Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
Path: blob/main/crypto/heimdal/lib/kadm5/chpass_s.c
107833 views
1
/*
2
* Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
3
* (Royal Institute of Technology, Stockholm, Sweden).
4
* All rights reserved.
5
*
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
8
* are met:
9
*
10
* 1. Redistributions of source code must retain the above copyright
11
* notice, this list of conditions and the following disclaimer.
12
*
13
* 2. Redistributions in binary form must reproduce the above copyright
14
* notice, this list of conditions and the following disclaimer in the
15
* documentation and/or other materials provided with the distribution.
16
*
17
* 3. Neither the name of the Institute nor the names of its contributors
18
* may be used to endorse or promote products derived from this software
19
* without specific prior written permission.
20
*
21
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31
* SUCH DAMAGE.
32
*/
33
34
#include "kadm5_locl.h"
35
36
RCSID("$Id$");
37
38
static kadm5_ret_t
39
change(void *server_handle,
40
krb5_principal princ,
41
const char *password,
42
int cond)
43
{
44
kadm5_server_context *context = server_handle;
45
hdb_entry_ex ent;
46
kadm5_ret_t ret;
47
Key *keys;
48
size_t num_keys;
49
int existsp = 0;
50
51
memset(&ent, 0, sizeof(ent));
52
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
53
if(ret)
54
return ret;
55
56
ret = context->db->hdb_fetch_kvno(context->context, context->db, princ,
57
HDB_F_DECRYPT|HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent);
58
if(ret)
59
goto out;
60
61
ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
62
if (ret)
63
goto out;
64
65
if (context->db->hdb_capability_flags & HDB_CAP_F_HANDLE_PASSWORDS) {
66
ret = context->db->hdb_password(context->context, context->db,
67
&ent, password, cond);
68
if (ret)
69
goto out2;
70
} else {
71
72
num_keys = ent.entry.keys.len;
73
keys = ent.entry.keys.val;
74
75
ent.entry.keys.len = 0;
76
ent.entry.keys.val = NULL;
77
78
ret = _kadm5_set_keys(context, &ent.entry, password);
79
if(ret) {
80
_kadm5_free_keys (context->context, num_keys, keys);
81
goto out2;
82
}
83
84
if (cond)
85
existsp = _kadm5_exists_keys (ent.entry.keys.val,
86
ent.entry.keys.len,
87
keys, num_keys);
88
_kadm5_free_keys (context->context, num_keys, keys);
89
90
if (existsp) {
91
ret = KADM5_PASS_REUSE;
92
krb5_set_error_message(context->context, ret,
93
"Password reuse forbidden");
94
goto out2;
95
}
96
97
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
98
if (ret)
99
goto out2;
100
}
101
ent.entry.kvno++;
102
103
ret = _kadm5_set_modifier(context, &ent.entry);
104
if(ret)
105
goto out2;
106
107
ret = _kadm5_bump_pw_expire(context, &ent.entry);
108
if (ret)
109
goto out2;
110
111
ret = context->db->hdb_store(context->context, context->db,
112
HDB_F_REPLACE, &ent);
113
if (ret)
114
goto out2;
115
116
kadm5_log_modify (context,
117
&ent.entry,
118
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
119
KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
120
KADM5_TL_DATA);
121
122
out2:
123
hdb_free_entry(context->context, &ent);
124
out:
125
context->db->hdb_close(context->context, context->db);
126
return _kadm5_error_code(ret);
127
}
128
129
130
131
/*
132
* change the password of `princ' to `password' if it's not already that.
133
*/
134
135
kadm5_ret_t
136
kadm5_s_chpass_principal_cond(void *server_handle,
137
krb5_principal princ,
138
const char *password)
139
{
140
return change (server_handle, princ, password, 1);
141
}
142
143
/*
144
* change the password of `princ' to `password'
145
*/
146
147
kadm5_ret_t
148
kadm5_s_chpass_principal(void *server_handle,
149
krb5_principal princ,
150
const char *password)
151
{
152
return change (server_handle, princ, password, 0);
153
}
154
155
/*
156
* change keys for `princ' to `keys'
157
*/
158
159
kadm5_ret_t
160
kadm5_s_chpass_principal_with_key(void *server_handle,
161
krb5_principal princ,
162
int n_key_data,
163
krb5_key_data *key_data)
164
{
165
kadm5_server_context *context = server_handle;
166
hdb_entry_ex ent;
167
kadm5_ret_t ret;
168
169
memset(&ent, 0, sizeof(ent));
170
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
171
if(ret)
172
return ret;
173
ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, 0,
174
HDB_F_GET_ANY|HDB_F_ADMIN_DATA, &ent);
175
if(ret)
176
goto out;
177
ret = hdb_add_current_keys_to_history(context->context, &ent.entry);
178
if (ret)
179
goto out2;
180
ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data);
181
if(ret)
182
goto out2;
183
ent.entry.kvno++;
184
ret = _kadm5_set_modifier(context, &ent.entry);
185
if(ret)
186
goto out2;
187
ret = _kadm5_bump_pw_expire(context, &ent.entry);
188
if (ret)
189
goto out2;
190
191
ret = hdb_seal_keys(context->context, context->db, &ent.entry);
192
if (ret)
193
goto out2;
194
195
ret = context->db->hdb_store(context->context, context->db,
196
HDB_F_REPLACE, &ent);
197
if (ret)
198
goto out2;
199
200
kadm5_log_modify (context,
201
&ent.entry,
202
KADM5_PRINCIPAL | KADM5_MOD_NAME | KADM5_MOD_TIME |
203
KADM5_KEY_DATA | KADM5_KVNO | KADM5_PW_EXPIRATION |
204
KADM5_TL_DATA);
205
206
out2:
207
hdb_free_entry(context->context, &ent);
208
out:
209
context->db->hdb_close(context->context, context->db);
210
return _kadm5_error_code(ret);
211
}
212
213