Add --keepold option to cpw.
This commit is contained in:
Nicolas Williams
26
kadmin/cpw.c
26
kadmin/cpw.c
@@ -35,6 +35,7 @@
|
||||
#include "kadmin-commands.h"
|
||||
|
||||
struct cpw_entry_data {
|
||||
int keepold;
|
||||
int random_key;
|
||||
int random_password;
|
||||
char *password;
|
||||
@@ -42,14 +43,15 @@ struct cpw_entry_data {
|
||||
};
|
||||
|
||||
static int
|
||||
set_random_key (krb5_principal principal)
|
||||
set_random_key (krb5_principal principal, int keepold)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
int i;
|
||||
krb5_keyblock *keys;
|
||||
int num_keys;
|
||||
|
||||
ret = kadm5_randkey_principal(kadm_handle, principal, &keys, &num_keys);
|
||||
ret = kadm5_randkey_principal_3(kadm_handle, principal, keepold, 0, NULL,
|
||||
&keys, &num_keys);
|
||||
if(ret)
|
||||
return ret;
|
||||
for(i = 0; i < num_keys; i++)
|
||||
@@ -59,13 +61,13 @@ set_random_key (krb5_principal principal)
|
||||
}
|
||||
|
||||
static int
|
||||
set_random_password (krb5_principal principal)
|
||||
set_random_password (krb5_principal principal, int keepold)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
char pw[128];
|
||||
|
||||
random_password (pw, sizeof(pw));
|
||||
ret = kadm5_chpass_principal(kadm_handle, principal, pw);
|
||||
ret = kadm5_chpass_principal_3(kadm_handle, principal, keepold, 0, NULL, pw);
|
||||
if (ret == 0) {
|
||||
char *princ_name;
|
||||
|
||||
@@ -79,7 +81,7 @@ set_random_password (krb5_principal principal)
|
||||
}
|
||||
|
||||
static int
|
||||
set_password (krb5_principal principal, char *password)
|
||||
set_password (krb5_principal principal, char *password, int keepold)
|
||||
{
|
||||
krb5_error_code ret = 0;
|
||||
char pwbuf[128];
|
||||
@@ -99,13 +101,14 @@ set_password (krb5_principal principal, char *password)
|
||||
password = pwbuf;
|
||||
}
|
||||
if(ret == 0)
|
||||
ret = kadm5_chpass_principal(kadm_handle, principal, password);
|
||||
ret = kadm5_chpass_principal_3(kadm_handle, principal, keepold, 0, NULL,
|
||||
password);
|
||||
memset(pwbuf, 0, sizeof(pwbuf));
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int
|
||||
set_key_data (krb5_principal principal, krb5_key_data *key_data)
|
||||
set_key_data (krb5_principal principal, krb5_key_data *key_data, int keepold)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
|
||||
@@ -120,13 +123,13 @@ do_cpw_entry(krb5_principal principal, void *data)
|
||||
struct cpw_entry_data *e = data;
|
||||
|
||||
if (e->random_key)
|
||||
return set_random_key (principal);
|
||||
return set_random_key (principal, e->keepold);
|
||||
else if (e->random_password)
|
||||
return set_random_password (principal);
|
||||
return set_random_password (principal, e->keepold);
|
||||
else if (e->key_data)
|
||||
return set_key_data (principal, e->key_data);
|
||||
return set_key_data (principal, e->key_data, e->keepold);
|
||||
else
|
||||
return set_password (principal, e->password);
|
||||
return set_password (principal, e->password, e->keepold);
|
||||
}
|
||||
|
||||
int
|
||||
@@ -138,6 +141,7 @@ cpw_entry(struct passwd_options *opt, int argc, char **argv)
|
||||
int num;
|
||||
krb5_key_data key_data[3];
|
||||
|
||||
data.keepold = opt->keepold_flag;
|
||||
data.random_key = opt->random_key_flag;
|
||||
data.random_password = opt->random_password_flag;
|
||||
data.password = opt->password_string;
|
||||
|
||||
@@ -230,6 +230,11 @@ command = {
|
||||
type = "string"
|
||||
help = "DES key in hex"
|
||||
}
|
||||
option = {
|
||||
long = "keepold"
|
||||
type = "flag"
|
||||
help = "keep old keys/password"
|
||||
}
|
||||
argument = "principal..."
|
||||
min_args = "1"
|
||||
help = "Changes the password of one or more principals matching the expressions."
|
||||
|
||||
@@ -401,7 +401,7 @@ change (krb5_auth_context auth_context,
|
||||
tmp = pwd_data->data;
|
||||
tmp[pwd_data->length - 1] = '\0';
|
||||
|
||||
ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, tmp);
|
||||
ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, 1, tmp);
|
||||
krb5_free_data (context, pwd_data);
|
||||
pwd_data = NULL;
|
||||
if (ret) {
|
||||
|
||||
@@ -508,6 +508,7 @@ ad_get_cred(kadm5_ad_context *context, const char *password)
|
||||
static kadm5_ret_t
|
||||
kadm5_ad_chpass_principal(void *server_handle,
|
||||
krb5_principal principal,
|
||||
int keepold,
|
||||
const char *password)
|
||||
{
|
||||
kadm5_ad_context *context = server_handle;
|
||||
|
||||
@@ -38,6 +38,7 @@ RCSID("$Id$");
|
||||
kadm5_ret_t
|
||||
kadm5_c_chpass_principal(void *server_handle,
|
||||
krb5_principal princ,
|
||||
int keepold,
|
||||
const char *password)
|
||||
{
|
||||
kadm5_client_context *context = server_handle;
|
||||
@@ -59,6 +60,7 @@ kadm5_c_chpass_principal(void *server_handle,
|
||||
krb5_store_int32(sp, kadm_chpass);
|
||||
krb5_store_principal(sp, princ);
|
||||
krb5_store_string(sp, password);
|
||||
krb5_store_int32(sp, keepold); /* extension */
|
||||
ret = _kadm5_client_send(context, sp);
|
||||
krb5_storage_free(sp);
|
||||
if (ret)
|
||||
|
||||
@@ -38,6 +38,7 @@ RCSID("$Id$");
|
||||
static kadm5_ret_t
|
||||
change(void *server_handle,
|
||||
krb5_principal princ,
|
||||
int keepold,
|
||||
const char *password,
|
||||
int cond)
|
||||
{
|
||||
@@ -58,6 +59,10 @@ change(void *server_handle,
|
||||
if(ret)
|
||||
goto out;
|
||||
|
||||
/*
|
||||
* We save these for now so we can handle password history checking;
|
||||
* we handle keepold further below.
|
||||
*/
|
||||
ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
|
||||
if (ret)
|
||||
goto out;
|
||||
@@ -98,12 +103,23 @@ change(void *server_handle,
|
||||
"Password reuse forbidden");
|
||||
goto out2;
|
||||
}
|
||||
}
|
||||
ent.entry.kvno++;
|
||||
|
||||
if (keepold) {
|
||||
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
|
||||
if (ret)
|
||||
goto out2;
|
||||
} else {
|
||||
HDB_extension ext;
|
||||
|
||||
ext.data.element = choice_HDB_extension_data_hist_keys;
|
||||
ext.data.u.hist_keys.len = 0;
|
||||
ext.data.u.hist_keys.val = NULL;
|
||||
ret = hdb_replace_extension(context->context, &ent.entry, &ext);
|
||||
if (ret)
|
||||
goto out2;
|
||||
}
|
||||
ent.entry.kvno++;
|
||||
|
||||
ret = _kadm5_set_modifier(context, &ent.entry);
|
||||
if(ret)
|
||||
@@ -140,9 +156,10 @@ out:
|
||||
kadm5_ret_t
|
||||
kadm5_s_chpass_principal_cond(void *server_handle,
|
||||
krb5_principal princ,
|
||||
int keepold,
|
||||
const char *password)
|
||||
{
|
||||
return change (server_handle, princ, password, 1);
|
||||
return change (server_handle, princ, keepold, password, 1);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -152,9 +169,10 @@ kadm5_s_chpass_principal_cond(void *server_handle,
|
||||
kadm5_ret_t
|
||||
kadm5_s_chpass_principal(void *server_handle,
|
||||
krb5_principal princ,
|
||||
int keepold,
|
||||
const char *password)
|
||||
{
|
||||
return change (server_handle, princ, password, 0);
|
||||
return change (server_handle, princ, keepold, password, 0);
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@@ -42,7 +42,7 @@ kadm5_chpass_principal(void *server_handle,
|
||||
krb5_principal princ,
|
||||
const char *password)
|
||||
{
|
||||
return __CALL(chpass_principal, (server_handle, princ, password));
|
||||
return __CALL(chpass_principal, (server_handle, princ, 0, password));
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
@@ -60,7 +60,7 @@ kadm5_chpass_principal_3(void *server_handle,
|
||||
*/
|
||||
if (n_ks_tuple > 0)
|
||||
return KADM5_KS_TUPLE_NOSUPP;
|
||||
return __CALL(chpass_principal, (server_handle, princ, password));
|
||||
return __CALL(chpass_principal, (server_handle, princ, keepold, password));
|
||||
}
|
||||
|
||||
kadm5_ret_t
|
||||
|
||||
@@ -37,7 +37,7 @@
|
||||
#define __kadm5_privatex_h__
|
||||
|
||||
struct kadm_func {
|
||||
kadm5_ret_t (*chpass_principal) (void *, krb5_principal, const char*);
|
||||
kadm5_ret_t (*chpass_principal) (void *, krb5_principal, int, const char*);
|
||||
kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t,
|
||||
uint32_t, const char*);
|
||||
kadm5_ret_t (*delete_principal) (void*, krb5_principal);
|
||||
|
||||
Reference in New Issue
Block a user