Encrypt keys in change password code even when !keepold

2012-06-14 12:55:36 -05:00
parent 20b5e2a2c6
commit 82f1c1f391
1 changed files with 5 additions and 7 deletions
--- a/lib/kadm5/chpass_s.c
+++ b/lib/kadm5/chpass_s.c
@@ -115,22 +115,20 @@ change(void *server_handle,

    ent.entry.flags.require_pwchange = 0;

-    if (keepold) {
-	ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-	if (ret)
-	    goto out2;
-    } else {
+    if (!keepold) {
 	HDB_extension ext;

 	memset(&ext, 0, sizeof (ext));
 	ext.data.element = choice_HDB_extension_data_hist_keys;
-	ext.data.u.hist_keys.len = 0;
-	ext.data.u.hist_keys.val = NULL;
 	ret = hdb_replace_extension(context->context, &ent.entry, &ext);
 	if (ret)
 	    goto out2;
    }

+    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
+    if (ret)
+        goto out2;
+
    ret = _kadm5_set_modifier(context, &ent.entry);
    if(ret)
 	goto out2;