Provide server side kadm5_chpass_principal_3() with ks_tuple implementation.

We enable kadm5_chpass_principal_3() in the server side of the
library.  The client kadm5 library calls will still return the
error KAMD5_KS_TUPLE_NO_SUPP.

Signed-off-by: Nicolas Williams <nico@cryptonector.com>

lib/hdb/keys.c

@@ -600,12 +600,13 @@ krb5_error_code
 hdb_generate_key_set_password(krb5_context context,
 			      krb5_principal principal,
 			      const char *password,
+			      krb5_key_salt_tuple *ks_tuple, int n_ks_tuple, 
 			      Key **keys, size_t *num_keys)
 {
     krb5_error_code ret;
     size_t i;
 
-    ret = hdb_generate_key_set(context, principal, NULL, 0,
+    ret = hdb_generate_key_set(context, principal, ks_tuple, n_ks_tuple,
 				keys, num_keys, 0);
     if (ret)
 	return ret;

lib/hdb/test_hdbkeys.c

@@ -94,7 +94,7 @@ main(int argc, char **argv)
     *keyset.set_time = time(NULL);
 
     ret = hdb_generate_key_set_password(context, principal, password_str,
-					&keyset.keys.val, &len);
+					NULL, 0, &keyset.keys.val, &len);
     if (ret)
 	krb5_err(context, 1, ret, "hdb_generate_key_set_password");
     keyset.keys.len = len;

lib/kadm5/ad.c

@@ -509,6 +509,8 @@ static kadm5_ret_t
 kadm5_ad_chpass_principal(void *server_handle,
 			  krb5_principal principal,
 			  int keepold,
+			  int n_ks_tuple,
+			  krb5_key_salt_tuple *ks_tuple,
 			  const char *password)
 {
     kadm5_ad_context *context = server_handle;
@@ -519,6 +521,9 @@ kadm5_ad_chpass_principal(void *server_handle,
     if (keepold)
 	return KADM5_KEEPOLD_NOSUPP;
 
+    if (n_ks_tuple > 0)
+       return KADM5_KS_TUPLE_NOSUPP;
+
     ret = ad_get_cred(context, NULL);
     if (ret)
 	return ret;

lib/kadm5/chpass_c.c

@@ -39,6 +39,8 @@ kadm5_ret_t
 kadm5_c_chpass_principal(void *server_handle,
 			 krb5_principal princ,
 			 int keepold,
+			 int n_ks_tuple,
+			 krb5_key_salt_tuple *ks_tuple,
 			 const char *password)
 {
     kadm5_client_context *context = server_handle;
@@ -48,6 +50,14 @@ kadm5_c_chpass_principal(void *server_handle,
     int32_t tmp;
     krb5_data reply;
 
+    /*
+     * We should get around to implementing this...  At the moment, the
+     * the server side API is implemented but the wire protocol has not
+     * been updated.
+     */
+    if (n_ks_tuple > 0)
+       return KADM5_KS_TUPLE_NOSUPP;
+
     ret = _kadm5_connect(server_handle);
     if(ret)
 	return ret;

lib/kadm5/chpass_s.c

@@ -39,6 +39,8 @@ static kadm5_ret_t
 change(void *server_handle,
        krb5_principal princ,
        int keepold,
+       int n_ks_tuple,
+       krb5_key_salt_tuple *ks_tuple,
        const char *password,
        int cond)
 {
@@ -84,7 +86,8 @@ change(void *server_handle,
 	ent.entry.keys.len = 0;
 	ent.entry.keys.val = NULL;
 
-	ret = _kadm5_set_keys(context, &ent.entry, password);
+	ret = _kadm5_set_keys(context, &ent.entry, n_ks_tuple, ks_tuple,
+			      password);
 	if(ret) {
 	    _kadm5_free_keys(context->context, num_keys, keys);
 	    goto out2;
@@ -165,7 +168,7 @@ kadm5_s_chpass_principal_cond(void *server_handle,
 			      int keepold,
 			      const char *password)
 {
-    return change (server_handle, princ, keepold, password, 1);
+    return change (server_handle, princ, keepold, 0, NULL, password, 1);
 }
 
 /*
@@ -176,9 +179,12 @@ kadm5_ret_t
 kadm5_s_chpass_principal(void *server_handle,
 			 krb5_principal princ,
 			 int keepold,
+			 int n_ks_tuple,
+			 krb5_key_salt_tuple *ks_tuple,
 			 const char *password)
 {
-    return change (server_handle, princ, keepold, password, 0);
+    return change (server_handle, princ, keepold,
+	n_ks_tuple, ks_tuple, password, 0);
 }
 
 /*

lib/kadm5/common_glue.c

@@ -42,7 +42,8 @@ kadm5_chpass_principal(void *server_handle,
 		       krb5_principal princ,
 		       const char *password)
 {
-    return __CALL(chpass_principal, (server_handle, princ, 0, password));
+    return __CALL(chpass_principal, (server_handle, princ, 0,
+		  0, NULL, password));
 }
 
 kadm5_ret_t
@@ -53,14 +54,8 @@ kadm5_chpass_principal_3(void *server_handle,
 		         krb5_key_salt_tuple *ks_tuple,
 		         const char *password)
 {
-    /*
-     * We should get around to implementing this...  This can be useful
-     * for, e.g., x-realm principals.  For now we need the _3() to get
-     * certain applications written to the kadm5 API to build and run.
-     */
-    if (n_ks_tuple > 0)
-	return KADM5_KS_TUPLE_NOSUPP;
-    return __CALL(chpass_principal, (server_handle, princ, keepold, password));
+    return __CALL(chpass_principal, (server_handle, princ, keepold,
+		  n_ks_tuple, ks_tuple, password));
 }
 
 kadm5_ret_t

lib/kadm5/create_s.c

@@ -178,7 +178,7 @@ kadm5_s_create_principal(void *server_handle,
     ent.entry.keys.len = 0;
     ent.entry.keys.val = NULL;
 
-    ret = _kadm5_set_keys(context, &ent.entry, password);
+    ret = _kadm5_set_keys(context, &ent.entry, 0, NULL, password);
     if (ret)
 	goto out;
 

lib/kadm5/private.h

@@ -37,7 +37,8 @@
 #define __kadm5_privatex_h__
 
 struct kadm_func {
-    kadm5_ret_t (*chpass_principal) (void *, krb5_principal, int, const char*);
+    kadm5_ret_t (*chpass_principal) (void *, krb5_principal, int,
+				     int, krb5_key_salt_tuple*, const char*);
     kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t,
 				     uint32_t, const char*);
     kadm5_ret_t (*delete_principal) (void*, krb5_principal);

lib/kadm5/set_keys.c

@@ -42,6 +42,8 @@ RCSID("$Id$");
 kadm5_ret_t
 _kadm5_set_keys(kadm5_server_context *context,
 		hdb_entry *ent,
+		int n_ks_tuple,
+		krb5_key_salt_tuple *ks_tuple,
 		const char *password)
 {
     Key *keys;
@@ -50,7 +52,9 @@ _kadm5_set_keys(kadm5_server_context *context,
 
     ret = hdb_generate_key_set_password(context->context,
 					ent->principal,
-					password, &keys, &num_keys);
+					password,
+					ks_tuple, n_ks_tuple, 
+					&keys, &num_keys);
     if (ret)
 	return ret;