add ->hdb_password and ->hdb_auth_status

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25298 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/hdb/hdb.h

@@ -56,6 +56,13 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
 
 /* hdb_capability_flags */
 #define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1
+#define HDB_CAP_F_HANDLE_PASSWORDS	2
+#define HDB_CAP_F_PASSWORD_UPDATE_KEYS	4
+
+/* auth status values */
+#define HDB_AUTH_SUCCESS		0
+#define HDB_AUTH_WRONG_PASSWORD		1
+#define HDB_AUTH_INVALID_SIGNATURE	2
 
 /* key usage for master key */
 #define HDB_KU_MKEY	0x484442
@@ -185,6 +192,30 @@ typedef struct HDB{
      * point for the module.
      */
     krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*);
+    /**
+     * Change password.
+     *
+     * Will update keys for the entry when given password.  The new
+     * keys must be written into the entry and and will then later be
+     * ->hdb_store() into the database. The backend will still perform
+     * all other operations, increasing the kvno, and update
+     * modification timestamp.
+     * 
+     * The backen need to call _kadm5_set_keys() and perform password
+     * quality checks.
+     */
+    krb5_error_code (*hdb_password)(krb5_context, struct HDB*, hdb_entry_ex*, const char *, int);
+
+    /**
+     * Auth feedback
+     *
+     * This is a feedback call that allows backends that provides
+     * lockout functionality to register failure and/or successes.
+     *
+     * In case the entry is locked out, the backend should set the
+     * hdb_entry.flags.locked-out flag.
+     */
+    krb5_error_code (*hdb_auth_status)(krb5_context, struct HDB *, hdb_entry_ex *, int);
 }HDB;
 
 #define HDB_INTERFACE_VERSION	5