check for hdb->hdb_password

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25301 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/kadm5/chpass_s.c

@@ -52,11 +52,19 @@ change(void *server_handle,
     ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
     if(ret)
 	return ret;
+
     ret = context->db->hdb_fetch(context->context, context->db, princ,
 				 HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
-    if(ret == HDB_ERR_NOENTRY)
+    if(ret)
 	goto out;
 
+    if (context->db->hdb_capability_flags & HDB_CAP_F_HANDLE_PASSWORDS) {
+	ret = context->db->hdb_password(context->context, context->db,
+					&ent, password, cond);
+	if (ret)
+	    goto out2;
+    } else {
+
 	num_keys = ent.entry.keys.len;
 	keys     = ent.entry.keys.val;
 	
@@ -68,18 +76,26 @@ change(void *server_handle,
 	    _kadm5_free_keys (context->context, num_keys, keys);
 	    goto out2;
 	}
-    ent.entry.kvno++;
+	
 	if (cond)
-	existsp = _kadm5_exists_keys (ent.entry.keys.val, ent.entry.keys.len,
+	    existsp = _kadm5_exists_keys (ent.entry.keys.val,
+					  ent.entry.keys.len,
 					  keys, num_keys);
 	_kadm5_free_keys (context->context, num_keys, keys);
 	
 	if (existsp) {
 	    ret = KADM5_PASS_REUSE;
-	krb5_set_error_message(context->context, ret, "Password reuse forbidden");
+	    krb5_set_error_message(context->context, ret,
+				   "Password reuse forbidden");
 	    goto out2;
 	}
 
+	ret = hdb_seal_keys(context->context, context->db, &ent.entry);
+	if (ret)
+	    goto out2;
+    }
+    ent.entry.kvno++;
+
     ret = _kadm5_set_modifier(context, &ent.entry);
     if(ret)
 	goto out2;
@@ -88,10 +104,6 @@ change(void *server_handle,
     if (ret)
 	goto out2;
 
-    ret = hdb_seal_keys(context->context, context->db, &ent.entry);
-    if (ret)
-	goto out2;
-
     ret = context->db->hdb_store(context->context, context->db,
 				 HDB_F_REPLACE, &ent);
     if (ret)