Lines Matching +full:entry +full:- +full:method
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
59 * - We may make arbitrary incompatible changes between feature
61 * - We will make some effort to avoid making incompatible changes for
108 /* Entry get flags */
113 /* Map cross-realm principals */
119 /* User-to-user */
121 /* Cross-realm */
143 * Note --- these structures cannot be modified without changing the
154 /* String attributes (currently stored inside tl-data) map C string keys to
183 * A principal database entry. Extensions to this structure currently use the
187 * they set e_length appropriately (non-zero if the data should be marshalled
189 * caller-constructed principal entries.
262 /* String attributes may not always be represented in tl-data. kadmin clients
268 #define KRB5_TL_SVR_REFERRAL_DATA 0x0300 /* ASN.1 encoded PA-SVR-REFERRAL-DATA */
269 #define KRB5_TL_CONSTRAINED_DELEGATION_ACL 0x0400 /* Each entry is a permitted SPN */
311 #define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify"
320 * Data encoding is little-endian.
323 #include "k5-platform.h"
373 krb5_db_entry **entry );
374 void krb5_db_free_principal ( krb5_context kcontext, krb5_db_entry *entry );
376 krb5_db_entry *entry );
474 krb5_db_entry * entry,
477 /* Set *mkvno to mkvno in entry tl_data, or 0 if not present. */
480 krb5_db_entry * entry,
486 /* Set *mkvno to mkvno in entry tl_data, or minimum value from mkey_list. */
489 krb5_db_entry * entry,
494 krb5_db_entry * entry,
500 krb5_db_entry * entry,
504 krb5_db_entry * entry,
509 krb5_db_entry * entry,
514 krb5_db_entry * entry,
519 krb5_db_entry * entry,
524 krb5_db_entry * entry,
529 krb5_db_entry * entry,
534 krb5_db_entry * entry,
539 krb5_db_entry * entry);
544 krb5_db_entry * entry,
566 krb5_db_entry * entry,
571 krb5_db_entry * entry,
574 /* Retrieve the set of string attributes in entry, in no particular order.
577 krb5_dbe_get_strings(krb5_context context, krb5_db_entry *entry,
580 /* Retrieve a single string attribute from entry, or NULL if there is no
583 krb5_dbe_get_string(krb5_context context, krb5_db_entry *entry,
586 /* Change or add a string attribute in entry, or delete it if value is NULL. */
588 krb5_dbe_set_string(krb5_context context, krb5_db_entry *entry,
593 krb5_db_entry * entry,
604 krb5_db_entry * entry,
607 /* Compute the salt for a key data entry given the corresponding principal. */
614 * Modify the key data of entry to explicitly store salt values using the
618 krb5_dbe_specialize_salt(krb5_context context, krb5_db_entry *entry);
696 krb5_db_entry **entry);
876 * - get_authdata_info() and sign_authdata() have been removed, and issue_pac()
879 * - check_allowed_to_delegate() must handle a null proxy argument, returning
883 * - allowed_to_delegate_from() accepts a krb5_pac parameter (in place
886 * - check_allowed_to_delegate() and allowed_to_delegate_from() must return
889 * - the KRB5_KDB_FLAG_ISSUE_PAC and KRB5_FLAG_CLIENT_REFERRALS_ONLY flags have
892 * - the KRB5_KDB_FLAG_CANONICALIZE flag has been renamed to
944 * command-line arguments for module-specific flags. mode will be one of
1008 * Mandatory: Set *entry to an allocated entry for the principal
1016 * requested. Determines whether the module should return out-of-realm
1021 * out-of-realm referrals.
1024 * entry during TGS requests, except for S4U TGS requests and requests
1025 * where the server entry has the KRB5_KDB_NO_AUTH_DATA_REQUIRED
1030 * client entry during an S4U2Self TGS request. This affects the PAC
1035 * client entry during an S4U2Proxy TGS request. Also affects PAC
1039 * entry during a TGS request, if the header ticket was issued by a
1043 * entry during a TGS request, if the requested server principal is not
1047 * A module may return an in-realm alias by setting (*entry)->princ to the
1053 * module should return a referral by simply filling in an out-of-realm
1054 * name in (*entry)->princ and setting all other fields to NULL.
1055 * Otherwise, the module should return the entry for the cross-realm TGS of
1056 * the referred-to realm.
1061 krb5_db_entry **entry);
1064 * Optional: Create or modify a principal entry. db_args communicates
1065 * command-line arguments for module-specific flags.
1067 * The mask field of an entry indicates the changed fields. Mask values
1069 * the mask, the entry is new; otherwise it already exists. All fields of
1070 * an entry are expected to contain correct values, regardless of whether
1072 * ignore the mask and update the entire entry.
1075 krb5_db_entry *entry, char **db_args);
1078 * Optional: Delete the entry for the principal search_for. If the
1098 * Optional: For each principal entry in the database, invoke func with the
1099 * arguments func_arg and the entry data. If match_entry is specified, the
1109 * Optional: Create a password policy entry. Return an error if the policy
1116 * Optional: Set *policy to the policy entry of the specified name. If the
1117 * entry does not exist, return KRB5_KDB_NOENTRY.
1123 * Optional: Modify an existing password policy entry to match the values
1130 * Optional: For each password policy entry in the database, invoke func
1131 * with the arguments data and the entry data. If match_entry is
1140 * Optional: Delete the password policy entry with the name policy. Return
1141 * an error if the entry does not exist.
1151 * old-format stash file.
1184 * keytab-format file.
1194 * a database entry for a key matching the enctype ktype, the salt type
1210 * derived from the password passwd in each of the specified key-salt
1230 * This method is used by kdb5_util load to replace the live database with
1271 * Optional: Perform a policy check on a cross-realm ticket's transited
1273 * KRB5_PLUGIN_NO_HANDLE to use the core transited-checking mechanisms, or
1285 * - Place a short string literal into *status.
1286 * - If desired, place data into e_data. Any data placed here will be
1288 * - Return an appropriate error (such as KRB5KDC_ERR_POLICY).
1302 * - Place a short string literal into *status.
1303 * - If desired, place data into e_data. Any data placed here will be
1305 * - Return an appropriate error (such as KRB5KDC_ERR_POLICY).
1316 * Optional: This method informs the module of a successful or unsuccessful
1325 /* Note: there is currently no method for auditing TGS requests. */
1328 * Optional: This method informs the module of a request to reload
1343 * or KRB5KDC_ERR_BADOPTION if not. If this method is not implemented, all
1352 * Optional: Free the e_data pointer of a database entry. If this method
1359 * Optional: get a client principal entry based on an X.509 certificate.
1362 * presented in an AS request. princ->realm indicates the request realm,
1364 * out-of-realm client referral as it would for get_principal().
1379 * tickets from client to proxy. This method is similar to
1380 * check_allowed_to_delegate, but it operates on the target server DB entry
1382 * than the intermediate server entry. server_pac is the verified PAC from
1386 * This method is called for S4U2Proxy requests and implements the
1387 * resource-based constrained delegation variant, which can support
1388 * cross-realm delegation. If this method is not implemented or if it
1423 * the Kerberos password or long-term key was not used. The module may use
1426 * Kerberos password or long-term key.
1428 * server is the database entry of the server the ticket will be issued to,
1431 * signing_krbtgt is the database entry of the krbtgt principal used to
1433 * KRB5_KDB_FLAG_CROSS_REALM is present in flags, this entry will be an
1434 * incoming cross-realm TGS, and the PAC fields should undergo appropriate
1435 * filtering based on the trust level of the cross-realm relationship.
1437 * auth_indicators points to NULL or a null-terminated list of krb5_data
1439 * method may modify this list, or free it and replace *auth_indicators