From 96f2a016991c199be477b6abd48824ec1cb6641f Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 5 Oct 2010 14:53:09 +0000
Subject: Propagate modprinc -unlock from master to slave KDCs

Create a new tl-data type to hold the time of the last administrative
unlock, and factor it into decisions about account lockout.  Since
tl-data values are propagated from master to slave, this will cause
modprinc -unlock operations to reach slave KDCs on the next
propagation.

ticket: 6795

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/kdb.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src/include')

diff --git a/src/include/kdb.h b/src/include/kdb.h
index dac44ea55..456227917 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -238,6 +238,7 @@ typedef struct __krb5_key_salt_tuple {
 #define KRB5_TL_CONSTRAINED_DELEGATION_ACL 0x0400 /* Each entry is a permitted SPN */
 #define KRB5_TL_LM_KEY                  0x0500 /* LM OWF */
 #define KRB5_TL_X509_SUBJECT_ISSUER_NAME 0x0600 /* <I>IssuerDN<S>SubjectDN */
+#define KRB5_TL_LAST_ADMIN_UNLOCK       0x0700 /* Timestamp of admin unlock */
 
 /* version number for KRB5_TL_ACTKVNO data */
 #define KRB5_TL_ACTKVNO_VER     1
@@ -493,6 +494,11 @@ krb5_dbe_update_last_pwd_change( krb5_context     context,
                                  krb5_db_entry  * entry,
                                  krb5_timestamp   stamp);
 
+krb5_error_code
+krb5_dbe_update_last_admin_unlock( krb5_context     context,
+                                   krb5_db_entry  * entry,
+                                   krb5_timestamp   stamp);
+
 krb5_error_code
 krb5_dbe_lookup_tl_data( krb5_context          context,
                          krb5_db_entry       * entry,
@@ -522,6 +528,11 @@ krb5_dbe_lookup_last_pwd_change( krb5_context          context,
                                  krb5_db_entry       * entry,
                                  krb5_timestamp      * stamp);
 
+krb5_error_code
+krb5_dbe_lookup_last_admin_unlock( krb5_context          context,
+                                   krb5_db_entry       * entry,
+                                   krb5_timestamp      * stamp);
+
 krb5_error_code
 krb5_dbe_delete_tl_data( krb5_context    context,
                          krb5_db_entry * entry,
-- 
cgit