oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add --keepold option to cpw.

Browse Source
This commit is contained in:
Nicolas Williams
2011-07-18 15:46:04 -05:00
parent acc8cd4b22
commit e16360e2db
8 changed files with 48 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/kadm5/ad.c
View File

@@ -508,6 +508,7 @@ ad_get_cred(kadm5_ad_context *context, const char *password)
static kadm5_ret_t
kadm5_ad_chpass_principal(void *server_handle,
krb5_principal principal,
int keepold,
const char *password)
{
kadm5_ad_context *context = server_handle;

2
lib/kadm5/chpass_c.c
View File

@@ -38,6 +38,7 @@ RCSID("$Id$");
kadm5_ret_t
kadm5_c_chpass_principal(void *server_handle,
krb5_principal princ,
int keepold,
const char *password)
{
kadm5_client_context *context = server_handle;
@@ -59,6 +60,7 @@ kadm5_c_chpass_principal(void *server_handle,
krb5_store_int32(sp, kadm_chpass);
krb5_store_principal(sp, princ);
krb5_store_string(sp, password);
krb5_store_int32(sp, keepold); /* extension */
ret = _kadm5_client_send(context, sp);
krb5_storage_free(sp);
if (ret)

24
lib/kadm5/chpass_s.c
View File

@@ -38,6 +38,7 @@ RCSID("$Id$");
static kadm5_ret_t
change(void *server_handle,
krb5_principal princ,
int keepold,
const char *password,
int cond)
{
@@ -58,6 +59,10 @@ change(void *server_handle,
if(ret)
goto out;
/*
* We save these for now so we can handle password history checking;
* we handle keepold further below.
*/
ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
if (ret)
goto out;
@@ -98,12 +103,23 @@ change(void *server_handle,
"Password reuse forbidden");
goto out2;
}
}
ent.entry.kvno++;
if (keepold) {
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
} else {
HDB_extension ext;
ext.data.element = choice_HDB_extension_data_hist_keys;
ext.data.u.hist_keys.len = 0;
ext.data.u.hist_keys.val = NULL;
ret = hdb_replace_extension(context->context, &ent.entry, &ext);
if (ret)
goto out2;
}
ent.entry.kvno++;
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
@@ -140,9 +156,10 @@ out:
kadm5_ret_t
kadm5_s_chpass_principal_cond(void *server_handle,
krb5_principal princ,
int keepold,
const char *password)
{
return change (server_handle, princ, password, 1);
return change (server_handle, princ, keepold, password, 1);
}
/*
@@ -152,9 +169,10 @@ kadm5_s_chpass_principal_cond(void *server_handle,
kadm5_ret_t
kadm5_s_chpass_principal(void *server_handle,
krb5_principal princ,
int keepold,
const char *password)
{
return change (server_handle, princ, password, 0);
return change (server_handle, princ, keepold, password, 0);
}
/*

4
lib/kadm5/common_glue.c
View File

@@ -42,7 +42,7 @@ kadm5_chpass_principal(void *server_handle,
krb5_principal princ,
const char *password)
{
return __CALL(chpass_principal, (server_handle, princ, password));
return __CALL(chpass_principal, (server_handle, princ, 0, password));
}
kadm5_ret_t
@@ -60,7 +60,7 @@ kadm5_chpass_principal_3(void *server_handle,
*/
if (n_ks_tuple > 0)
return KADM5_KS_TUPLE_NOSUPP;
return __CALL(chpass_principal, (server_handle, princ, password));
return __CALL(chpass_principal, (server_handle, princ, keepold, password));
}
kadm5_ret_t

2
lib/kadm5/private.h
View File

@@ -37,7 +37,7 @@
#define __kadm5_privatex_h__
struct kadm_func {
kadm5_ret_t (*chpass_principal) (void *, krb5_principal, const char*);
kadm5_ret_t (*chpass_principal) (void *, krb5_principal, int, const char*);
kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t,
uint32_t, const char*);
kadm5_ret_t (*delete_principal) (void*, krb5_principal);