From 24c058074066418df8d0f2c9ed0483c090e65c9b Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Mon, 11 May 2009 20:56:33 +0000 Subject: [PATCH] pull up r22323 from trunk ------------------------------------------------------------------------ r22323 | ghudson | 2009-05-07 15:51:46 -0400 (Thu, 07 May 2009) | 8 lines Changed paths: M /trunk/src/lib/kadm5/srv/svr_policy.c M /trunk/src/lib/kadm5/unit-test/api.0/crte-policy.exp M /trunk/src/lib/kadm5/unit-test/api.2/crte-policy.exp ticket: 6482 subject: Allow more than 10 past keys to be stored by a policy target_version: 1.7 tags: pullup Remove the arbitrary limit of 10 past keys in policies. We were not taking advantage of that limit in any other code. ticket: 6482 version_fixed: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22338 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/kadm5/srv/svr_policy.c | 7 ++-- src/lib/kadm5/unit-test/api.0/crte-policy.exp | 35 ------------------- src/lib/kadm5/unit-test/api.2/crte-policy.exp | 35 ------------------- 3 files changed, 2 insertions(+), 75 deletions(-) diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index 650cadf57..7add6714a 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -15,7 +15,6 @@ static char *rcsid = "$Header$"; #include #include -#define MAX_PW_HISTORY 10 #define MIN_PW_HISTORY 1 #define MIN_PW_CLASSES 1 #define MAX_PW_CLASSES 5 @@ -132,8 +131,7 @@ kadm5_create_policy_internal(void *server_handle, if (!(mask & KADM5_PW_HISTORY_NUM)) pent.pw_history_num = MIN_PW_HISTORY; else { - if(entry->pw_history_num < MIN_PW_HISTORY || - entry->pw_history_num > MAX_PW_HISTORY) + if(entry->pw_history_num < MIN_PW_HISTORY) return KADM5_BAD_HISTORY; else pent.pw_history_num = entry->pw_history_num; @@ -242,8 +240,7 @@ kadm5_modify_policy_internal(void *server_handle, p->pw_min_classes = entry->pw_min_classes; } if ((mask & KADM5_PW_HISTORY_NUM)) { - if(entry->pw_history_num < MIN_PW_HISTORY || - entry->pw_history_num > MAX_PW_HISTORY) { + if(entry->pw_history_num < MIN_PW_HISTORY) { krb5_db_free_policy(handle->context, p); return KADM5_BAD_HISTORY; } diff --git a/src/lib/kadm5/unit-test/api.0/crte-policy.exp b/src/lib/kadm5/unit-test/api.0/crte-policy.exp index e2d02a37f..e2185c76a 100644 --- a/src/lib/kadm5/unit-test/api.0/crte-policy.exp +++ b/src/lib/kadm5/unit-test/api.0/crte-policy.exp @@ -743,41 +743,6 @@ proc test21 {} { } test21 -# Description: (21.5) Rejects 11 for pw_history_num. -# 01/24/94: pshuang: untried. - -test "create-policy 21.5" -proc test215 {} { - global test - global prompt - - if {! (( ! [policy_exists "$test/a"]) || - [delete_policy "$test/a"])} { - error_and_restart "$test: couldn't delete principal \"$test/a\"" - return - } - - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - - one_line_fail_test [format { - ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 0 11 0} \ - {OVSEC_KADM_POLICY OVSEC_KADM_PW_HISTORY_NUM} - } $test] "BAD_HISTORY" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test215 - - # Description: (22) Fails for user with no access bits. test "create-policy 22" proc test22 {} { diff --git a/src/lib/kadm5/unit-test/api.2/crte-policy.exp b/src/lib/kadm5/unit-test/api.2/crte-policy.exp index f11253c2c..2c42cb43f 100644 --- a/src/lib/kadm5/unit-test/api.2/crte-policy.exp +++ b/src/lib/kadm5/unit-test/api.2/crte-policy.exp @@ -743,41 +743,6 @@ proc test21 {} { } test21 -# Description: (21.5) Rejects 11 for pw_history_num. -# 01/24/94: pshuang: untried. - -test "create-policy 21.5" -proc test215 {} { - global test - global prompt - - if {! (( ! [policy_exists "$test/a"]) || - [delete_policy "$test/a"])} { - error_and_restart "$test: couldn't delete principal \"$test/a\"" - return - } - - if {! [cmd { - kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - - one_line_fail_test [format { - kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 11 0} \ - {KADM5_POLICY KADM5_PW_HISTORY_NUM} - } $test] "BAD_HISTORY" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test215 - - # Description: (22) Fails for user with no access bits. test "create-policy 22" proc test22 {} { -- 2.26.2