From a103731c6350cd9b5106ac29b1f4651f11328266 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 8 Oct 2002 20:53:29 +0000 Subject: [PATCH] principal can't specify ks_tuples changing own passwd Thanks, the patch has been applied and will appear in a future release. * misc.c (chpass_principal_wrapper_3): Renamed from chpass_principal_wrapper; calls chpass_principal_3 now. (randkey_principal_wrapper_3): Renamed from randkey_principal_wrapper; calls randkey_principal_3 now. Patch from Ben Cox. * server_stubs.c (chpass_principal_1_svc) (chpass_principal3_1_svc): Call chpass_principal_wrapper_3. (chrand_principal_1_svc, chrand_principal3_1_svc): Call randkey_principal_wrapper_3. Patch from Ben Cox. ticket: 1207 version_reported: 1.2.6 target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14915 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/server/ChangeLog | 13 +++++++++++ src/kadmin/server/misc.c | 39 ++++++++++++++++++++++++-------- src/kadmin/server/server_stubs.c | 22 +++++++++++------- 3 files changed, 56 insertions(+), 18 deletions(-) diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index 7297d89ed..55bc680de 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,16 @@ +2002-10-08 Tom Yu + + * misc.c (chpass_principal_wrapper_3): Renamed from + chpass_principal_wrapper; calls chpass_principal_3 now. + (randkey_principal_wrapper_3): Renamed from + randkey_principal_wrapper; calls randkey_principal_3 now. Patch + from Ben Cox. + + * server_stubs.c (chpass_principal_1_svc) + (chpass_principal3_1_svc): Call chpass_principal_wrapper_3. + (chrand_principal_1_svc, chrand_principal3_1_svc): Call + randkey_principal_wrapper_3. Patch from Ben Cox. + 2002-08-29 Ken Raeburn * Makefile.in: Revert $(S)=>/ change, for Windows support. diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c index 9a9c7668a..f4c7317d9 100644 --- a/src/kadmin/server/misc.c +++ b/src/kadmin/server/misc.c @@ -9,7 +9,7 @@ #include "misc.h" /* - * Function: chpass_principal_wrapper + * Function: chpass_principal_wrapper_3 * * Purpose: wrapper to kadm5_chpass_principal that checks to see if * pw_min_life has been reached. if not it returns an error. @@ -18,7 +18,11 @@ * Arguments: * principal (input) krb5_principals whose password we are * changing - * passoword (input) password we are going to change to. + * keepold (input) whether to preserve old keys + * n_ks_tuple (input) the number of key-salt tuples in ks_tuple + * ks_tuple (input) array of tuples indicating the caller's + * requested enctypes/salttypes + * password (input) password we are going to change to. * 0 on success error code on failure. * * Requires: @@ -30,8 +34,12 @@ * */ kadm5_ret_t -chpass_principal_wrapper(void *server_handle, - krb5_principal principal, char *password) +chpass_principal_wrapper_3(void *server_handle, + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + char *password) { krb5_int32 now; kadm5_ret_t ret; @@ -71,12 +79,14 @@ chpass_principal_wrapper(void *server_handle, if (ret) return ret; - return kadm5_chpass_principal(server_handle, principal, password); + return kadm5_chpass_principal_3(server_handle, principal, + keepold, n_ks_tuple, ks_tuple, + password); } /* - * Function: randkey_principal_wrapper + * Function: randkey_principal_wrapper_3 * * Purpose: wrapper to kadm5_randkey_principal which checks the passwords min. life. @@ -84,6 +94,10 @@ chpass_principal_wrapper(void *server_handle, * Arguments: * principal (input) krb5_principal whose password we are * changing + * keepold (input) whether to preserve old keys + * n_ks_tuple (input) the number of key-salt tuples in ks_tuple + * ks_tuple (input) array of tuples indicating the caller's + * requested enctypes/salttypes * key (output) new random key * 0, error code on error. * @@ -95,9 +109,12 @@ chpass_principal_wrapper(void *server_handle, * */ kadm5_ret_t -randkey_principal_wrapper(void *server_handle, - krb5_principal principal, - krb5_keyblock **keys, int *n_keys) +randkey_principal_wrapper_3(void *server_handle, + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + krb5_keyblock **keys, int *n_keys) { krb5_int32 now; @@ -137,5 +154,7 @@ randkey_principal_wrapper(void *server_handle, ret = kadm5_free_principal_ent(handle->lhandle, &princ); if (ret) return ret; - return kadm5_randkey_principal(server_handle, principal, keys, n_keys); + return kadm5_randkey_principal_3(server_handle, principal, + keepold, n_ks_tuple, ks_tuple, + keys, n_keys); } diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index a8bd5ce52..d087e0d3d 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -689,8 +689,8 @@ chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp) } if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) { - ret.code = chpass_principal_wrapper((void *)handle, arg->princ, - arg->pass); + ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, + FALSE, 0, NULL, arg->pass); } else if (!(CHANGEPW_SERVICE(rqstp)) && acl_check(handle->context, rqstp->rq_clntcred, ACL_CHANGEPW, arg->princ, NULL)) { @@ -750,8 +750,11 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp) } if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) { - ret.code = chpass_principal_wrapper((void *)handle, arg->princ, - arg->pass); + ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, + arg->keepold, + arg->n_ks_tuple, + arg->ks_tuple, + arg->pass); } else if (!(CHANGEPW_SERVICE(rqstp)) && acl_check(handle->context, rqstp->rq_clntcred, ACL_CHANGEPW, arg->princ, NULL)) { @@ -997,8 +1000,8 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp) } if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) { - ret.code = randkey_principal_wrapper((void *)handle, - arg->princ, &k, &nkeys); + ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ, + FALSE, 0, NULL, &k, &nkeys); } else if (!(CHANGEPW_SERVICE(rqstp)) && acl_check(handle->context, rqstp->rq_clntcred, ACL_CHANGEPW, arg->princ, NULL)) { @@ -1073,8 +1076,11 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp) } if (cmp_gss_krb5_name(handle, rqstp->rq_clntcred, arg->princ)) { - ret.code = randkey_principal_wrapper((void *)handle, - arg->princ, &k, &nkeys); + ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ, + arg->keepold, + arg->n_ks_tuple, + arg->ks_tuple, + &k, &nkeys); } else if (!(CHANGEPW_SERVICE(rqstp)) && acl_check(handle->context, rqstp->rq_clntcred, ACL_CHANGEPW, arg->princ, NULL)) { -- 2.26.2