From: Apple <opensource@apple.com>
Date: Tue, 7 Jan 2014 20:31:49 +0000 (+0000)
Subject: securityd-55199.2.tar.gz
X-Git-Tag: v55199.2^0
X-Git-Url: https://git.saurik.com/apple/securityd.git/commitdiff_plain/db4c3c4756ce3fa3e71b7a25ebba184bf4c036f1

securityd-55199.2.tar.gz
---

diff --git a/src/kcdatabase.cpp b/src/kcdatabase.cpp
index c9c1fe2..5899fbe 100644
--- a/src/kcdatabase.cpp
+++ b/src/kcdatabase.cpp
@@ -89,6 +89,14 @@ unlock_keybag(KeychainDbCommon & dbCommon, const void * secret, int secret_len)
                 rc = service_client_kb_change_secret(&context, encKey.data(), (int)encKey.length(), secret, secret_len);
             }
 
+            if (rc != 0) {
+                CssmAutoData masterKey(Allocator::standard(Allocator::sensitive));
+                masterKey = dbCommon.masterKey()->keyData();
+                if ((rc = service_client_kb_unlock(&context, masterKey.data(), (int)masterKey.length())) == 0) {
+                    rc = service_client_kb_change_secret(&context, masterKey.data(), (int)masterKey.length(), secret, secret_len);
+                }
+            }
+
             if (rc != 0) { // if a login.keychain password exists but doesnt on the keybag update it
                 bool no_pin = false;
                 if ((secret_len > 0) && service_client_kb_is_locked(&context, NULL, &no_pin) == 0) {