
- const krb5_db_entry *server;
- krb5_const_principal proxy;
- krb5_const_principal client;
-} kdb_check_allowed_to_delegate_req;
-
-#endif /* KRB5_KDB5_EXT__ */
generated by cgit (git 2.34.1) at 2026-01-07 11:06:09 +0000