* svr_principal.c: update for new pw_expiration semantics
authorBarry Jaspan <bjaspan@mit.edu>
Thu, 17 Oct 1996 20:23:53 +0000 (20:23 +0000)
committerBarry Jaspan <bjaspan@mit.edu>
Thu, 17 Oct 1996 20:23:53 +0000 (20:23 +0000)
  [krb5-admin/87]

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9189 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/kadm5/srv/ChangeLog
src/lib/kadm5/srv/svr_principal.c

index 0132ec9f2dbd43f9e12c69e480174dea6e5aa783..5bfe96b205ba9e42bc2d367d34422bf1e5e6ff18 100644 (file)
@@ -1,3 +1,8 @@
+Thu Oct 17 16:22:07 1996  Barry Jaspan  <bjaspan@mit.edu>
+
+       * svr_principal.c: update for new pw_expiration semantics
+       [krb5-admin/87]
+
 Tue Oct  8 13:33:48 1996  Barry Jaspan  <bjaspan@mit.edu>
 
        * adb_policy.c (osa_adb_rename_policy_db): rename
index 5bb1cbbbb909d08d564b58296162845efccd7986..df9e34925426b6f276d27e2036c1cca3b24974af 100644 (file)
@@ -194,16 +194,9 @@ kadm5_create_principal(void *server_handle,
        else
            kdb.pw_expiration = 0;
     }
-    if ((mask & KADM5_PW_EXPIRATION)) {
-       if(!kdb.pw_expiration)
-           kdb.pw_expiration = entry->pw_expiration;
-       else {
-           if(entry->pw_expiration != 0)
-               kdb.pw_expiration = (entry->pw_expiration < kdb.pw_expiration) ?
-                   entry->pw_expiration : kdb.pw_expiration;
-       }
-    }
-
+    if ((mask & KADM5_PW_EXPIRATION))
+        kdb.pw_expiration = entry->pw_expiration;
+    
     kdb.last_success = 0;
     kdb.last_failed = 0;
     kdb.fail_auth_count = 0;
@@ -393,98 +386,88 @@ kadm5_modify_principal(void *server_handle,
      */
 
     if ((mask & KADM5_POLICY)) {
-       ret = kadm5_get_policy(handle->lhandle, entry->policy, &npol);
-       switch(ret) {
-       case EINVAL:
-           ret = KADM5_BAD_POLICY;
-           break;
-       case KADM5_UNK_POLICY:
-       case KADM5_BAD_POLICY:
-           ret =  KADM5_UNK_POLICY;
-           goto done;
-           break;
-       case KADM5_OK:
-           have_npol = 1;
-           if(adb.aux_attributes & KADM5_POLICY) {
-               if(strcmp(adb.policy, entry->policy)) {
-                   ret = kadm5_get_policy(handle->lhandle,
-                                          adb.policy, &opol);
-                   switch(ret) {
-                   case EINVAL:
-                   case KADM5_BAD_POLICY:
-                   case KADM5_UNK_POLICY:
+        /* get the new policy */
+        ret = kadm5_get_policy(handle->lhandle, entry->policy, &npol);
+        if (ret) {
+             switch (ret) {
+             case EINVAL:
+                  ret = KADM5_BAD_POLICY;
+                  break;
+             case KADM5_UNK_POLICY:
+             case KADM5_BAD_POLICY:
+                  ret =  KADM5_UNK_POLICY;
+                  break;
+             }
+             goto done;
+        }
+        have_npol = 1;
+
+        /* if we already have a policy, get it to decrement the refcnt */
+        if(adb.aux_attributes & KADM5_POLICY) {
+             /* ... but not if the old and new are the same */
+             if(strcmp(adb.policy, entry->policy)) {
+                  ret = kadm5_get_policy(handle->lhandle,
+                                         adb.policy, &opol);
+                  switch(ret) {
+                  case EINVAL:
+                  case KADM5_BAD_POLICY:
+                  case KADM5_UNK_POLICY:
                        break;
-                   case KADM5_OK:
+                  case KADM5_OK:
                        have_opol = 1;
                        opol.policy_refcnt--;
                        break;
-                   default:
+                  default:
                        goto done;
                        break;
-                   }
-                   npol.policy_refcnt++;
-               }
-           } else npol.policy_refcnt++;
-           adb.aux_attributes |= KADM5_POLICY;
-           if (adb.policy)
-                free(adb.policy);
-           adb.policy = strdup(entry->policy);
-           if (npol.pw_max_life) {
-               if (ret =
-                   krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
-                                                   &(kdb.pw_expiration)))
-                   goto done;
-               kdb.pw_expiration += npol.pw_max_life;
-           } else {
-               kdb.pw_expiration = 0;
-           }
-           break;
-       default:
-           goto done;
-       }
-       if ((mask & KADM5_PW_EXPIRATION)) {
-           if(kdb.pw_expiration == 0)
-               kdb.pw_expiration = entry->pw_expiration;
-           else if(entry->pw_expiration != 0)
-               kdb.pw_expiration = (entry->pw_expiration < kdb.pw_expiration) ?
-                                   entry->pw_expiration : kdb.pw_expiration;
-       }
-    }
-    if ((mask & KADM5_PW_EXPIRATION) && !(mask & KADM5_POLICY)) {
-           if(kdb.pw_expiration == 0)
-               kdb.pw_expiration = entry->pw_expiration;
-           else if(entry->pw_expiration != 0)
-               kdb.pw_expiration = (entry->pw_expiration < kdb.pw_expiration) ?
-                                   entry->pw_expiration : kdb.pw_expiration;
+                  }
+                  npol.policy_refcnt++;
+             }
+        } else npol.policy_refcnt++;
+
+        /* set us up to use the new policy */
+        adb.aux_attributes |= KADM5_POLICY;
+        if (adb.policy)
+             free(adb.policy);
+        adb.policy = strdup(entry->policy);
+
+        /* set pw_max_life based on new policy */
+        if (npol.pw_max_life) {
+             if (ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
+                                                       &(kdb.pw_expiration)))
+                  goto done;
+             kdb.pw_expiration += npol.pw_max_life;
+        } else {
+             kdb.pw_expiration = 0;
+        }
     }
 
-    if ((mask & KADM5_POLICY_CLR)) {
-       if (adb.aux_attributes & KADM5_POLICY) {
-           adb.aux_attributes &= ~KADM5_POLICY;
-           kdb.pw_expiration = 0;
-           ret = kadm5_get_policy(handle->lhandle, adb.policy, &opol);
-           switch(ret) {
-           case EINVAL:
-           case KADM5_BAD_POLICY:
-           case KADM5_UNK_POLICY:
-               ret = KADM5_BAD_DB;
-               goto done;
-               break;
-           case KADM5_OK:
-               have_opol = 1;
-               if (adb.policy)
-                    free(adb.policy);
-               adb.policy = NULL;
-               opol.policy_refcnt--;
-               break;
-           default:
-               goto done;
-               break;
-           }
-       }
+    if ((mask & KADM5_POLICY_CLR) &&
+       (adb.aux_attributes & KADM5_POLICY)) {
+        ret = kadm5_get_policy(handle->lhandle, adb.policy, &opol);
+        switch(ret) {
+        case EINVAL:
+        case KADM5_BAD_POLICY:
+        case KADM5_UNK_POLICY:
+             ret = KADM5_BAD_DB;
+             goto done;
+             break;
+        case KADM5_OK:
+             have_opol = 1;
+             if (adb.policy)
+                  free(adb.policy);
+             adb.policy = NULL;
+             adb.aux_attributes &= ~KADM5_POLICY;
+             kdb.pw_expiration = 0;
+             opol.policy_refcnt--;
+             break;
+        default:
+             goto done;
+             break;
+        }
     }
-    if (((mask & KADM5_POLICY) ||
-        (mask & KADM5_POLICY_CLR)) &&
+
+    if (((mask & KADM5_POLICY) || (mask & KADM5_POLICY_CLR)) &&
        (((have_opol) &&
          (ret =
           kadm5_modify_policy_internal(handle->lhandle, &opol,
@@ -501,8 +484,8 @@ kadm5_modify_principal(void *server_handle,
        kdb.max_life = entry->max_life;
     if ((mask & KADM5_PRINC_EXPIRE_TIME))
        kdb.expiration = entry->princ_expire_time;
-    /* the pw_expiration logic would go here if it wasn't spread
-       all over the policy code */
+    if (mask & KADM5_PW_EXPIRATION)
+        kdb.pw_expiration = entry->pw_expiration;
     if (mask & KADM5_MAX_RLIFE)
         kdb.max_renewable_life = entry->max_renewable_life;
     if (mask & KADM5_FAIL_AUTH_COUNT)