aboutsummaryrefslogtreecommitdiffstats
path: root/lib/hdb/ext.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/hdb/ext.c')
-rw-r--r--lib/hdb/ext.c106
1 files changed, 102 insertions, 4 deletions
diff --git a/lib/hdb/ext.c b/lib/hdb/ext.c
index d2a4373b9b38..ecefe931b74f 100644
--- a/lib/hdb/ext.c
+++ b/lib/hdb/ext.c
@@ -101,7 +101,7 @@ hdb_replace_extension(krb5_context context,
ext2 = hdb_find_extension(entry, ext->data.element);
} else {
/*
- * This is an unknown extention, and we are asked to replace a
+ * This is an unknown extension, and we are asked to replace a
* possible entry in `entry' that is of the same type. This
* might seem impossible, but ASN.1 CHOICE comes to our
* rescue. The first tag in each branch in the CHOICE is
@@ -120,7 +120,7 @@ hdb_replace_extension(krb5_context context,
&size);
if (ret) {
krb5_set_error_message(context, ret, "hdb: failed to decode "
- "replacement hdb extention");
+ "replacement hdb extension");
return ret;
}
@@ -136,7 +136,7 @@ hdb_replace_extension(krb5_context context,
&size);
if (ret) {
krb5_set_error_message(context, ret, "hdb: failed to decode "
- "present hdb extention");
+ "present hdb extension");
return ret;
}
@@ -153,7 +153,7 @@ hdb_replace_extension(krb5_context context,
ret = copy_HDB_extension(ext, ext2);
if (ret)
krb5_set_error_message(context, ret, "hdb: failed to copy replacement "
- "hdb extention");
+ "hdb extension");
return ret;
}
@@ -432,3 +432,101 @@ hdb_entry_get_aliases(const hdb_entry *entry, const HDB_Ext_Aliases **a)
return 0;
}
+
+unsigned int
+hdb_entry_get_kvno_diff_clnt(const hdb_entry *entry)
+{
+ const HDB_extension *ext;
+
+ ext = hdb_find_extension(entry,
+ choice_HDB_extension_data_hist_kvno_diff_clnt);
+ if (ext)
+ return ext->data.u.hist_kvno_diff_clnt;
+ return 1;
+}
+
+krb5_error_code
+hdb_entry_set_kvno_diff_clnt(krb5_context context, hdb_entry *entry,
+ unsigned int diff)
+{
+ HDB_extension ext;
+
+ if (diff > 16384)
+ return EINVAL;
+ ext.mandatory = FALSE;
+ ext.data.element = choice_HDB_extension_data_hist_kvno_diff_clnt;
+ ext.data.u.hist_kvno_diff_clnt = diff;
+ return hdb_replace_extension(context, entry, &ext);
+}
+
+krb5_error_code
+hdb_entry_clear_kvno_diff_clnt(krb5_context context, hdb_entry *entry)
+{
+ return hdb_clear_extension(context, entry,
+ choice_HDB_extension_data_hist_kvno_diff_clnt);
+}
+
+unsigned int
+hdb_entry_get_kvno_diff_svc(const hdb_entry *entry)
+{
+ const HDB_extension *ext;
+
+ ext = hdb_find_extension(entry,
+ choice_HDB_extension_data_hist_kvno_diff_svc);
+ if (ext)
+ return ext->data.u.hist_kvno_diff_svc;
+ return 1024; /* max_life effectively provides a better default */
+}
+
+krb5_error_code
+hdb_entry_set_kvno_diff_svc(krb5_context context, hdb_entry *entry,
+ unsigned int diff)
+{
+ HDB_extension ext;
+
+ if (diff > 16384)
+ return EINVAL;
+ ext.mandatory = FALSE;
+ ext.data.element = choice_HDB_extension_data_hist_kvno_diff_svc;
+ ext.data.u.hist_kvno_diff_svc = diff;
+ return hdb_replace_extension(context, entry, &ext);
+}
+
+krb5_error_code
+hdb_entry_clear_kvno_diff_svc(krb5_context context, hdb_entry *entry)
+{
+ return hdb_clear_extension(context, entry,
+ choice_HDB_extension_data_hist_kvno_diff_svc);
+}
+
+krb5_error_code
+hdb_set_last_modified_by(krb5_context context, hdb_entry *entry,
+ krb5_principal modby, time_t modtime)
+{
+ krb5_error_code ret;
+ Event *old_ev;
+ Event *ev;
+
+ old_ev = entry->modified_by;
+
+ ev = calloc(1, sizeof (*ev));
+ if (!ev)
+ return ENOMEM;
+ if (modby)
+ ret = krb5_copy_principal(context, modby, &ev->principal);
+ else
+ ret = krb5_parse_name(context, "root/admin", &ev->principal);
+ if (ret) {
+ free(ev);
+ return ret;
+ }
+ ev->time = modtime;
+ if (!ev->time)
+ time(&ev->time);
+
+ entry->modified_by = ev;
+ if (old_ev)
+ free_Event(old_ev);
+ return 0;
+}
+