1 files changed, 178 insertions, 2 deletions
diff --git a/lib/hdb/hdb-protos.h b/lib/hdb/hdb-protos.h
index 44a1bddc7625..76855095beed 100644
--- a/lib/hdb/hdb-protos.h
+++ b/lib/hdb/hdb-protos.h
@@ -1,6 +1,7 @@
 /* This is a generated file */
 #ifndef __hdb_protos_h__
 #define __hdb_protos_h__
+#ifndef DOXY
 
 #include <stdarg.h>
 
@@ -9,11 +10,63 @@ extern "C" {
 #endif
 
 krb5_error_code
+entry2mit_string_int (
+	krb5_context /*context*/,
+	krb5_storage */*sp*/,
+	hdb_entry */*ent*/);
+
+/**
+ * This function adds an HDB entry's current keyset to the entry's key
+ * history.  The current keyset is left alone; the caller is responsible
+ * for freeing it.
+ *
+ * @param context   Context
+ * @param entry	    HDB entry
+ */
+
+krb5_error_code
+hdb_add_current_keys_to_history (
+	krb5_context /*context*/,
+	hdb_entry */*entry*/);
+
+/**
+ * This function adds a key to an HDB entry's key history.
+ *
+ * @param context   Context
+ * @param entry	    HDB entry
+ * @param kvno	    Key version number of the key to add to the history
+ * @param key	    The Key to add
+ */
+
+krb5_error_code
+hdb_add_history_key (
+	krb5_context /*context*/,
+	hdb_entry */*entry*/,
+	krb5_kvno /*kvno*/,
+	Key */*key*/);
+
+krb5_error_code
 hdb_add_master_key (
 	krb5_context /*context*/,
 	krb5_keyblock */*key*/,
 	hdb_master_key */*inout*/);
 
+/**
+ * This function changes an hdb_entry's kvno, swapping the current key
+ * set with a historical keyset.  If no historical keys are found then
+ * an error is returned (the caller can still set entry->kvno directly).
+ *
+ * @param context	krb5_context
+ * @param new_kvno	New kvno for the entry
+ * @param entry		hdb_entry to modify
+ */
+
+krb5_error_code
+hdb_change_kvno (
+	krb5_context /*context*/,
+	krb5_kvno /*new_kvno*/,
+	hdb_entry */*entry*/);
+
 krb5_error_code
 hdb_check_db_format (
 	krb5_context /*context*/,
@@ -30,6 +83,14 @@ hdb_clear_master_key (
 	krb5_context /*context*/,
 	HDB */*db*/);
 
+/**
+ * Create a handle for a Kerberos database
+ *
+ * Create a handle for a Kerberos database backend specified by a
+ * filename.  Doesn't create a file if its doesn't exists, you have to
+ * use O_CREAT to tell the backend to create the file.
+ */
+
 krb5_error_code
 hdb_create (
 	krb5_context /*context*/,
@@ -37,11 +98,25 @@ hdb_create (
 	const char */*filename*/);
 
 krb5_error_code
-hdb_db_create (
+hdb_db1_create (
 	krb5_context /*context*/,
 	HDB **/*db*/,
 	const char */*filename*/);
 
+krb5_error_code
+hdb_db3_create (
+	krb5_context /*context*/,
+	HDB **/*db*/,
+	const char */*filename*/);
+
+/**
+ * Return the directory where the hdb database resides.
+ *
+ * @param context Kerberos 5 context.
+ *
+ * @return string pointing to directory.
+ */
+
 const char *
 hdb_db_dir (krb5_context /*context*/);
 
@@ -85,6 +160,14 @@ hdb_dbinfo_get_realm (
 	krb5_context /*context*/,
 	struct hdb_dbinfo */*dbp*/);
 
+/**
+ * Return the default hdb database resides.
+ *
+ * @param context Kerberos 5 context.
+ *
+ * @return string pointing to directory.
+ */
+
 const char *
 hdb_default_db (krb5_context /*context*/);
 
@@ -92,6 +175,7 @@ krb5_error_code
 hdb_enctype2key (
 	krb5_context /*context*/,
 	hdb_entry */*e*/,
+	const Keys */*keyset*/,
 	krb5_enctype /*enctype*/,
 	Key **/*key*/);
 
@@ -118,6 +202,16 @@ hdb_entry_check_mandatory (
 	krb5_context /*context*/,
 	const hdb_entry */*ent*/);
 
+krb5_error_code
+hdb_entry_clear_kvno_diff_clnt (
+	krb5_context /*context*/,
+	hdb_entry */*entry*/);
+
+krb5_error_code
+hdb_entry_clear_kvno_diff_svc (
+	krb5_context /*context*/,
+	hdb_entry */*entry*/);
+
 int
 hdb_entry_clear_password (
 	krb5_context /*context*/,
@@ -133,6 +227,12 @@ hdb_entry_get_aliases (
 	const hdb_entry */*entry*/,
 	const HDB_Ext_Aliases **/*a*/);
 
+unsigned int
+hdb_entry_get_kvno_diff_clnt (const hdb_entry */*entry*/);
+
+unsigned int
+hdb_entry_get_kvno_diff_svc (const hdb_entry */*entry*/);
+
 int
 hdb_entry_get_password (
 	krb5_context /*context*/,
@@ -160,6 +260,18 @@ hdb_entry_get_pw_change_time (
 	const hdb_entry */*entry*/,
 	time_t */*t*/);
 
+krb5_error_code
+hdb_entry_set_kvno_diff_clnt (
+	krb5_context /*context*/,
+	hdb_entry */*entry*/,
+	unsigned int /*diff*/);
+
+krb5_error_code
+hdb_entry_set_kvno_diff_svc (
+	krb5_context /*context*/,
+	hdb_entry */*entry*/,
+	unsigned int /*diff*/);
+
 int
 hdb_entry_set_password (
 	krb5_context /*context*/,
@@ -214,6 +326,8 @@ krb5_error_code
 hdb_generate_key_set (
 	krb5_context /*context*/,
 	krb5_principal /*principal*/,
+	krb5_key_salt_tuple */*ks_tuple*/,
+	int /*n_ks_tuple*/,
 	Key **/*ret_key_set*/,
 	size_t */*nkeyset*/,
 	int /*no_salt*/);
@@ -226,6 +340,16 @@ hdb_generate_key_set_password (
 	Key **/*keys*/,
 	size_t */*num_keys*/);
 
+krb5_error_code
+hdb_generate_key_set_password_with_ks_tuple (
+	krb5_context /*context*/,
+	krb5_principal /*principal*/,
+	const char */*password*/,
+	krb5_key_salt_tuple */*ks_tuple*/,
+	int /*n_ks_tuple*/,
+	Key **/*keys*/,
+	size_t */*num_keys*/);
+
 int
 hdb_get_dbinfo (
 	krb5_context /*context*/,
@@ -248,6 +372,12 @@ hdb_keytab_create (
 	HDB ** /*db*/,
 	const char */*arg*/);
 
+const Keys *
+hdb_kvno2keys (
+	krb5_context /*context*/,
+	const hdb_entry */*e*/,
+	krb5_kvno /*kvno*/);
+
 krb5_error_code
 hdb_ldap_create (
 	krb5_context /*context*/,
@@ -277,6 +407,12 @@ hdb_mdb_create (
 	const char */*filename*/);
 
 krb5_error_code
+hdb_mitdb_create (
+	krb5_context /*context*/,
+	HDB **/*db*/,
+	const char */*filename*/);
+
+krb5_error_code
 hdb_ndbm_create (
 	krb5_context /*context*/,
 	HDB **/*db*/,
@@ -286,6 +422,7 @@ krb5_error_code
 hdb_next_enctype2key (
 	krb5_context /*context*/,
 	const hdb_entry */*e*/,
+	const Keys */*keyset*/,
 	krb5_enctype /*enctype*/,
 	Key **/*key*/);
 
@@ -310,6 +447,19 @@ hdb_process_master_key (
 	krb5_enctype /*etype*/,
 	hdb_master_key */*mkey*/);
 
+/**
+ * This function prunes an HDB entry's keys that are too old to have been used
+ * to mint still valid tickets (based on the entry's maximum ticket lifetime).
+ * 
+ * @param context   Context
+ * @param entry	    HDB entry
+ */
+
+krb5_error_code
+hdb_prune_keys (
+	krb5_context /*context*/,
+	hdb_entry */*entry*/);
+
 krb5_error_code
 hdb_read_master_key (
 	krb5_context /*context*/,
@@ -347,6 +497,13 @@ hdb_seal_keys_mkey (
 	hdb_master_key /*mkey*/);
 
 krb5_error_code
+hdb_set_last_modified_by (
+	krb5_context /*context*/,
+	hdb_entry */*entry*/,
+	krb5_principal /*modby*/,
+	time_t /*modtime*/);
+
+krb5_error_code
 hdb_set_master_key (
 	krb5_context /*context*/,
 	HDB */*db*/,
@@ -358,11 +515,21 @@ hdb_set_master_keyfile (
 	HDB */*db*/,
 	const char */*keyfile*/);
 
+/**
+ * Create SQLITE object, and creates the on disk database if its doesn't exists.
+ *
+ * @param context A Kerberos 5 context.
+ * @param db a returned database handle.
+ * @param filename filename
+ *
+ * @return        0 on success, an error code if not
+ */
+
 krb5_error_code
 hdb_sqlite_create (
 	krb5_context /*context*/,
 	HDB **/*db*/,
-	const char */*argument*/);
+	const char */*filename*/);
 
 krb5_error_code
 hdb_unlock (int /*fd*/);
@@ -386,6 +553,14 @@ hdb_unseal_keys (
 	hdb_entry */*ent*/);
 
 krb5_error_code
+hdb_unseal_keys_kvno (
+	krb5_context /*context*/,
+	HDB */*db*/,
+	krb5_kvno /*kvno*/,
+	unsigned /*flags*/,
+	hdb_entry */*ent*/);
+
+krb5_error_code
 hdb_unseal_keys_mkey (
 	krb5_context /*context*/,
 	hdb_entry */*ent*/,
@@ -413,4 +588,5 @@ hdb_write_master_key (
 }
 #endif
 
+#endif /* DOXY */
 #endif /* __hdb_protos_h__ */