krb5_boolean pwret;
krb5_keyblock pkey, akey;
krb5_keyblock pkey1, akey1;
+ krb5_data psalt, asalt;
krb5_error_code kret;
DPRINT(DEBUG_CALLS, debug_level, ("* passwd_check_opass_ok()\n"));
memset((char *) &akey, 0, sizeof(akey));
memset((char *) &pkey1, 0, sizeof(pkey));
memset((char *) &akey1, 0, sizeof(akey));
+ memset((char *) &psalt, 0, sizeof(psalt));
+ memset((char *) &asalt, 0, sizeof(asalt));
/* Make key(s) using alleged old password */
kret = key_string_to_keys(kcontext,
dbentp->salt_type,
dbentp->alt_salt_type,
&pkey,
- &akey);
+ &akey,
+ &psalt,
+ &asalt);
/* Now decrypt database entries */
if (!kret)
memset((char *) pkey.contents, 0, (size_t) pkey.length);
krb5_xfree(pkey.contents);
}
- DPRINT(DEBUG_CALLS, debug_level,
- ("X passwd_check_opass_ok() = %d\n", pwret));
- return(pwret);
-}
-\f
-/*
- * passwd_check_npass_ok() - Check if new password is ok.
- */
-static krb5_boolean
-passwd_check_npass_ok(kcontext, debug_level, princ, dbentp, pwdata, supp)
- krb5_context kcontext;
- int debug_level;
- krb5_principal princ;
- krb5_db_entry *dbentp;
- krb5_data *pwdata;
- krb5_int32 *supp;
-{
- krb5_boolean pwret;
-
- DPRINT(DEBUG_CALLS, debug_level, ("* passwd_check_npass_ok()\n"));
- pwret = 1;
-
- /*
- * Check whether a new password is good.
- */
-#if KPWD_CHECK_LENGTH
- /* Check length */
- if (pwdata->length < KPWD_MIN_PWD_LENGTH) {
- pwret = 0;
- *supp = KRB5_ADM_PWD_TOO_SHORT;
- DPRINT(DEBUG_CALLS, debug_level,
- ("* passwd_check_npass_ok() - TOO SHORT\n"));
+ if (psalt.data) {
+ memset((char *) psalt.data, 0, (size_t) psalt.length);
+ krb5_xfree(psalt.data);
}
-#endif /* KPWD_CHECK_LENGTH */
-
-#if KPWD_CHECK_WEAKNESS
- /* Check weakness of keys generated by password */
- if (key_pwd_is_weak(kcontext,
- princ,
- pwdata,
- dbentp->salt_type,
- dbentp->alt_salt_type)) {
- pwret = 0;
- *supp = KRB5_ADM_PWD_WEAK;
- DPRINT(DEBUG_CALLS, debug_level,
- ("* passwd_check_npass_ok() - WEAK\n"));
+ if (asalt.data) {
+ memset((char *) asalt.data, 0, (size_t) asalt.length);
+ krb5_xfree(asalt.data);
}
-#endif /* KPWD_CHECK_WEAKNESS */
-
DPRINT(DEBUG_CALLS, debug_level,
- ("X passwd_check_npass_ok() = %d\n", pwret));
+ ("X passwd_check_opass_ok() = %d\n", pwret));
return(pwret);
}
\f
krb5_keyblock pkey, akey;
krb5_error_code kret;
krb5_db_entry entry2write;
+ krb5_data psalt, asalt;
int nwrite;
DPRINT(DEBUG_CALLS, debug_level, ("* passwd_set_npass()\n"));
memset((char *) &pkey, 0, sizeof(pkey));
memset((char *) &akey, 0, sizeof(akey));
memset((char *) &entry2write, 0, sizeof(krb5_db_entry));
+ memset((char *) &psalt, 0, sizeof(psalt));
+ memset((char *) &asalt, 0, sizeof(asalt));
/* Make key(s) using the new password */
if (kret = key_string_to_keys(kcontext,
dbentp->salt_type,
dbentp->alt_salt_type,
&pkey,
- &akey))
+ &akey,
+ &psalt,
+ &asalt))
goto cleanup;
/* Now get a new database entry */
/* Update the kvno */
entry2write.kvno++;
- /* Salt? */
+ /* Salt */
+ entry2write.salt_length = psalt.length;
+ entry2write.salt = (krb5_octet *) psalt.data;
+ entry2write.alt_salt_length = asalt.length;
+ entry2write.alt_salt = (krb5_octet *) asalt.data;
/* Now write the entry */
nwrite = 1;
cleanup:
if (entry2write.key.contents) {
- memset((char *) &entry2write.key, 0, sizeof(krb5_encrypted_keyblock));
krb5_xfree(entry2write.key.contents);
+ memset((char *) &entry2write.key, 0, sizeof(krb5_encrypted_keyblock));
}
if (entry2write.alt_key.contents) {
+ krb5_xfree(entry2write.alt_key.contents);
memset((char *) &entry2write.alt_key, 0,
sizeof(krb5_encrypted_keyblock));
- krb5_xfree(entry2write.alt_key.contents);
}
if (akey.contents) {
memset((char *) akey.contents, 0, (size_t) akey.length);
memset((char *) pkey.contents, 0, (size_t) pkey.length);
krb5_xfree(pkey.contents);
}
+ if (psalt.data) {
+ memset((char *) psalt.data, 0, (size_t) psalt.length);
+ krb5_xfree(psalt.data);
+ }
+ if (asalt.data) {
+ memset((char *) asalt.data, 0, (size_t) asalt.length);
+ krb5_xfree(asalt.data);
+ }
DPRINT(DEBUG_CALLS, debug_level,
("X passwd_set_npass() = %d\n", kret));
return(kret);
char *canon_name;
krb5_db_entry tmp_entry;
int tmp_nents;
- int tmp_more;
+ krb5_boolean tmp_more;
DPRINT(DEBUG_CALLS, debug_level, ("* passwd_check()\n"));
pwret = KRB5_ADM_SUCCESS;
&tmp_entry,
&tmp_nents,
&tmp_more)) {
- *supp = KRB5_ADM_BAD_PRINC;
+ *supp = KADM_BAD_PRINC;
goto cleanup;
}
char *canon_name;
krb5_db_entry tmp_entry;
int tmp_nents;
- int tmp_more;
+ krb5_boolean tmp_more;
DPRINT(DEBUG_CALLS, debug_level, ("* passwd_change()\n"));
pwret = KRB5_ADM_SUCCESS;
&tmp_entry,
&tmp_nents,
&tmp_more)) {
- *supp = KRB5_ADM_BAD_PRINC;
+ *supp = KADM_BAD_PRINC;
goto cleanup;
}
if (!acl_op_permitted(kcontext, client, ACL_CHANGE_OWN_PW)) {
com_err(programname, 0, pwd_perm_denied, canon_name);
pwret = KRB5_ADM_CANT_CHANGE;
- *supp = KRB5_ADM_NOT_ALLOWED;
+ *supp = KADM_NOT_ALLOWED;
goto cleanup;
}
DPRINT(DEBUG_CALLS, debug_level, ("X passwd_change() = %d\n", pwret));
return(pwret);
}
+\f
+/*
+ * passwd_check_npass_ok() - Check if new password is ok.
+ */
+krb5_boolean
+passwd_check_npass_ok(kcontext, debug_level, princ, dbentp, pwdata, supp)
+ krb5_context kcontext;
+ int debug_level;
+ krb5_principal princ;
+ krb5_db_entry *dbentp;
+ krb5_data *pwdata;
+ krb5_int32 *supp;
+{
+ krb5_boolean pwret;
+
+ DPRINT(DEBUG_CALLS, debug_level, ("* passwd_check_npass_ok()\n"));
+ pwret = 1;
+
+ /*
+ * Check whether a new password is good.
+ */
+#if KPWD_CHECK_LENGTH
+ /* Check length */
+ if (pwdata->length < KPWD_MIN_PWD_LENGTH) {
+ pwret = 0;
+ *supp = KADM_PWD_TOO_SHORT;
+ DPRINT(DEBUG_CALLS, debug_level,
+ ("* passwd_check_npass_ok() - TOO SHORT\n"));
+ }
+#endif /* KPWD_CHECK_LENGTH */
+
+#if KPWD_CHECK_WEAKNESS
+ /* Check weakness of keys generated by password */
+ if (key_pwd_is_weak(kcontext,
+ princ,
+ pwdata,
+ dbentp->salt_type,
+ dbentp->alt_salt_type)) {
+ pwret = 0;
+ *supp = KADM_PWD_WEAK;
+ DPRINT(DEBUG_CALLS, debug_level,
+ ("* passwd_check_npass_ok() - WEAK\n"));
+ }
+#endif /* KPWD_CHECK_WEAKNESS */
+
+ DPRINT(DEBUG_CALLS, debug_level,
+ ("X passwd_check_npass_ok() = %d\n", pwret));
+ return(pwret);
+}
projects / krb5.git / commitdiff