diff --git a/lib/hdb/keys.c b/lib/hdb/keys.c index ff562c818..a8acbcd6d 100644 --- a/lib/hdb/keys.c +++ b/lib/hdb/keys.c @@ -600,12 +600,13 @@ krb5_error_code hdb_generate_key_set_password(krb5_context context, krb5_principal principal, const char *password, + krb5_key_salt_tuple *ks_tuple, int n_ks_tuple, Key **keys, size_t *num_keys) { krb5_error_code ret; size_t i; - ret = hdb_generate_key_set(context, principal, NULL, 0, + ret = hdb_generate_key_set(context, principal, ks_tuple, n_ks_tuple, keys, num_keys, 0); if (ret) return ret; diff --git a/lib/hdb/test_hdbkeys.c b/lib/hdb/test_hdbkeys.c index b5648b2b1..873c00f3a 100644 --- a/lib/hdb/test_hdbkeys.c +++ b/lib/hdb/test_hdbkeys.c @@ -94,7 +94,7 @@ main(int argc, char **argv) *keyset.set_time = time(NULL); ret = hdb_generate_key_set_password(context, principal, password_str, - &keyset.keys.val, &len); + NULL, 0, &keyset.keys.val, &len); if (ret) krb5_err(context, 1, ret, "hdb_generate_key_set_password"); keyset.keys.len = len; diff --git a/lib/kadm5/ad.c b/lib/kadm5/ad.c index 639766594..6fd42d66e 100644 --- a/lib/kadm5/ad.c +++ b/lib/kadm5/ad.c @@ -509,6 +509,8 @@ static kadm5_ret_t kadm5_ad_chpass_principal(void *server_handle, krb5_principal principal, int keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, const char *password) { kadm5_ad_context *context = server_handle; @@ -519,6 +521,9 @@ kadm5_ad_chpass_principal(void *server_handle, if (keepold) return KADM5_KEEPOLD_NOSUPP; + if (n_ks_tuple > 0) + return KADM5_KS_TUPLE_NOSUPP; + ret = ad_get_cred(context, NULL); if (ret) return ret; diff --git a/lib/kadm5/chpass_c.c b/lib/kadm5/chpass_c.c index 5bfec2e96..4512942b4 100644 --- a/lib/kadm5/chpass_c.c +++ b/lib/kadm5/chpass_c.c @@ -39,6 +39,8 @@ kadm5_ret_t kadm5_c_chpass_principal(void *server_handle, krb5_principal princ, int keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, const char *password) { kadm5_client_context *context = server_handle; @@ -48,6 +50,14 @@ kadm5_c_chpass_principal(void *server_handle, int32_t tmp; krb5_data reply; + /* + * We should get around to implementing this... At the moment, the + * the server side API is implemented but the wire protocol has not + * been updated. + */ + if (n_ks_tuple > 0) + return KADM5_KS_TUPLE_NOSUPP; + ret = _kadm5_connect(server_handle); if(ret) return ret; diff --git a/lib/kadm5/chpass_s.c b/lib/kadm5/chpass_s.c index 1c3fbda2c..3260d011f 100644 --- a/lib/kadm5/chpass_s.c +++ b/lib/kadm5/chpass_s.c @@ -39,6 +39,8 @@ static kadm5_ret_t change(void *server_handle, krb5_principal princ, int keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, const char *password, int cond) { @@ -84,7 +86,8 @@ change(void *server_handle, ent.entry.keys.len = 0; ent.entry.keys.val = NULL; - ret = _kadm5_set_keys(context, &ent.entry, password); + ret = _kadm5_set_keys(context, &ent.entry, n_ks_tuple, ks_tuple, + password); if(ret) { _kadm5_free_keys(context->context, num_keys, keys); goto out2; @@ -165,7 +168,7 @@ kadm5_s_chpass_principal_cond(void *server_handle, int keepold, const char *password) { - return change (server_handle, princ, keepold, password, 1); + return change (server_handle, princ, keepold, 0, NULL, password, 1); } /* @@ -176,9 +179,12 @@ kadm5_ret_t kadm5_s_chpass_principal(void *server_handle, krb5_principal princ, int keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, const char *password) { - return change (server_handle, princ, keepold, password, 0); + return change (server_handle, princ, keepold, + n_ks_tuple, ks_tuple, password, 0); } /* diff --git a/lib/kadm5/common_glue.c b/lib/kadm5/common_glue.c index d6e18c231..ca6fc7f29 100644 --- a/lib/kadm5/common_glue.c +++ b/lib/kadm5/common_glue.c @@ -42,7 +42,8 @@ kadm5_chpass_principal(void *server_handle, krb5_principal princ, const char *password) { - return __CALL(chpass_principal, (server_handle, princ, 0, password)); + return __CALL(chpass_principal, (server_handle, princ, 0, + 0, NULL, password)); } kadm5_ret_t @@ -53,14 +54,8 @@ kadm5_chpass_principal_3(void *server_handle, krb5_key_salt_tuple *ks_tuple, const char *password) { - /* - * We should get around to implementing this... This can be useful - * for, e.g., x-realm principals. For now we need the _3() to get - * certain applications written to the kadm5 API to build and run. - */ - if (n_ks_tuple > 0) - return KADM5_KS_TUPLE_NOSUPP; - return __CALL(chpass_principal, (server_handle, princ, keepold, password)); + return __CALL(chpass_principal, (server_handle, princ, keepold, + n_ks_tuple, ks_tuple, password)); } kadm5_ret_t diff --git a/lib/kadm5/create_s.c b/lib/kadm5/create_s.c index d89c6f228..782b8145a 100644 --- a/lib/kadm5/create_s.c +++ b/lib/kadm5/create_s.c @@ -178,7 +178,7 @@ kadm5_s_create_principal(void *server_handle, ent.entry.keys.len = 0; ent.entry.keys.val = NULL; - ret = _kadm5_set_keys(context, &ent.entry, password); + ret = _kadm5_set_keys(context, &ent.entry, 0, NULL, password); if (ret) goto out; diff --git a/lib/kadm5/private.h b/lib/kadm5/private.h index dcf9ab4bd..04fb7c206 100644 --- a/lib/kadm5/private.h +++ b/lib/kadm5/private.h @@ -37,7 +37,8 @@ #define __kadm5_privatex_h__ struct kadm_func { - kadm5_ret_t (*chpass_principal) (void *, krb5_principal, int, const char*); + kadm5_ret_t (*chpass_principal) (void *, krb5_principal, int, + int, krb5_key_salt_tuple*, const char*); kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, uint32_t, const char*); kadm5_ret_t (*delete_principal) (void*, krb5_principal); diff --git a/lib/kadm5/set_keys.c b/lib/kadm5/set_keys.c index 4669bd507..691e948b7 100644 --- a/lib/kadm5/set_keys.c +++ b/lib/kadm5/set_keys.c @@ -42,6 +42,8 @@ RCSID("$Id$"); kadm5_ret_t _kadm5_set_keys(kadm5_server_context *context, hdb_entry *ent, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, const char *password) { Key *keys; @@ -50,7 +52,9 @@ _kadm5_set_keys(kadm5_server_context *context, ret = hdb_generate_key_set_password(context->context, ent->principal, - password, &keys, &num_keys); + password, + ks_tuple, n_ks_tuple, + &keys, &num_keys); if (ret) return ret;