diff options
| author | Tom Yu <tlyu@mit.edu> | 1998-11-17 23:20:13 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 1998-11-17 23:20:13 +0000 |
| commit | 5052f96549075517a28a7dcc350c7965ad44d523 (patch) | |
| tree | 6f0b0ec936cd8767cf324ced112cb94dfdf0e4ac /src/lib | |
| parent | 5417ba278ec838b50483f650c0b62b06347a1052 (diff) | |
| download | krb5-5052f96549075517a28a7dcc350c7965ad44d523.tar.gz krb5-5052f96549075517a28a7dcc350c7965ad44d523.tar.xz krb5-5052f96549075517a28a7dcc350c7965ad44d523.zip | |
* kdb_cpw.c (krb5_dbe_crk):
(krb5_dbe_cpw): Add "keepold" boolean argument to indicate whether
to retain old keys.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11045 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/kdb/ChangeLog | 6 | ||||
| -rw-r--r-- | src/lib/kdb/kdb_cpw.c | 40 |
2 files changed, 38 insertions, 8 deletions
diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog index e12270d5c..b70f64147 100644 --- a/src/lib/kdb/ChangeLog +++ b/src/lib/kdb/ChangeLog @@ -1,3 +1,9 @@ +Tue Nov 17 18:19:41 1998 Tom Yu <tlyu@mit.edu> + + * kdb_cpw.c (krb5_dbe_crk): + (krb5_dbe_cpw): Add "keepold" boolean argument to indicate whether + to retain old keys. + 1998-10-27 Marc Horowitz <marc@mit.edu> * kdb_xdr.c, kdb_cpw.c: remove the special knowledge of ENCTYPE diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c index d68d784c1..507b76ad5 100644 --- a/src/lib/kdb/kdb_cpw.c +++ b/src/lib/kdb/kdb_cpw.c @@ -191,20 +191,22 @@ add_key_rnd_err: * Change random key for a krb5_db_entry * Assumes the max kvno * - * As a side effect all old keys are nuked. + * As a side effect all old keys are nuked if keepold is false. */ krb5_error_code -krb5_dbe_crk(context, master_key, ks_tuple, ks_tuple_count, db_entry) +krb5_dbe_crk(context, master_key, ks_tuple, ks_tuple_count, keepold, db_entry) krb5_context context; krb5_keyblock * master_key; krb5_key_salt_tuple * ks_tuple; int ks_tuple_count; + krb5_boolean keepold; krb5_db_entry * db_entry; { int key_data_count; krb5_key_data * key_data; krb5_error_code retval; int kvno; + int i; /* First save the old keydata */ kvno = get_key_data_kvno(context, db_entry->n_key_data, db_entry->key_data); @@ -216,11 +218,21 @@ krb5_dbe_crk(context, master_key, ks_tuple, ks_tuple_count, db_entry) /* increment the kvno */ kvno++; - if (retval = add_key_rnd(context, master_key, ks_tuple, - ks_tuple_count, db_entry, kvno)) { + retval = add_key_rnd(context, master_key, ks_tuple, + ks_tuple_count, db_entry, kvno); + if (retval) { cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); db_entry->n_key_data = key_data_count; db_entry->key_data = key_data; + } else if (keepold) { + for (i = 0; i < key_data_count; i++) { + retval = krb5_dbe_create_key_data(context, db_entry); + if (retval) { + cleanup_key_data(context, db_entry->n_key_data, + db_entry->key_data); + break; + } + } } else { cleanup_key_data(context, key_data_count, key_data); } @@ -421,23 +433,25 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, * Change password for a krb5_db_entry * Assumes the max kvno * - * As a side effect all old keys are nuked. + * As a side effect all old keys are nuked if keepold is false. */ krb5_error_code krb5_dbe_cpw(context, master_key, ks_tuple, ks_tuple_count, passwd, - new_kvno, db_entry) + new_kvno, keepold, db_entry) krb5_context context; krb5_keyblock * master_key; krb5_key_salt_tuple * ks_tuple; int ks_tuple_count; char * passwd; int new_kvno; + krb5_boolean keepold; krb5_db_entry * db_entry; { int key_data_count; krb5_key_data * key_data; krb5_error_code retval; int old_kvno; + int i; /* First save the old keydata */ old_kvno = get_key_data_kvno(context, db_entry->n_key_data, @@ -452,11 +466,21 @@ krb5_dbe_cpw(context, master_key, ks_tuple, ks_tuple_count, passwd, if (new_kvno < old_kvno+1) new_kvno = old_kvno+1; - if (retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, - passwd, db_entry, new_kvno)) { + retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, + passwd, db_entry, new_kvno); + if (retval) { cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); db_entry->n_key_data = key_data_count; db_entry->key_data = key_data; + } else if (keepold) { + for (i = 0; i < key_data_count; i++) { + retval = krb5_dbe_create_key_data(context, db_entry); + if (retval) { + cleanup_key_data(context, db_entry->n_key_data, + db_entry->key_data); + break; + } + } } else { cleanup_key_data(context, key_data_count, key_data); } |