From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 22 Mar 2022 23:41:13 +0000 (+0100)
Subject: s4:kdc: add old and older keys to sdb_entry
X-Git-Tag: tevent-0.12.0~286
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f28a9481f45903d9d7a405f89ead314dbebd775;p=thirdparty%2Fsamba.git

s4:kdc: add old and older keys to sdb_entry

This is the first step to return the password history
in order to avoid badPwdCount updates for failing
pre-authentication with passwords from the recent history.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/sdb.c b/source4/kdc/sdb.c
index 41fb9640e98..0b8065b4934 100644
--- a/source4/kdc/sdb.c
+++ b/source4/kdc/sdb.c
@@ -79,6 +79,8 @@ void sdb_entry_free(struct sdb_entry *s)
 	krb5_free_principal(NULL, s->principal);
 
 	sdb_keys_free(&s->keys);
+	sdb_keys_free(&s->old_keys);
+	sdb_keys_free(&s->older_keys);
 	krb5_free_principal(NULL, s->created_by.principal);
 	if (s->modified_by) {
 		krb5_free_principal(NULL, s->modified_by->principal);
diff --git a/source4/kdc/sdb.h b/source4/kdc/sdb.h
index 6b8cba6c94a..d7c34dc4bd8 100644
--- a/source4/kdc/sdb.h
+++ b/source4/kdc/sdb.h
@@ -84,6 +84,8 @@ struct sdb_entry {
 	krb5_principal principal;
 	unsigned int kvno;
 	struct sdb_keys keys;
+	struct sdb_keys old_keys;
+	struct sdb_keys older_keys;
 	struct sdb_event created_by;
 	struct sdb_event *modified_by;
 	time_t *valid_start;