{
krb5_error_code ret;
- ret = kadm5_chpass_principal_with_key (kadm_handle, principal,
- 3, key_data);
+ ret = kadm5_chpass_principal_with_key_3(kadm_handle, principal, keepold,
+ 3, key_data);
return ret;
}
case kadm_chpass:{
op = "CHPASS";
ret = krb5_ret_principal(sp, &princ);
- if(ret)
+ if (ret)
goto fail;
ret = krb5_ret_string(sp, &password);
- if(ret){
+ if (ret) {
+ krb5_free_principal(contextp->context, princ);
+ goto fail;
+ }
+ ret = krb5_ret_int32(sp, &keepold);
+ if (ret && ret != HEIM_ERR_EOF) {
krb5_free_principal(contextp->context, princ);
goto fail;
}
free(password);
goto fail;
}
- ret = kadm5_chpass_principal(kadm_handlep, princ, password);
+ ret = kadm5_chpass_principal_3(kadm_handlep, princ, keepold, 0, NULL,
+ password);
krb5_free_principal(contextp->context, princ);
memset(password, 0, strlen(password));
free(password);
krb5_free_principal(contextp->context, princ);
goto fail;
}
+ ret = krb5_ret_int32(sp, &keepold);
+ if (ret && ret != HEIM_ERR_EOF) {
+ krb5_free_principal(contextp->context, princ);
+ goto fail;
+ }
/* n_key_data will be squeezed into an int16_t below. */
if (n_key_data < 0 || n_key_data >= 1 << 16 ||
(size_t)n_key_data > UINT_MAX/sizeof(*key_data)) {
krb5_free_principal(contextp->context, princ);
goto fail;
}
- ret = kadm5_chpass_principal_with_key(kadm_handlep, princ,
- n_key_data, key_data);
+ ret = kadm5_chpass_principal_with_key_3(kadm_handlep, princ, keepold,
+ n_key_data, key_data);
{
int16_t dummy = n_key_data;
kadm5_free_key_data (contextp, &dummy, key_data);
int result_code;
kadm5_ret_t ret;
+ if (keepold)
+ return KADM5_KEEPOLD_NOSUPP;
+
ret = ad_get_cred(context, NULL);
if (ret)
return ret;
{
kadm5_ad_context *context = server_handle;
+ if (keepold)
+ return KADM5_KEEPOLD_NOSUPP;
+
/*
* random key
*/
static kadm5_ret_t
kadm5_ad_chpass_principal_with_key(void *server_handle,
krb5_principal princ,
+ int keepold,
int n_key_data,
krb5_key_data *key_data)
{
kadm5_ret_t
kadm5_c_chpass_principal_with_key(void *server_handle,
krb5_principal princ,
+ int keepold,
int n_key_data,
krb5_key_data *key_data)
{
krb5_store_int32(sp, n_key_data);
for (i = 0; i < n_key_data; ++i)
kadm5_store_key_data (sp, &key_data[i]);
+ krb5_store_int32(sp, keepold); /* extension */
ret = _kadm5_client_send(context, sp);
krb5_storage_free(sp);
if (ret)
kadm5_ret_t
kadm5_s_chpass_principal_with_key(void *server_handle,
krb5_principal princ,
+ int keepold,
int n_key_data,
krb5_key_data *key_data)
{
HDB_F_GET_ANY|HDB_F_ADMIN_DATA, &ent);
if(ret == HDB_ERR_NOENTRY)
goto out;
- ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
- if (ret)
- goto out2;
+ if (keepold) {
+ ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
+ if (ret)
+ goto out2;
+ }
ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
if(ret)
goto out2;
if (ret)
goto out2;
- ret = hdb_seal_keys(context->context, context->db, &ent.entry);
- if (ret)
- goto out2;
+ if (keepold) {
+ ret = hdb_seal_keys(context->context, context->db, &ent.entry);
+ if (ret)
+ goto out2;
+ } else {
+ HDB_extension ext;
+
+ ext.data.element = choice_HDB_extension_data_hist_keys;
+ ext.data.u.hist_keys.len = 0;
+ ext.data.u.hist_keys.val = NULL;
+ hdb_replace_extension(context->context, &ent.entry, &ext);
+ }
+
ret = context->db->hdb_store(context->context, context->db,
HDB_F_REPLACE, &ent);
krb5_key_data *key_data)
{
return __CALL(chpass_principal_with_key,
- (server_handle, princ, n_key_data, key_data));
+ (server_handle, princ, 0, n_key_data, key_data));
+}
+
+kadm5_ret_t
+kadm5_chpass_principal_with_key_3(void *server_handle,
+ krb5_principal princ,
+ int keepold,
+ int n_key_data,
+ krb5_key_data *key_data)
+{
+ return __CALL(chpass_principal_with_key,
+ (server_handle, princ, keepold, n_key_data, key_data));
}
kadm5_ret_t
error_code SETKEY3_ETYPE_MISMATCH, "Key/salt tuples don't match keys"
error_code DECRYPT_USAGE_NOSUPP, "Given usage of kadm5_decrypt() not supported"
error_code POLICY_OP_NOSUPP, "Policy operations not supported"
+error_code KEEPOLD_NOSUPP, "Keep old keys option not supported"
krb5_key_salt_tuple*, krb5_keyblock**,
int*);
kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal);
- kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal,
+ kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal, int,
int, krb5_key_data *);
kadm5_ret_t (*lock) (void *);
kadm5_ret_t (*unlock) (void *);
*/
krb5_store_int32(sp, kadm_randkey);
krb5_store_principal(sp, princ);
- ret = _kadm5_client_send(context, sp);
- krb5_storage_free(sp);
- if (ret)
- return ret;
if (keepold == TRUE || n_ks_tuple > 0)
krb5_store_uint32(sp, keepold);
krb5_store_int32(sp, ks_tuple[i].ks_enctype);
krb5_store_int32(sp, ks_tuple[i].ks_salttype);
}
-
/* Future extensions go here */
+
+ ret = _kadm5_client_send(context, sp);
+ krb5_storage_free(sp);
+ if (ret)
+ return ret;
ret = _kadm5_client_recv(context, &reply);
if(ret)
return ret;
kadm5_chpass_principal;
kadm5_chpass_principal_3;
kadm5_chpass_principal_with_key;
+ kadm5_chpass_principal_with_key_3;
kadm5_create_principal;
kadm5_delete_principal;
kadm5_destroy;