kadm5_ret_t
_kadm5_set_keys(kadm5_server_context *context,
hdb_entry *ent,
const char *password)
{
Key *keys;
size_t num_keys;
kadm5_ret_t ret;
ret = hdb_generate_key_set_password(context->context,
ent->principal,
password, &keys, &num_keys);
if (ret)
return ret;
_kadm5_free_keys (context->context, ent->keys.len, ent->keys.val);
ent->keys.val = keys;
ent->keys.len = num_keys;
hdb_entry_set_pw_change_time(context->context, ent, 0);
if (krb5_config_get_bool_default(context->context, NULL, FALSE,
"kadmin", "save-password", NULL))
{
ret = hdb_entry_set_password(context->context, context->db,
ent, password);
if (ret)
return ret;
}
return 0;
}
static kadm5_ret_t
perform_tl_data(krb5_context context,
HDB *db,
hdb_entry_ex *ent,
const krb5_tl_data *tl_data)
{
kadm5_ret_t ret = 0;
if (tl_data->tl_data_type == KRB5_TL_PASSWORD) {
heim_utf8_string pw = tl_data->tl_data_contents;
if (pw[tl_data->tl_data_length] != '\0')
return KADM5_BAD_TL_TYPE;
ret = hdb_entry_set_password(context, db, &ent->entry, pw);
} else if (tl_data->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) {
unsigned char *s;
time_t t;
if (tl_data->tl_data_length != 4)
return KADM5_BAD_TL_TYPE;
s = tl_data->tl_data_contents;
t = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24);
ret = hdb_entry_set_pw_change_time(context, &ent->entry, t);
} else if (tl_data->tl_data_type == KRB5_TL_EXTENSION) {
HDB_extension ext;
ret = decode_HDB_extension(tl_data->tl_data_contents,
tl_data->tl_data_length,
&ext,
NULL);
if (ret)
return KADM5_BAD_TL_TYPE;
ret = hdb_replace_extension(context, &ent->entry, &ext);
free_HDB_extension(&ext);
} else {
return KADM5_BAD_TL_TYPE;
}
return ret;
}
