kadm5_ret_t kadm5_s_chpass_principal_with_key(void *server_handle, krb5_principal princ, int n_key_data, krb5_key_data *key_data) { kadm5_server_context *context = server_handle; hdb_entry_ex ent; kadm5_ret_t ret; memset(&ent, 0, sizeof(ent)); ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, 0, HDB_F_GET_ANY|HDB_F_ADMIN_DATA, &ent); if(ret == HDB_ERR_NOENTRY) goto out; ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data); if(ret) goto out2; ent.entry.kvno++; ret = _kadm5_set_modifier(context, &ent.entry); if(ret) goto out2; ret = _kadm5_bump_pw_expire(context, &ent.entry); if (ret) goto out2; ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out2; ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); if (ret) goto out2; kadm5_log_modify (context, &ent.entry, KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION | KADM5_TL_DATA); out2: hdb_free_entry(context->context, &ent); out: context->db->hdb_close(context->context, context->db); return _kadm5_error_code(ret); }
kadm5_ret_t kadm5_s_chpass_principal_with_key(void *server_handle, krb5_principal princ, int keepold, int n_key_data, krb5_key_data *key_data) { kadm5_server_context *context = server_handle; hdb_entry_ex ent; kadm5_ret_t ret; memset(&ent, 0, sizeof(ent)); if (!context->keep_open) { ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; } ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, 0, HDB_F_GET_ANY|HDB_F_ADMIN_DATA, &ent); if(ret == HDB_ERR_NOENTRY) goto out; if (keepold) { ret = hdb_add_current_keys_to_history(context->context, &ent.entry); if (ret) goto out2; } ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data); if(ret) goto out2; ent.entry.kvno++; ret = _kadm5_set_modifier(context, &ent.entry); if(ret) goto out2; ret = _kadm5_bump_pw_expire(context, &ent.entry); if (ret) goto out2; if (keepold) { ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out2; } else { HDB_extension ext; memset(&ext, 0, sizeof (ext)); ext.data.element = choice_HDB_extension_data_hist_keys; ext.data.u.hist_keys.len = 0; ext.data.u.hist_keys.val = NULL; hdb_replace_extension(context->context, &ent.entry, &ext); } ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); if (ret) goto out2; kadm5_log_modify (context, &ent.entry, KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME | KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION | KADM5_TL_DATA); out2: hdb_free_entry(context->context, &ent); out: if (!context->keep_open) context->db->hdb_close(context->context, context->db); return _kadm5_error_code(ret); }
kadm5_ret_t _kadm5_setup_entry(kadm5_server_context *context, hdb_entry_ex *ent, uint32_t mask, kadm5_principal_ent_t princ, uint32_t princ_mask, kadm5_principal_ent_t def, uint32_t def_mask) { if(mask & KADM5_PRINC_EXPIRE_TIME && princ_mask & KADM5_PRINC_EXPIRE_TIME) { if (princ->princ_expire_time) set_value(ent->entry.valid_end, princ->princ_expire_time); else set_null(ent->entry.valid_end); } if(mask & KADM5_PW_EXPIRATION && princ_mask & KADM5_PW_EXPIRATION) { if (princ->pw_expiration) set_value(ent->entry.pw_end, princ->pw_expiration); else set_null(ent->entry.pw_end); } if(mask & KADM5_ATTRIBUTES) { if (princ_mask & KADM5_ATTRIBUTES) { attr_to_flags(princ->attributes, &ent->entry.flags); } else if(def_mask & KADM5_ATTRIBUTES) { attr_to_flags(def->attributes, &ent->entry.flags); ent->entry.flags.invalid = 0; } else { default_flags(ent, 1); } } if(mask & KADM5_MAX_LIFE) { if(princ_mask & KADM5_MAX_LIFE) { if(princ->max_life) set_value(ent->entry.max_life, princ->max_life); else set_null(ent->entry.max_life); } else if(def_mask & KADM5_MAX_LIFE) { if(def->max_life) set_value(ent->entry.max_life, def->max_life); else set_null(ent->entry.max_life); } } if(mask & KADM5_KVNO && princ_mask & KADM5_KVNO) ent->entry.kvno = princ->kvno; if(mask & KADM5_MAX_RLIFE) { if(princ_mask & KADM5_MAX_RLIFE) { if(princ->max_renewable_life) set_value(ent->entry.max_renew, princ->max_renewable_life); else set_null(ent->entry.max_renew); } else if(def_mask & KADM5_MAX_RLIFE) { if(def->max_renewable_life) set_value(ent->entry.max_renew, def->max_renewable_life); else set_null(ent->entry.max_renew); } } if(mask & KADM5_KEY_DATA && princ_mask & KADM5_KEY_DATA) { _kadm5_set_keys2(context, &ent->entry, princ->n_key_data, princ->key_data); } if(mask & KADM5_TL_DATA) { krb5_tl_data *tl; for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next) { kadm5_ret_t ret; ret = perform_tl_data(context->context, context->db, ent, tl); if (ret) return ret; } } if(mask & KADM5_FAIL_AUTH_COUNT) { /* XXX */ } return 0; }