summaryrefslogtreecommitdiff
path: root/usr/src/cmd/krb5/kadmin/server/misc.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/cmd/krb5/kadmin/server/misc.c')
-rw-r--r--usr/src/cmd/krb5/kadmin/server/misc.c198
1 files changed, 100 insertions, 98 deletions
diff --git a/usr/src/cmd/krb5/kadmin/server/misc.c b/usr/src/cmd/krb5/kadmin/server/misc.c
index 18a14df98e..03bdf8758d 100644
--- a/usr/src/cmd/krb5/kadmin/server/misc.c
+++ b/usr/src/cmd/krb5/kadmin/server/misc.c
@@ -21,25 +21,16 @@
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
- * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/kadmin/\
- * server/misc.c,v 1.10 1996/07/22 20:28:55 marc Exp $
*/
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev"
- "/.cvsroot/src/kadmin/server/misc.c,v 1.10 1996/07/22 20:28:55 "
- "marc Exp $";
-
-#endif
-
#include <kadm5/adb.h>
#include <kadm5/server_internal.h>
#include <krb5/kdb.h>
#include "misc.h"
/*
- * Function: chpass_principal_wrapper
- *
+ * Function: chpass_principal_wrapper_3
+ *
* Purpose: wrapper to kadm5_chpass_principal that checks to see if
* pw_min_life has been reached. if not it returns an error.
* otherwise it calls kadm5_chpass_principal
@@ -47,123 +38,134 @@ static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev"
* Arguments:
* principal (input) krb5_principals whose password we are
* changing
- * passoword (input) passowrd we are going to change to.
- * <return value> 0 on sucsess error code on failure.
+ * keepold (input) whether to preserve old keys
+ * n_ks_tuple (input) the number of key-salt tuples in ks_tuple
+ * ks_tuple (input) array of tuples indicating the caller's
+ * requested enctypes/salttypes
+ * password (input) password we are going to change to.
+ * <return value> 0 on success error code on failure.
*
* Requires:
* kadm5_init to have been run.
- *
+ *
* Effects:
* calls kadm5_chpass_principal which changes the kdb and the
* the admin db.
*
*/
kadm5_ret_t
-chpass_principal_wrapper(void *server_handle,
- krb5_principal principal, char *password)
+chpass_principal_wrapper_3(void *server_handle,
+ krb5_principal principal,
+ krb5_boolean keepold,
+ int n_ks_tuple,
+ krb5_key_salt_tuple *ks_tuple,
+ char *password)
{
- krb5_int32 now;
- kadm5_ret_t ret;
- kadm5_policy_ent_rec pol;
- kadm5_principal_ent_rec princ;
- kadm5_server_handle_t handle = server_handle;
-
- if (ret = krb5_timeofday(handle->context, &now))
- return (ret);
-
- if ((ret = kadm5_get_principal(handle->lhandle, principal,
- &princ,
- KADM5_PRINCIPAL_NORMAL_MASK)) !=
- KADM5_OK)
- return (ret);
- if (princ.aux_attributes & KADM5_POLICY) {
- if ((ret = kadm5_get_policy(handle->lhandle,
- princ.policy, &pol)) != KADM5_OK) {
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (ret);
- }
- if ((now - princ.last_pwd_change) < pol.pw_min_life &&
- !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
- (void) kadm5_free_policy_ent(handle->lhandle, &pol);
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (KADM5_PASS_TOOSOON);
- }
- if (ret = kadm5_free_policy_ent(handle->lhandle, &pol)) {
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (ret);
- }
- }
- if (ret = kadm5_free_principal_ent(handle->lhandle, &princ))
- return (ret);
+ kadm5_ret_t ret;
+
+ ret = check_min_life(server_handle, principal);
+ if (ret)
+ return ret;
- return (kadm5_chpass_principal(server_handle, principal, password));
+ return kadm5_chpass_principal_3(server_handle, principal,
+ keepold, n_ks_tuple, ks_tuple,
+ password);
}
/*
- * Function: randkey_principal_wrapper
- *
+ * Function: randkey_principal_wrapper_3
+ *
* Purpose: wrapper to kadm5_randkey_principal which checks the
- * passwords min. life.
+ * password's min. life.
*
* Arguments:
* principal (input) krb5_principal whose password we are
* changing
+ * keepold (input) whether to preserve old keys
+ * n_ks_tuple (input) the number of key-salt tuples in ks_tuple
+ * ks_tuple (input) array of tuples indicating the caller's
+ * requested enctypes/salttypes
* key (output) new random key
- * < return value > 0, error code on error.
+ * <return value> 0, error code on error.
*
* Requires:
* kadm5_init needs to be run
- *
+ *
* Effects:
* calls kadm5_randkey_principal
*
*/
kadm5_ret_t
-randkey_principal_wrapper(void *server_handle,
- krb5_principal principal,
- krb5_keyblock ** keys, int *n_keys)
+randkey_principal_wrapper_3(void *server_handle,
+ krb5_principal principal,
+ krb5_boolean keepold,
+ int n_ks_tuple,
+ krb5_key_salt_tuple *ks_tuple,
+ krb5_keyblock **keys, int *n_keys)
{
+ kadm5_ret_t ret;
+
+ ret = check_min_life(server_handle, principal);
+ if (ret)
+ return ret;
+ return kadm5_randkey_principal_3(server_handle, principal,
+ keepold, n_ks_tuple, ks_tuple,
+ keys, n_keys);
+}
- krb5_int32 now;
- kadm5_ret_t ret;
- kadm5_policy_ent_rec pol;
- kadm5_principal_ent_rec princ;
- kadm5_server_handle_t handle = server_handle;
-
- if (ret = krb5_timeofday(handle->context, &now))
- return (ret);
-
- if ((ret = kadm5_get_principal(handle->lhandle,
- principal, &princ,
- KADM5_PRINCIPAL_NORMAL_MASK)) !=
- OSA_ADB_OK)
- return (ret);
- if (princ.aux_attributes & KADM5_POLICY) {
- if ((ret = kadm5_get_policy(handle->lhandle,
- princ.policy, &pol)) != KADM5_OK) {
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (ret);
- }
- if ((now - princ.last_pwd_change) < pol.pw_min_life &&
- !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
- (void) kadm5_free_policy_ent(handle->lhandle, &pol);
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (KADM5_PASS_TOOSOON);
- }
- if (ret = kadm5_free_policy_ent(handle->lhandle, &pol)) {
- (void) kadm5_free_principal_ent(handle->lhandle,
- &princ);
- return (ret);
- }
+kadm5_ret_t
+chpass_util_wrapper(void *server_handle, krb5_principal princ,
+ char *new_pw, char **ret_pw,
+ char *msg_ret, unsigned int msg_len)
+{
+ kadm5_ret_t ret;
+
+ ret = check_min_life(server_handle, princ);
+ if (ret)
+ return ret;
+
+ return kadm5_chpass_principal_util(server_handle, princ,
+ new_pw, ret_pw,
+ msg_ret, msg_len);
+}
+
+kadm5_ret_t
+check_min_life(void *server_handle, krb5_principal principal)
+{
+ krb5_int32 now;
+ kadm5_ret_t ret;
+ kadm5_policy_ent_rec pol;
+ kadm5_principal_ent_rec princ;
+ kadm5_server_handle_t handle = server_handle;
+
+ ret = krb5_timeofday(handle->context, &now);
+ if (ret)
+ return ret;
+
+ ret = kadm5_get_principal(handle->lhandle, principal,
+ &princ, KADM5_PRINCIPAL_NORMAL_MASK);
+ if(ret != OSA_ADB_OK)
+ return ret;
+ if(princ.aux_attributes & KADM5_POLICY) {
+ if((ret=kadm5_get_policy(handle->lhandle,
+ princ.policy, &pol)) != KADM5_OK) {
+ (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+ return ret;
+ }
+ if((now - princ.last_pwd_change) < pol.pw_min_life &&
+ !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+ (void) kadm5_free_policy_ent(handle->lhandle, &pol);
+ (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+ return KADM5_PASS_TOOSOON;
}
- if (ret = kadm5_free_principal_ent(handle->lhandle, &princ))
- return (ret);
- return (kadm5_randkey_principal(server_handle,
- principal, keys, n_keys));
+
+ ret = kadm5_free_policy_ent(handle->lhandle, &pol);
+ if (ret) {
+ (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+ return ret;
+ }
+ }
+
+ return kadm5_free_principal_ent(handle->lhandle, &princ);
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-12 21:44:25 +0000