pull up r17417 from trunk
authorTom Yu <tlyu@mit.edu>
Fri, 14 Oct 2005 23:04:41 +0000 (23:04 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 14 Oct 2005 23:04:41 +0000 (23:04 +0000)
ticket: 3092
version_fixed: 1.4.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@17432 dc483132-0cff-0310-8789-dd5450dbe970

src/kadmin/server/ChangeLog
src/kadmin/server/misc.c
src/kadmin/server/misc.h
src/kadmin/server/schpw.c

index 8b5db1f8a86204ba66774076d21e09f972e5f13f..689b4beb8565e72acdc87dc4415f2f452e955aad 100644 (file)
@@ -1,3 +1,18 @@
+2005-10-12  Tom Yu  <tlyu@mit.edu>
+
+       * misc.h, misc.c (schpw_util_wrapper): Rename from
+       chpass_util_wrapper to make functionality a little more obvious.
+
+       * schpw.c (process_chpw_request): Update for rename of
+       chpass_util_wrapper.
+
+       * misc.c (randkey_principal_wrapper_3, schpw_util_wrapper) 
+       (chpass_principal_wrapper_3): Update for check_min_life.
+
+       * misc.h, misc.c (check_min_life): Change to take return error
+       string from KADM5_PASS_TOOSOON, adapted from patch from Shawn
+       Emery.
+
 2004-10-28  Tom Yu  <tlyu@mit.edu>
 
        * misc.c (check_min_life): Actually return a value on success.
index f2afd23af44d01440f0b1a03d9d68b3248a75846..cef02286781c8791405dfaaae800f5a8d2880b1d 100644 (file)
@@ -43,7 +43,7 @@ chpass_principal_wrapper_3(void *server_handle,
 {
     kadm5_ret_t                        ret;
 
-    ret = check_min_life(server_handle, principal);
+    ret = check_min_life(server_handle, principal, NULL, 0);
     if (ret)
         return ret;
 
@@ -86,7 +86,7 @@ randkey_principal_wrapper_3(void *server_handle,
 {
     kadm5_ret_t                        ret;
 
-    ret = check_min_life(server_handle, principal);
+    ret = check_min_life(server_handle, principal, NULL, 0);
     if (ret)
         return ret;
     return kadm5_randkey_principal_3(server_handle, principal,
@@ -95,13 +95,13 @@ randkey_principal_wrapper_3(void *server_handle,
 }
 
 kadm5_ret_t
-chpass_util_wrapper(void *server_handle, krb5_principal princ,
-                   char *new_pw, char **ret_pw,
-                   char *msg_ret, unsigned int msg_len)
+schpw_util_wrapper(void *server_handle, krb5_principal princ,
+                  char *new_pw, char **ret_pw,
+                  char *msg_ret, unsigned int msg_len)
 {
     kadm5_ret_t ret;
 
-    ret = check_min_life(server_handle, princ);
+    ret = check_min_life(server_handle, princ, msg_ret, msg_len);
     if (ret)
        return ret;
 
@@ -111,7 +111,8 @@ chpass_util_wrapper(void *server_handle, krb5_principal princ,
 }
 
 kadm5_ret_t
-check_min_life(void *server_handle, krb5_principal principal)
+check_min_life(void *server_handle, krb5_principal principal,
+              char *msg_ret, unsigned int msg_len)
 {
     krb5_int32                 now;
     kadm5_ret_t                        ret;
@@ -119,6 +120,9 @@ check_min_life(void *server_handle, krb5_principal principal)
     kadm5_principal_ent_rec    princ;
     kadm5_server_handle_t      handle = server_handle;
 
+    if (msg_ret != NULL)
+       *msg_ret = '\0';
+
     ret = krb5_timeofday(handle->context, &now);
     if (ret)
        return ret;
@@ -135,6 +139,24 @@ check_min_life(void *server_handle, krb5_principal principal)
        }
        if((now - princ.last_pwd_change) < pol.pw_min_life &&
           !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+           if (msg_ret != NULL) {
+               time_t until;
+               char *time_string, *ptr, *errstr;
+
+               until = princ.last_pwd_change + pol.pw_min_life;
+
+               time_string = ctime(&until);
+               errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
+
+               if (strlen(errstr) + strlen(time_string) >= msg_len) {
+                   *errstr = '\0';
+               } else {
+                   if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
+                       *ptr = '\0';
+                   sprintf(msg_ret, errstr, time_string);
+               }
+           }
+
            (void) kadm5_free_policy_ent(handle->lhandle, &pol);
            (void) kadm5_free_principal_ent(handle->lhandle, &princ);
            return KADM5_PASS_TOOSOON;
index be7a53f66399dd20af9c5b37c962b22a9ff518e6..b519ba079e897299888db4f57bb6bb52ca6014a4 100644 (file)
@@ -20,11 +20,12 @@ randkey_principal_wrapper_3(void *server_handle,
                            krb5_keyblock **keys, int *n_keys);
 
 kadm5_ret_t
-chpass_util_wrapper(void *server_handle, krb5_principal princ,
-                   char *new_pw, char **ret_pw,
-                   char *msg_ret, unsigned int msg_len);
+schpw_util_wrapper(void *server_handle, krb5_principal princ,
+                  char *new_pw, char **ret_pw,
+                  char *msg_ret, unsigned int msg_len);
 
-kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal);
+kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal,
+                          char *msg_ret, unsigned int msg_len);
 
 kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
                                   krb5_principal principal, 
index 372b7127c2fce0757aa94e6144f665a6df2d981c..9b2ecc37497895f4e813e1d89a2f2af5b5d68083 100644 (file)
@@ -249,8 +249,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
     memcpy(ptr, clear.data, clear.length);
     ptr[clear.length] = '\0';
 
-    ret = chpass_util_wrapper(server_handle, ticket->enc_part2->client,
-                             ptr, NULL, strresult, sizeof(strresult));
+    ret = schpw_util_wrapper(server_handle, ticket->enc_part2->client,
+                            ptr, NULL, strresult, sizeof(strresult));
 
     /* zap the password */
     memset(clear.data, 0, clear.length);