From a095933ee095501253ab748a3be040ed4a586ed5 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico103@gmail.com>
Date: Tue, 12 Jul 2011 16:00:43 -0500
Subject: [PATCH] We want the time that a keyset was set, not the time it was
 replaced.

---
 lib/hdb/hdb.asn1       | 2 +-
 lib/hdb/keys.c         | 2 +-
 lib/hdb/mkey.c         | 2 +-
 lib/hdb/test_hdbkeys.c | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/hdb/hdb.asn1 b/lib/hdb/hdb.asn1
index d24737fbf..a2126ec65 100644
--- a/lib/hdb/hdb.asn1
+++ b/lib/hdb/hdb.asn1
@@ -89,7 +89,7 @@ HDB-Ext-Aliases ::= SEQUENCE {
 
 hdb_keyset ::= SEQUENCE {
 	kvno[0]		INTEGER (0..4294967295),
-	replace-time[1]	KerberosTime,	-- time this key was replaced
+	set-time[1]	KerberosTime,	-- time this key was created/set
 	keys[2]		SEQUENCE OF Key
 }
 
diff --git a/lib/hdb/keys.c b/lib/hdb/keys.c
index 9c0af5c47..bfb5d640e 100644
--- a/lib/hdb/keys.c
+++ b/lib/hdb/keys.c
@@ -247,7 +247,7 @@ hdb_add_current_keys_to_history(krb5_context context, hdb_entry *entry)
     hist_keys->val[0].keys.val = entry->keys.val;
     hist_keys->val[0].keys.len = entry->keys.len;
     hist_keys->val[0].kvno = entry->kvno;
-    hist_keys->val[0].replace_time = time(NULL);
+    (void) hdb_entry_get_pw_change_time(entry, &hist_keys->val[0].set_time);
 
     if (add) {
 	ret = hdb_replace_extension(context, entry, ext);
diff --git a/lib/hdb/mkey.c b/lib/hdb/mkey.c
index 5637a8880..103eadb04 100644
--- a/lib/hdb/mkey.c
+++ b/lib/hdb/mkey.c
@@ -549,7 +549,7 @@ hdb_unseal_keys_kvno(krb5_context context, HDB *db, krb5_kvno kvno,
 	tmp_keys[0].keys.len = ent->keys.len;
 	tmp_keys[0].keys.val = ent->keys.val;
 	tmp_keys[0].kvno = ent->kvno;
-	tmp_keys[0].replace_time = time(NULL);
+	(void) hdb_entry_get_pw_change_time(ent, &tmp_keys[0].set_time);
 	i++;
 	ent->keys.len = hist_keys->val[i].keys.len;
 	ent->keys.val = hist_keys->val[i].keys.val;
diff --git a/lib/hdb/test_hdbkeys.c b/lib/hdb/test_hdbkeys.c
index fd5dfcf81..945137450 100644
--- a/lib/hdb/test_hdbkeys.c
+++ b/lib/hdb/test_hdbkeys.c
@@ -88,7 +88,7 @@ main(int argc, char **argv)
     memset(&keyset, 0, sizeof(keyset));
 
     keyset.kvno = kvno_integer;
-    keyset.replace_time = time(NULL);
+    keyset.set_time = time(NULL);
 
     ret = hdb_generate_key_set_password(context, principal, password_str,
 					&keyset.keys.val, &len);