From bbabacbf092958c7e9c0e61f8929330cf5671625 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 27 Oct 2004 22:12:48 +0000 Subject: [PATCH] * misc.c, misc.h: New function check_min_life(), containing common code from wrapper functions. New function chpass_util_wrapper(), which does min_life checking prior to calling kadm5_chpass_principal_util(). * schpw.c (process_chpw_request): Call chpass_util_wrapper(). ticket: 1335 component: krb5-admin git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16841 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/server/ChangeLog | 9 +++++ src/kadmin/server/misc.c | 69 +++++++++++++++++-------------------- src/kadmin/server/misc.h | 7 ++++ src/kadmin/server/schpw.c | 4 +-- 4 files changed, 49 insertions(+), 40 deletions(-) diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index df708f813..c7d75b3d5 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,12 @@ +2004-10-27 Tom Yu + + * misc.c, misc.h: New function check_min_life(), containing common + code from wrapper functions. New function chpass_util_wrapper(), + which does min_life checking prior to calling + kadm5_chpass_principal_util(). + + * schpw.c (process_chpw_request): Call chpass_util_wrapper(). + 2004-09-21 Tom Yu * ovsec_kadmd.c (kadm_svc_run): Don't use rpc_dtablesize(). diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c index f4c7317d9..06e8c36be 100644 --- a/src/kadmin/server/misc.c +++ b/src/kadmin/server/misc.c @@ -41,44 +41,12 @@ chpass_principal_wrapper_3(void *server_handle, krb5_key_salt_tuple *ks_tuple, char *password) { - krb5_int32 now; kadm5_ret_t ret; - kadm5_policy_ent_rec pol; - kadm5_principal_ent_rec princ; - kadm5_server_handle_t handle = server_handle; - ret = krb5_timeofday(handle->context, &now); + ret = check_min_life(server_handle, principal); if (ret) - return ret; - - ret = kadm5_get_principal(handle->lhandle, principal, - &princ, KADM5_PRINCIPAL_NORMAL_MASK); - if(ret != KADM5_OK) return ret; - if(princ.aux_attributes & KADM5_POLICY) { - if((ret=kadm5_get_policy(handle->lhandle, - princ.policy, &pol)) != KADM5_OK) { - (void) kadm5_free_principal_ent(handle->lhandle, &princ); - return ret; - } - if((now - princ.last_pwd_change) < pol.pw_min_life && - !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { - (void) kadm5_free_policy_ent(handle->lhandle, &pol); - (void) kadm5_free_principal_ent(handle->lhandle, &princ); - return KADM5_PASS_TOOSOON; - } - - ret = kadm5_free_policy_ent(handle->lhandle, &pol); - if (ret) { - (void) kadm5_free_principal_ent(handle->lhandle, &princ); - return ret; - } - } - ret = kadm5_free_principal_ent(handle->lhandle, &princ); - if (ret) - return ret; - return kadm5_chpass_principal_3(server_handle, principal, keepold, n_ks_tuple, ks_tuple, password); @@ -89,7 +57,7 @@ chpass_principal_wrapper_3(void *server_handle, * Function: randkey_principal_wrapper_3 * * Purpose: wrapper to kadm5_randkey_principal which checks the - passwords min. life. + * password's min. life. * * Arguments: * principal (input) krb5_principal whose password we are @@ -116,7 +84,35 @@ randkey_principal_wrapper_3(void *server_handle, krb5_key_salt_tuple *ks_tuple, krb5_keyblock **keys, int *n_keys) { + kadm5_ret_t ret; + + ret = check_min_life(server_handle, principal); + if (ret) + return ret; + return kadm5_randkey_principal_3(server_handle, principal, + keepold, n_ks_tuple, ks_tuple, + keys, n_keys); +} + +kadm5_ret_t +chpass_util_wrapper(void *server_handle, krb5_principal princ, + char *new_pw, char **ret_pw, + char *msg_ret, unsigned int msg_len) +{ + kadm5_ret_t ret; + + ret = check_min_life(server_handle, princ); + if (ret) + return ret; + return kadm5_chpass_principal_util(server_handle, princ, + new_pw, ret_pw, + msg_ret, msg_len); +} + +kadm5_ret_t +check_min_life(void *server_handle, krb5_principal principal) +{ krb5_int32 now; kadm5_ret_t ret; kadm5_policy_ent_rec pol; @@ -153,8 +149,5 @@ randkey_principal_wrapper_3(void *server_handle, ret = kadm5_free_principal_ent(handle->lhandle, &princ); if (ret) - return ret; - return kadm5_randkey_principal_3(server_handle, principal, - keepold, n_ks_tuple, ks_tuple, - keys, n_keys); + return ret; } diff --git a/src/kadmin/server/misc.h b/src/kadmin/server/misc.h index e50725593..be7a53f66 100644 --- a/src/kadmin/server/misc.h +++ b/src/kadmin/server/misc.h @@ -19,6 +19,13 @@ randkey_principal_wrapper_3(void *server_handle, krb5_key_salt_tuple *ks_tuple, krb5_keyblock **keys, int *n_keys); +kadm5_ret_t +chpass_util_wrapper(void *server_handle, krb5_principal princ, + char *new_pw, char **ret_pw, + char *msg_ret, unsigned int msg_len); + +kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal); + kadm5_ret_t kadm5_get_principal_v1(void *server_handle, krb5_principal principal, kadm5_principal_ent_t_v1 *ent); diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index 2a0fe9d87..372b7127c 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -249,8 +249,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, memcpy(ptr, clear.data, clear.length); ptr[clear.length] = '\0'; - ret = kadm5_chpass_principal_util(server_handle, ticket->enc_part2->client, - ptr, NULL, strresult, sizeof(strresult)); + ret = chpass_util_wrapper(server_handle, ticket->enc_part2->client, + ptr, NULL, strresult, sizeof(strresult)); /* zap the password */ memset(clear.data, 0, clear.length); -- 2.26.2