From e44bb1be0949c251f4c357ef2e7f998e754b0b9b Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 24 Jun 2011 20:12:28 +0000 Subject: [PATCH] Make fewer db lookups in kadm5_create_principal_3 By creating the password history entry earlier in the function, we can avoid the need to look up the principal entry twice just to save a copy of the key data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24990 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/kadm5/srv/svr_principal.c | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 3dcac0d43..464d5e8e4 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -1367,7 +1367,7 @@ kadm5_chpass_principal_3(void *server_handle, krb5_int32 now; kadm5_policy_ent_rec pol; osa_princ_ent_rec adb; - krb5_db_entry *kdb, *kdb_save; + krb5_db_entry *kdb; int ret, ret2, last_pwd, hist_added; int have_pol = 0; kadm5_server_handle_t handle = server_handle; @@ -1398,16 +1398,19 @@ kadm5_chpass_principal_3(void *server_handle, if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) return(ret); - /* we are going to need the current keys after the new keys are set */ - if ((ret = kdb_get_entry(handle, principal, &kdb_save, NULL))) { - kdb_free_entry(handle, kdb, &adb); - return(ret); - } - if ((adb.aux_attributes & KADM5_POLICY)) { if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, &pol))) goto done; have_pol = 1; + + /* Create a password history entry before we change kdb's key_data. */ + ret = kdb_get_hist_key(handle, &hist_keyblock, &hist_kvno); + if (ret) + goto done; + ret = create_history_entry(handle->context, &hist_keyblock, + kdb->n_key_data, kdb->key_data, &hist); + if (ret) + goto done; } if ((ret = passwd_check(handle, password, have_pol ? &pol : NULL, @@ -1456,17 +1459,6 @@ kadm5_chpass_principal_3(void *server_handle, } #endif - ret = kdb_get_hist_key(handle, &hist_keyblock, &hist_kvno); - if (ret) - goto done; - - ret = create_history_entry(handle->context, - &hist_keyblock, - kdb_save->n_key_data, - kdb_save->key_data, &hist); - if (ret) - goto done; - ret = check_pw_reuse(handle->context, &hist_keyblock, kdb->n_key_data, kdb->key_data, 1, &hist); @@ -1557,7 +1549,6 @@ done: if (!hist_added && hist.key_data) free_history_entry(handle->context, &hist); kdb_free_entry(handle, kdb, &adb); - kdb_free_entry(handle, kdb_save, NULL); krb5_free_keyblock_contents(handle->context, &hist_keyblock); if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol)) -- 2.26.2