chpass_s.c revision 72445 
1/*
2 * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "kadm5_locl.h"
35
36RCSID("$Id: chpass_s.c,v 1.13 2001/01/30 01:24:28 assar Exp $");
37
38static kadm5_ret_t
39change(void *server_handle,
40       krb5_principal princ,
41       char *password,
42       int cond)
43{
44    kadm5_server_context *context = server_handle;
45    hdb_entry ent;
46    kadm5_ret_t ret;
47    Key *keys;
48    size_t num_keys;
49    int cmp = 1;
50
51    ent.principal = princ;
52    ret = context->db->open(context->context, context->db, O_RDWR, 0);
53    if(ret)
54	return ret;
55    ret = context->db->fetch(context->context, context->db,
56			     0, &ent);
57    if(ret == HDB_ERR_NOENTRY)
58	goto out;
59
60    num_keys = ent.keys.len;
61    keys     = ent.keys.val;
62
63    ent.keys.len = 0;
64    ent.keys.val = NULL;
65
66    ret = _kadm5_set_keys(context, &ent, password);
67    if(ret) {
68	_kadm5_free_keys (server_handle, num_keys, keys);
69	goto out2;
70    }
71    if (cond)
72	cmp = _kadm5_cmp_keys (ent.keys.val, ent.keys.len,
73			       keys, num_keys);
74    _kadm5_free_keys (server_handle, num_keys, keys);
75
76    if (cmp == 0)
77	goto out2;
78
79    ret = _kadm5_set_modifier(context, &ent);
80    if(ret)
81	goto out2;
82
83    ret = _kadm5_bump_pw_expire(context, &ent);
84    if (ret)
85	goto out2;
86
87    ret = hdb_seal_keys(context->context, context->db, &ent);
88    if (ret)
89	goto out2;
90
91    kadm5_log_modify (context,
92		      &ent,
93		      KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
94		      KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION);
95
96    ret = context->db->store(context->context, context->db,
97			     HDB_F_REPLACE, &ent);
98out2:
99    hdb_free_entry(context->context, &ent);
100out:
101    context->db->close(context->context, context->db);
102    return _kadm5_error_code(ret);
103}
104
105
106
107/*
108 * change the password of `princ' to `password' if it's not already that.
109 */
110
111kadm5_ret_t
112kadm5_s_chpass_principal_cond(void *server_handle,
113			      krb5_principal princ,
114			      char *password)
115{
116    return change (server_handle, princ, password, 1);
117}
118
119/*
120 * change the password of `princ' to `password'
121 */
122
123kadm5_ret_t
124kadm5_s_chpass_principal(void *server_handle,
125			 krb5_principal princ,
126			 char *password)
127{
128    return change (server_handle, princ, password, 0);
129}
130
131/*
132 * change keys for `princ' to `keys'
133 */
134
135kadm5_ret_t
136kadm5_s_chpass_principal_with_key(void *server_handle,
137				  krb5_principal princ,
138				  int n_key_data,
139				  krb5_key_data *key_data)
140{
141    kadm5_server_context *context = server_handle;
142    hdb_entry ent;
143    kadm5_ret_t ret;
144    ent.principal = princ;
145    ret = context->db->open(context->context, context->db, O_RDWR, 0);
146    if(ret)
147	return ret;
148    ret = context->db->fetch(context->context, context->db, 0, &ent);
149    if(ret == HDB_ERR_NOENTRY)
150	goto out;
151    ret = _kadm5_set_keys2(context, &ent, n_key_data, key_data);
152    if(ret)
153	goto out2;
154    ret = _kadm5_set_modifier(context, &ent);
155    if(ret)
156	goto out2;
157    ret = _kadm5_bump_pw_expire(context, &ent);
158    if (ret)
159	goto out2;
160
161    ret = hdb_seal_keys(context->context, context->db, &ent);
162    if (ret)
163	goto out2;
164
165    kadm5_log_modify (context,
166		      &ent,
167		      KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
168		      KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION);
169
170    ret = context->db->store(context->context, context->db,
171			     HDB_F_REPLACE, &ent);
172out2:
173    hdb_free_entry(context->context, &ent);
174out:
175    context->db->close(context->context, context->db);
176    return _kadm5_error_code(ret);
177}
178