kadm5_ret_t
kadm5_s_chpass_principal_with_key(void *server_handle,
krb5_principal princ,
int n_key_data,
krb5_key_data *key_data)
{
kadm5_server_context *context = server_handle;
hdb_entry_ex ent;
kadm5_ret_t ret;
memset(&ent, 0, sizeof(ent));
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, 0,
HDB_F_GET_ANY|HDB_F_ADMIN_DATA, &ent);
if(ret == HDB_ERR_NOENTRY)
goto out;
ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
if(ret)
goto out2;
ent.entry.kvno++;
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out2;
ret = _kadm5_bump_pw_expire(context, &ent.entry);
if (ret)
goto out2;
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
ret = context->db->hdb_store(context->context, context->db,
HDB_F_REPLACE, &ent);
if (ret)
goto out2;
kadm5_log_modify (context,
&ent.entry,
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
KADM5_TL_DATA);
out2:
hdb_free_entry(context->context, &ent);
out:
context->db->hdb_close(context->context, context->db);
return _kadm5_error_code(ret);
}
kadm5_ret_t
kadm5_s_chpass_principal_with_key(void *server_handle,
krb5_principal princ,
int keepold,
int n_key_data,
krb5_key_data *key_data)
{
kadm5_server_context *context = server_handle;
hdb_entry_ex ent;
kadm5_ret_t ret;
memset(&ent, 0, sizeof(ent));
if (!context->keep_open) {
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret)
return ret;
}
ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, 0,
HDB_F_GET_ANY|HDB_F_ADMIN_DATA, &ent);
if(ret == HDB_ERR_NOENTRY)
goto out;
if (keepold) {
ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
if (ret)
goto out2;
}
ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
if(ret)
goto out2;
ent.entry.kvno++;
ret = _kadm5_set_modifier(context, &ent.entry);
if(ret)
goto out2;
ret = _kadm5_bump_pw_expire(context, &ent.entry);
if (ret)
goto out2;
if (keepold) {
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
if (ret)
goto out2;
} else {
HDB_extension ext;
memset(&ext, 0, sizeof (ext));
ext.data.element = choice_HDB_extension_data_hist_keys;
ext.data.u.hist_keys.len = 0;
ext.data.u.hist_keys.val = NULL;
hdb_replace_extension(context->context, &ent.entry, &ext);
}
ret = context->db->hdb_store(context->context, context->db,
HDB_F_REPLACE, &ent);
if (ret)
goto out2;
kadm5_log_modify (context,
&ent.entry,
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
KADM5_TL_DATA);
out2:
hdb_free_entry(context->context, &ent);
out:
if (!context->keep_open)
context->db->hdb_close(context->context, context->db);
return _kadm5_error_code(ret);
}
kadm5_ret_t
_kadm5_setup_entry(kadm5_server_context *context,
hdb_entry_ex *ent,
uint32_t mask,
kadm5_principal_ent_t princ,
uint32_t princ_mask,
kadm5_principal_ent_t def,
uint32_t def_mask)
{
if(mask & KADM5_PRINC_EXPIRE_TIME
&& princ_mask & KADM5_PRINC_EXPIRE_TIME) {
if (princ->princ_expire_time)
set_value(ent->entry.valid_end, princ->princ_expire_time);
else
set_null(ent->entry.valid_end);
}
if(mask & KADM5_PW_EXPIRATION
&& princ_mask & KADM5_PW_EXPIRATION) {
if (princ->pw_expiration)
set_value(ent->entry.pw_end, princ->pw_expiration);
else
set_null(ent->entry.pw_end);
}
if(mask & KADM5_ATTRIBUTES) {
if (princ_mask & KADM5_ATTRIBUTES) {
attr_to_flags(princ->attributes, &ent->entry.flags);
} else if(def_mask & KADM5_ATTRIBUTES) {
attr_to_flags(def->attributes, &ent->entry.flags);
ent->entry.flags.invalid = 0;
} else {
default_flags(ent, 1);
}
}
if(mask & KADM5_MAX_LIFE) {
if(princ_mask & KADM5_MAX_LIFE) {
if(princ->max_life)
set_value(ent->entry.max_life, princ->max_life);
else
set_null(ent->entry.max_life);
} else if(def_mask & KADM5_MAX_LIFE) {
if(def->max_life)
set_value(ent->entry.max_life, def->max_life);
else
set_null(ent->entry.max_life);
}
}
if(mask & KADM5_KVNO
&& princ_mask & KADM5_KVNO)
ent->entry.kvno = princ->kvno;
if(mask & KADM5_MAX_RLIFE) {
if(princ_mask & KADM5_MAX_RLIFE) {
if(princ->max_renewable_life)
set_value(ent->entry.max_renew, princ->max_renewable_life);
else
set_null(ent->entry.max_renew);
} else if(def_mask & KADM5_MAX_RLIFE) {
if(def->max_renewable_life)
set_value(ent->entry.max_renew, def->max_renewable_life);
else
set_null(ent->entry.max_renew);
}
}
if(mask & KADM5_KEY_DATA
&& princ_mask & KADM5_KEY_DATA) {
_kadm5_set_keys2(context, &ent->entry,
princ->n_key_data, princ->key_data);
}
if(mask & KADM5_TL_DATA) {
krb5_tl_data *tl;
for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next) {
kadm5_ret_t ret;
ret = perform_tl_data(context->context, context->db, ent, tl);
if (ret)
return ret;
}
}
if(mask & KADM5_FAIL_AUTH_COUNT) {
/* XXX */
}
return 0;
}
