------------------------------------------------------------------------
r22323 | ghudson | 2009-05-07 15:51:46 -0400 (Thu, 07 May 2009) | 8 lines
Changed paths:
M /trunk/src/lib/kadm5/srv/svr_policy.c
M /trunk/src/lib/kadm5/unit-test/api.0/crte-policy.exp
M /trunk/src/lib/kadm5/unit-test/api.2/crte-policy.exp
ticket: 6482
subject: Allow more than 10 past keys to be stored by a policy
target_version: 1.7
tags: pullup
Remove the arbitrary limit of 10 past keys in policies. We were not
taking advantage of that limit in any other code.
ticket: 6482
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22338
dc483132-0cff-0310-8789-
dd5450dbe970
#include <string.h>
#include <errno.h>
-#define MAX_PW_HISTORY 10
#define MIN_PW_HISTORY 1
#define MIN_PW_CLASSES 1
#define MAX_PW_CLASSES 5
if (!(mask & KADM5_PW_HISTORY_NUM))
pent.pw_history_num = MIN_PW_HISTORY;
else {
- if(entry->pw_history_num < MIN_PW_HISTORY ||
- entry->pw_history_num > MAX_PW_HISTORY)
+ if(entry->pw_history_num < MIN_PW_HISTORY)
return KADM5_BAD_HISTORY;
else
pent.pw_history_num = entry->pw_history_num;
p->pw_min_classes = entry->pw_min_classes;
}
if ((mask & KADM5_PW_HISTORY_NUM)) {
- if(entry->pw_history_num < MIN_PW_HISTORY ||
- entry->pw_history_num > MAX_PW_HISTORY) {
+ if(entry->pw_history_num < MIN_PW_HISTORY) {
krb5_db_free_policy(handle->context, p);
return KADM5_BAD_HISTORY;
}
}
test21
-# Description: (21.5) Rejects 11 for pw_history_num.
-# 01/24/94: pshuang: untried.
-
-test "create-policy 21.5"
-proc test215 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
-
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 0 11 0} \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_HISTORY_NUM}
- } $test] "BAD_HISTORY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test215
-
-
# Description: (22) Fails for user with no access bits.
test "create-policy 22"
proc test22 {} {
}
test21
-# Description: (21.5) Rejects 11 for pw_history_num.
-# 01/24/94: pshuang: untried.
-
-test "create-policy 21.5"
-proc test215 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
-
- one_line_fail_test [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 11 0} \
- {KADM5_POLICY KADM5_PW_HISTORY_NUM}
- } $test] "BAD_HISTORY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test215
-
-
# Description: (22) Fails for user with no access bits.
test "create-policy 22"
proc test22 {} {
projects / krb5.git / commitdiff