oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Encrypt keys in change password code even when !keepold

Browse Source
This commit is contained in:
Nicolas Williams
2012-06-14 12:55:36 -05:00
parent 20b5e2a2c6
commit 82f1c1f391
1 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/kadm5/chpass_s.c
View File

@@ -115,22 +115,20 @@ change(void *server_handle,
ent.entry.flags.require_pwchange = 0; ent.entry.flags.require_pwchange = 0;
if (keepold) { if (!keepold) {
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
} else {
HDB_extension ext; HDB_extension ext;
memset(&ext, 0, sizeof (ext)); memset(&ext, 0, sizeof (ext));
ext.data.element = choice_HDB_extension_data_hist_keys; ext.data.element = choice_HDB_extension_data_hist_keys;
ext.data.u.hist_keys.len = 0;
ext.data.u.hist_keys.val = NULL;
ret = hdb_replace_extension(context->context, &ent.entry, &ext); ret = hdb_replace_extension(context->context, &ent.entry, &ext);
if (ret) if (ret)
goto out2; goto out2;
} }
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
ret = _kadm5_set_modifier(context, &ent.entry); ret = _kadm5_set_modifier(context, &ent.entry);
if(ret) if(ret)
goto out2; goto out2;