kadm5_ret_t _kadm5_set_keys(kadm5_server_context *context, hdb_entry *ent, const char *password) { Key *keys; size_t num_keys; kadm5_ret_t ret; ret = hdb_generate_key_set_password(context->context, ent->principal, password, &keys, &num_keys); if (ret) return ret; _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val); ent->keys.val = keys; ent->keys.len = num_keys; hdb_entry_set_pw_change_time(context->context, ent, 0); if (krb5_config_get_bool_default(context->context, NULL, FALSE, "kadmin", "save-password", NULL)) { ret = hdb_entry_set_password(context->context, context->db, ent, password); if (ret) return ret; } return 0; }
static kadm5_ret_t perform_tl_data(krb5_context context, HDB *db, hdb_entry_ex *ent, const krb5_tl_data *tl_data) { kadm5_ret_t ret = 0; if (tl_data->tl_data_type == KRB5_TL_PASSWORD) { heim_utf8_string pw = tl_data->tl_data_contents; if (pw[tl_data->tl_data_length] != '\0') return KADM5_BAD_TL_TYPE; ret = hdb_entry_set_password(context, db, &ent->entry, pw); } else if (tl_data->tl_data_type == KRB5_TL_LAST_PWD_CHANGE) { unsigned char *s; time_t t; if (tl_data->tl_data_length != 4) return KADM5_BAD_TL_TYPE; s = tl_data->tl_data_contents; t = s[0] | (s[1] << 8) | (s[2] << 16) | (s[3] << 24); ret = hdb_entry_set_pw_change_time(context, &ent->entry, t); } else if (tl_data->tl_data_type == KRB5_TL_EXTENSION) { HDB_extension ext; ret = decode_HDB_extension(tl_data->tl_data_contents, tl_data->tl_data_length, &ext, NULL); if (ret) return KADM5_BAD_TL_TYPE; ret = hdb_replace_extension(context, &ent->entry, &ext); free_HDB_extension(&ext); } else { return KADM5_BAD_TL_TYPE; } return ret; }