diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-06-24 20:12:28 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-06-24 20:12:28 +0000 |
| commit | e44bb1be0949c251f4c357ef2e7f998e754b0b9b (patch) | |
| tree | 8fe90a61c6d3f656960f31f55022db45e135cb6b /src | |
| parent | e5ef18829c2ffe733d29fcaf74c05cc0196c2465 (diff) | |
| download | krb5-e44bb1be0949c251f4c357ef2e7f998e754b0b9b.tar.gz krb5-e44bb1be0949c251f4c357ef2e7f998e754b0b9b.tar.xz krb5-e44bb1be0949c251f4c357ef2e7f998e754b0b9b.zip | |
Make fewer db lookups in kadm5_create_principal_3
By creating the password history entry earlier in the function, we can
avoid the need to look up the principal entry twice just to save a
copy of the key data.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24990 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/kadm5/srv/svr_principal.c | 29 |
1 files changed, 10 insertions, 19 deletions
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 3dcac0d43b..464d5e8e45 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -1367,7 +1367,7 @@ kadm5_chpass_principal_3(void *server_handle, krb5_int32 now; kadm5_policy_ent_rec pol; osa_princ_ent_rec adb; - krb5_db_entry *kdb, *kdb_save; + krb5_db_entry *kdb; int ret, ret2, last_pwd, hist_added; int have_pol = 0; kadm5_server_handle_t handle = server_handle; @@ -1398,16 +1398,19 @@ kadm5_chpass_principal_3(void *server_handle, if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) return(ret); - /* we are going to need the current keys after the new keys are set */ - if ((ret = kdb_get_entry(handle, principal, &kdb_save, NULL))) { - kdb_free_entry(handle, kdb, &adb); - return(ret); - } - if ((adb.aux_attributes & KADM5_POLICY)) { if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, &pol))) goto done; have_pol = 1; + + /* Create a password history entry before we change kdb's key_data. */ + ret = kdb_get_hist_key(handle, &hist_keyblock, &hist_kvno); + if (ret) + goto done; + ret = create_history_entry(handle->context, &hist_keyblock, + kdb->n_key_data, kdb->key_data, &hist); + if (ret) + goto done; } if ((ret = passwd_check(handle, password, have_pol ? &pol : NULL, @@ -1456,17 +1459,6 @@ kadm5_chpass_principal_3(void *server_handle, } #endif - ret = kdb_get_hist_key(handle, &hist_keyblock, &hist_kvno); - if (ret) - goto done; - - ret = create_history_entry(handle->context, - &hist_keyblock, - kdb_save->n_key_data, - kdb_save->key_data, &hist); - if (ret) - goto done; - ret = check_pw_reuse(handle->context, &hist_keyblock, kdb->n_key_data, kdb->key_data, 1, &hist); @@ -1557,7 +1549,6 @@ done: if (!hist_added && hist.key_data) free_history_entry(handle->context, &hist); kdb_free_entry(handle, kdb, &adb); - kdb_free_entry(handle, kdb_save, NULL); krb5_free_keyblock_contents(handle->context, &hist_keyblock); if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol)) |