search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / kadm5 / chpass_s.c
blobf9232ec07e3fb3606a87aa1c227560859827d62d
1 /*
2 * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadm5_locl.h"
35
36 __RCSID("$Heimdal: chpass_s.c 20608 2007-05-08 07:11:48Z lha $"
37 "$NetBSD$");
38
39 static kadm5_ret_t
40 change(void *server_handle,
41 krb5_principal princ,
42 const char *password,
43 int cond)
44 {
45 kadm5_server_context *context = server_handle;
46 hdb_entry_ex ent;
47 kadm5_ret_t ret;
48 Key *keys;
49 size_t num_keys;
50 int cmp = 1;
51
52 memset(&ent, 0, sizeof(ent));
53 ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
54 if(ret)
55 return ret;
56 ret = context->db->hdb_fetch(context->context, context->db, princ,
57 HDB_F_DECRYPT|HDB_F_GET_ANY, &ent);
58 if(ret == HDB_ERR_NOENTRY)
59 goto out;
60
61 num_keys = ent.entry.keys.len;
62 keys = ent.entry.keys.val;
63
64 ent.entry.keys.len = 0;
65 ent.entry.keys.val = NULL;
66
67 ret = _kadm5_set_keys(context, &ent.entry, password);
68 if(ret) {
69 _kadm5_free_keys (context->context, num_keys, keys);
70 goto out2;
71 }
72 ent.entry.kvno++;
73 if (cond)
74 cmp = _kadm5_cmp_keys (ent.entry.keys.val, ent.entry.keys.len,
75 keys, num_keys);
76 _kadm5_free_keys (context->context, num_keys, keys);
77
78 if (cmp == 0) {
79 krb5_set_error_string(context->context, "Password reuse forbidden");
80 ret = KADM5_PASS_REUSE;
81 goto out2;
82 }
83
84 ret = _kadm5_set_modifier(context, &ent.entry);
85 if(ret)
86 goto out2;
87
88 ret = _kadm5_bump_pw_expire(context, &ent.entry);
89 if (ret)
90 goto out2;
91
92 ret = hdb_seal_keys(context->context, context->db, &ent.entry);
93 if (ret)
94 goto out2;
95
96 ret = context->db->hdb_store(context->context, context->db,
97 HDB_F_REPLACE, &ent);
98 if (ret)
99 goto out2;
100
101 kadm5_log_modify (context,
102 &ent.entry,
103 KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
104 KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
105 KADM5_TL_DATA);
106
107 out2:
108 hdb_free_entry(context->context, &ent);
109 out:
110 context->db->hdb_close(context->context, context->db);
111 return _kadm5_error_code(ret);
112 }
113
114
115
116 /*
117 * change the password of `princ' to `password' if it's not already that.
118 */
119
120 kadm5_ret_t
121 kadm5_s_chpass_principal_cond(void *server_handle,
122 krb5_principal princ,
123 const char *password)
124 {
125 return change (server_handle, princ, password, 1);
126 }
127
128 /*
129 * change the password of `princ' to `password'
130 */
131
132 kadm5_ret_t
133 kadm5_s_chpass_principal(void *server_handle,
134 krb5_principal princ,
135 const char *password)
136 {
137 return change (server_handle, princ, password, 0);
138 }
139
140 /*
141 * change keys for `princ' to `keys'
142 */
143
144 kadm5_ret_t
145 kadm5_s_chpass_principal_with_key(void *server_handle,
146 krb5_principal princ,
147 int n_key_data,
148 krb5_key_data *key_data)
149 {
150 kadm5_server_context *context = server_handle;
151 hdb_entry_ex ent;
152 kadm5_ret_t ret;
153
154 memset(&ent, 0, sizeof(ent));
155 ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
156 if(ret)
157 return ret;
158 ret = context->db->hdb_fetch(context->context, context->db, princ,
159 HDB_F_GET_ANY, &ent);
160 if(ret == HDB_ERR_NOENTRY)
161 goto out;
162 ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
163 if(ret)
164 goto out2;
165 ent.entry.kvno++;
166 ret = _kadm5_set_modifier(context, &ent.entry);
167 if(ret)
168 goto out2;
169 ret = _kadm5_bump_pw_expire(context, &ent.entry);
170 if (ret)
171 goto out2;
172
173 ret = hdb_seal_keys(context->context, context->db, &ent.entry);
174 if (ret)
175 goto out2;
176
177 ret = context->db->hdb_store(context->context, context->db,
178 HDB_F_REPLACE, &ent);
179 if (ret)
180 goto out2;
181
182 kadm5_log_modify (context,
183 &ent.entry,
184 KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
185 KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
186 KADM5_TL_DATA);
187
188 out2:
189 hdb_free_entry(context->context, &ent);
190 out:
191 context->db->hdb_close(context->context, context->db);
192 return _kadm5_error_code(ret);
193 }
NetBSD on the FriendlyARM MINI2440