diff options
| author | Mark Phalan <Mark.Phalan@Sun.COM> | 2008-10-24 01:34:59 -0700 |
|---|---|---|
| committer | Mark Phalan <Mark.Phalan@Sun.COM> | 2008-10-24 01:34:59 -0700 |
| commit | 159d09a20817016f09b3ea28d1bdada4a336bb91 (patch) | |
| tree | 11f215cc1150dca61c7bf211297c0bfc38536067 /usr/src/cmd/krb5/kadmin/server/misc.c | |
| parent | 628e3cbed6489fa1db545d8524a06cd6535af456 (diff) | |
| download | illumos-joyent-159d09a20817016f09b3ea28d1bdada4a336bb91.tar.gz | |
PSARC/2008/631 Kerberos PKINIT
PSARC/2008/358 removal of kadm5.keytab
6698059 Resync with mit 1.6.3 (pkinit)
6749302 pam_krb5 auth fails with key table entry not found
Diffstat (limited to 'usr/src/cmd/krb5/kadmin/server/misc.c')
| -rw-r--r-- | usr/src/cmd/krb5/kadmin/server/misc.c | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/usr/src/cmd/krb5/kadmin/server/misc.c b/usr/src/cmd/krb5/kadmin/server/misc.c index 4daa87ee1a..40965ed1db 100644 --- a/usr/src/cmd/krb5/kadmin/server/misc.c +++ b/usr/src/cmd/krb5/kadmin/server/misc.c @@ -1,9 +1,8 @@ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" /* * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING @@ -68,7 +67,7 @@ chpass_principal_wrapper_3(void *server_handle, { kadm5_ret_t ret; - ret = check_min_life(server_handle, principal); + ret = check_min_life(server_handle, principal, NULL, 0); if (ret) return ret; @@ -111,7 +110,7 @@ randkey_principal_wrapper_3(void *server_handle, { kadm5_ret_t ret; - ret = check_min_life(server_handle, principal); + ret = check_min_life(server_handle, principal, NULL, 0); if (ret) return ret; return kadm5_randkey_principal_3(server_handle, principal, @@ -120,13 +119,13 @@ randkey_principal_wrapper_3(void *server_handle, } kadm5_ret_t -chpass_util_wrapper(void *server_handle, krb5_principal princ, - char *new_pw, char **ret_pw, - char *msg_ret, unsigned int msg_len) +schpw_util_wrapper(void *server_handle, krb5_principal princ, + char *new_pw, char **ret_pw, + char *msg_ret, unsigned int msg_len) { kadm5_ret_t ret; - ret = check_min_life(server_handle, princ); + ret = check_min_life(server_handle, princ, msg_ret, msg_len); if (ret) return ret; @@ -141,7 +140,7 @@ randkey_principal_wrapper(void *server_handle, krb5_principal princ, { kadm5_ret_t ret; - ret = check_min_life(server_handle, princ); + ret = check_min_life(server_handle, princ, NULL, 0); if (ret) return ret; @@ -149,7 +148,8 @@ randkey_principal_wrapper(void *server_handle, krb5_principal princ, } kadm5_ret_t -check_min_life(void *server_handle, krb5_principal principal) +check_min_life(void *server_handle, krb5_principal principal, + char *msg_ret, unsigned int msg_len) { krb5_int32 now; kadm5_ret_t ret; @@ -157,6 +157,9 @@ check_min_life(void *server_handle, krb5_principal principal) kadm5_principal_ent_rec princ; kadm5_server_handle_t handle = server_handle; + if (msg_ret != NULL) + *msg_ret = '\0'; + ret = krb5_timeofday(handle->context, &now); if (ret) return ret; @@ -173,6 +176,24 @@ check_min_life(void *server_handle, krb5_principal principal) } if((now - princ.last_pwd_change) < pol.pw_min_life && !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + if (msg_ret != NULL) { + time_t until; + char *time_string, *ptr, *errstr; + + until = princ.last_pwd_change + pol.pw_min_life; + + time_string = ctime(&until); + errstr = (char *)error_message(CHPASS_UTIL_PASSWORD_TOO_SOON); + + if (strlen(errstr) + strlen(time_string) >= msg_len) { + *errstr = '\0'; + } else { + if (*(ptr = &time_string[strlen(time_string)-1]) == '\n') + *ptr = '\0'; + sprintf(msg_ret, errstr, time_string); + } + } + (void) kadm5_free_policy_ent(handle->lhandle, &pol); (void) kadm5_free_principal_ent(handle->lhandle, &princ); return KADM5_PASS_TOOSOON; |