s4:kdc: add old and older keys to sdb_entry

This is the first step to return the password history
in order to avoid badPwdCount updates for failing
pre-authentication with passwords from the recent history.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/sdb.c b/source4/kdc/sdb.c
index 41fb9640e98bc139afebd4cf82096379d3ac81e1..0b8065b4934e658c11fc5066b488831a618b48cf 100644 (file)
--- a/source4/kdc/sdb.c
+++ b/source4/kdc/sdb.c
@@ -79,6 +79,8 @@ void sdb_entry_free(struct sdb_entry *s)
        krb5_free_principal(NULL, s->principal);
 
        sdb_keys_free(&s->keys);
+       sdb_keys_free(&s->old_keys);
+       sdb_keys_free(&s->older_keys);
        krb5_free_principal(NULL, s->created_by.principal);
        if (s->modified_by) {
                krb5_free_principal(NULL, s->modified_by->principal);

diff --git a/source4/kdc/sdb.h b/source4/kdc/sdb.h
index 6b8cba6c94af4ec38e779c2ef405f51882d6e1f2..d7c34dc4bd87cc9d3b6443f850ac82ed5a0134bc 100644 (file)
--- a/source4/kdc/sdb.h
+++ b/source4/kdc/sdb.h
@@ -84,6 +84,8 @@ struct sdb_entry {
        krb5_principal principal;
        unsigned int kvno;
        struct sdb_keys keys;
+       struct sdb_keys old_keys;
+       struct sdb_keys older_keys;
        struct sdb_event created_by;
        struct sdb_event *modified_by;
        time_t *valid_start;