From e28e7b2c45a38a63aeee5086a012b8c7b8682e0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Fri, 3 Jul 2009 04:26:12 +0000 Subject: [PATCH] check for hdb->hdb_password git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25301 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/kadm5/chpass_s.c | 58 ++++++++++++++++++++++++++------------------ 1 file changed, 35 insertions(+), 23 deletions(-) diff --git a/lib/kadm5/chpass_s.c b/lib/kadm5/chpass_s.c index c6551a64e..bb8c54eaf 100644 --- a/lib/kadm5/chpass_s.c +++ b/lib/kadm5/chpass_s.c @@ -52,33 +52,49 @@ change(void *server_handle, ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; + ret = context->db->hdb_fetch(context->context, context->db, princ, HDB_F_DECRYPT|HDB_F_GET_ANY, &ent); - if(ret == HDB_ERR_NOENTRY) + if(ret) goto out; - num_keys = ent.entry.keys.len; - keys = ent.entry.keys.val; + if (context->db->hdb_capability_flags & HDB_CAP_F_HANDLE_PASSWORDS) { + ret = context->db->hdb_password(context->context, context->db, + &ent, password, cond); + if (ret) + goto out2; + } else { - ent.entry.keys.len = 0; - ent.entry.keys.val = NULL; - - ret = _kadm5_set_keys(context, &ent.entry, password); - if(ret) { + num_keys = ent.entry.keys.len; + keys = ent.entry.keys.val; + + ent.entry.keys.len = 0; + ent.entry.keys.val = NULL; + + ret = _kadm5_set_keys(context, &ent.entry, password); + if(ret) { + _kadm5_free_keys (context->context, num_keys, keys); + goto out2; + } + + if (cond) + existsp = _kadm5_exists_keys (ent.entry.keys.val, + ent.entry.keys.len, + keys, num_keys); _kadm5_free_keys (context->context, num_keys, keys); - goto out2; + + if (existsp) { + ret = KADM5_PASS_REUSE; + krb5_set_error_message(context->context, ret, + "Password reuse forbidden"); + goto out2; + } + + ret = hdb_seal_keys(context->context, context->db, &ent.entry); + if (ret) + goto out2; } ent.entry.kvno++; - if (cond) - existsp = _kadm5_exists_keys (ent.entry.keys.val, ent.entry.keys.len, - keys, num_keys); - _kadm5_free_keys (context->context, num_keys, keys); - - if (existsp) { - ret = KADM5_PASS_REUSE; - krb5_set_error_message(context->context, ret, "Password reuse forbidden"); - goto out2; - } ret = _kadm5_set_modifier(context, &ent.entry); if(ret) @@ -88,10 +104,6 @@ change(void *server_handle, if (ret) goto out2; - ret = hdb_seal_keys(context->context, context->db, &ent.entry); - if (ret) - goto out2; - ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); if (ret)