From e50226d3c63e89938dcf24e8df876885b1823aa2 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 6 Jul 2011 16:33:27 +0000 Subject: [PATCH] Simplify and fix chpass_util error generation If a principal has no associated kadm5 policy, we may still get password quality errors from a module (KDB or pwqual). There was a bug in the error generation for this case which caused only a generic error to be returned. Also use snprintf() instead of multiple string operations to compose errors. From Simo Sorce . git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25014 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/kadm5/chpass_util.c | 54 ++++++++++++++----------------------- 1 file changed, 20 insertions(+), 34 deletions(-) diff --git a/src/lib/kadm5/chpass_util.c b/src/lib/kadm5/chpass_util.c index 9e8111b3c..7a7513665 100644 --- a/src/lib/kadm5/chpass_util.c +++ b/src/lib/kadm5/chpass_util.c @@ -102,12 +102,10 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, msg_ret[msg_len - 1] = '\0'; return(code); } else { - strncpy(msg_ret, error_message(code), msg_len - 1); - strncat(msg_ret, " ", msg_len - 1); - strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_READING_PASSWORD), - msg_len - 1); - strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - msg_len - 1); + snprintf(msg_ret, msg_len, "%s %s\n\n%s", + error_message(code), + string_text(CHPASS_UTIL_WHILE_READING_PASSWORD), + string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED)); msg_ret[msg_len - 1] = '\0'; return(code); } @@ -142,11 +140,10 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, (code != KADM5_PASS_REUSE) &&(code != KADM5_PASS_Q_CLASS) && (code != KADM5_PASS_Q_DICT) && (code != KADM5_PASS_TOOSOON)) { /* Can't get more info for other errors */ - snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), - string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); - snprintf(msg_ret, msg_len, "%s\n%s\n", + snprintf(msg_ret, msg_len, "%s\n%s %s\n", string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - buffer); + error_message(code), + string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); return(code); } @@ -170,32 +167,22 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, code2 = kadm5_get_principal (lhandle, princ, &princ_ent, KADM5_PRINCIPAL_NORMAL_MASK); if (code2 != 0) { - strncpy(msg_ret, error_message(code2), msg_len - 1); - strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, string_text(CHPASS_UTIL_GET_PRINC_INFO), msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE), - msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret)); + snprintf(msg_ret, msg_len, "%s %s\n%s %s\n\n%s\n", + error_message(code2), + string_text(CHPASS_UTIL_GET_PRINC_INFO), + error_message(code), + string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE), + string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED)); msg_ret[msg_len - 1] = '\0'; return(code); } if ((princ_ent.aux_attributes & KADM5_POLICY) == 0) { - strncpy(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret)); - strncpy(msg_ret, string_text(CHPASS_UTIL_NO_POLICY_YET_Q_ERROR), - msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret)); - strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - msg_len - 1 - strlen(msg_ret)); + /* Some module implements its own password policy. */ + snprintf(msg_ret, msg_len, "%s\n\n%s", + error_message(code), + string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED)); msg_ret[msg_len - 1] = '\0'; - (void) kadm5_free_principal_ent(lhandle, &princ_ent); return(code); } @@ -248,11 +235,10 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, } /* We should never get here, but just in case ... */ - snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), - string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); - snprintf(msg_ret, msg_len, "%s\n%s\n", + snprintf(msg_ret, msg_len, "%s\n%s %s\n", string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - buffer); + error_message(code), + string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); (void) kadm5_free_principal_ent(lhandle, &princ_ent); (void) kadm5_free_policy_ent(lhandle, &policy_ent); return(code); -- 2.26.2