int hdb_entry_set_password(krb5_context context, HDB *db, hdb_entry *entry, const char *p) { HDB_extension ext; hdb_master_key key; int ret; ext.mandatory = FALSE; ext.data.element = choice_HDB_extension_data_password; if (db->hdb_master_key_set) { key = _hdb_find_master_key(NULL, db->hdb_master_key); if (key == NULL) { krb5_set_error_message(context, HDB_ERR_NO_MKEY, "hdb_entry_set_password: "******"failed to find masterkey"); return HDB_ERR_NO_MKEY; } ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY, p, strlen(p) + 1, &ext.data.u.password.password); if (ret) return ret; ext.data.u.password.mkvno = malloc(sizeof(*ext.data.u.password.mkvno)); if (ext.data.u.password.mkvno == NULL) { free_HDB_extension(&ext); krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } *ext.data.u.password.mkvno = _hdb_mkey_version(key); } else { ext.data.u.password.mkvno = NULL; ret = krb5_data_copy(&ext.data.u.password.password, p, strlen(p) + 1); if (ret) { krb5_set_error_message(context, ret, "malloc: out of memory"); free_HDB_extension(&ext); return ret; } } ret = hdb_replace_extension(context, entry, &ext); free_HDB_extension(&ext); return ret; }
int hdb_entry_get_password(krb5_context context, HDB *db, const hdb_entry *entry, char **p) { HDB_extension *ext; char *str; int ret; ext = hdb_find_extension(entry, choice_HDB_extension_data_password); if (ext) { heim_utf8_string str; heim_octet_string pw; if (db->hdb_master_key_set && ext->data.u.password.mkvno) { hdb_master_key key; key = _hdb_find_master_key(ext->data.u.password.mkvno, db->hdb_master_key); if (key == NULL) { krb5_set_error_string(context, "master key %d missing", *ext->data.u.password.mkvno); return HDB_ERR_NO_MKEY; } ret = _hdb_mkey_decrypt(context, key, HDB_KU_MKEY, ext->data.u.password.password.data, ext->data.u.password.password.length, &pw); } else { ret = der_copy_octet_string(&ext->data.u.password.password, &pw); } if (ret) { krb5_clear_error_string(context); return ret; } str = pw.data; if (str[pw.length - 1] != '\0') { krb5_set_error_string(context, "password malformated"); return EINVAL; } *p = strdup(str); der_free_octet_string(&pw); if (*p == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } return 0; } ret = krb5_unparse_name(context, entry->principal, &str); if (ret == 0) { krb5_set_error_string(context, "no password attributefor %s", str); free(str); } else krb5_clear_error_string(context); return ENOENT; }