--- a/usr/src/cmd/krb5/kadmin/server/misc.c Mon Apr 26 10:26:33 2010 -0700
+++ b/usr/src/cmd/krb5/kadmin/server/misc.c Mon Apr 26 13:42:14 2010 -0400
@@ -1,9 +1,7 @@
/*
- * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
*/
-
/*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
@@ -21,7 +19,6 @@
*
*/
-
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
@@ -30,6 +27,7 @@
#include <k5-int.h>
#include <krb5/kdb.h>
#include <kadm5/server_internal.h>
+#include <kadm5/admin.h>
#include "misc.h"
/*
@@ -67,7 +65,8 @@
{
kadm5_ret_t ret;
- ret = check_min_life(server_handle, principal, NULL, 0);
+ /* Solaris Kerberos */
+ ret = kadm5_check_min_life(server_handle, principal, NULL, 0);
if (ret)
return ret;
@@ -110,7 +109,8 @@
{
kadm5_ret_t ret;
- ret = check_min_life(server_handle, principal, NULL, 0);
+ /* Solaris Kerberos */
+ ret = kadm5_check_min_life(server_handle, principal, NULL, 0);
if (ret)
return ret;
return kadm5_randkey_principal_3(server_handle, principal,
@@ -125,7 +125,8 @@
{
kadm5_ret_t ret;
- ret = check_min_life(server_handle, princ, msg_ret, msg_len);
+ /* Solaris Kerberos */
+ ret = kadm5_check_min_life(server_handle, princ, msg_ret, msg_len);
if (ret)
return ret;
@@ -140,71 +141,10 @@
{
kadm5_ret_t ret;
- ret = check_min_life(server_handle, princ, NULL, 0);
+ /* Solaris Kerberos */
+ ret = kadm5_check_min_life(server_handle, princ, NULL, 0);
if (ret)
return ret;
return kadm5_randkey_principal(server_handle, princ, keys, n_keys);
}
-
-kadm5_ret_t
-check_min_life(void *server_handle, krb5_principal principal,
- char *msg_ret, unsigned int msg_len)
-{
- krb5_int32 now;
- kadm5_ret_t ret;
- kadm5_policy_ent_rec pol;
- kadm5_principal_ent_rec princ;
- kadm5_server_handle_t handle = server_handle;
-
- if (msg_ret != NULL)
- *msg_ret = '\0';
-
- ret = krb5_timeofday(handle->context, &now);
- if (ret)
- return ret;
-
- ret = kadm5_get_principal(handle->lhandle, principal,
- &princ, KADM5_PRINCIPAL_NORMAL_MASK);
- if(ret)
- return ret;
- if(princ.aux_attributes & KADM5_POLICY) {
- if((ret=kadm5_get_policy(handle->lhandle,
- princ.policy, &pol)) != KADM5_OK) {
- (void) kadm5_free_principal_ent(handle->lhandle, &princ);
- return ret;
- }
- if((now - princ.last_pwd_change) < pol.pw_min_life &&
- !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
- if (msg_ret != NULL) {
- time_t until;
- char *time_string, *ptr, *errstr;
-
- until = princ.last_pwd_change + pol.pw_min_life;
-
- time_string = ctime(&until);
- errstr = (char *)error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
-
- if (strlen(errstr) + strlen(time_string) >= msg_len) {
- *errstr = '\0';
- } else {
- if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
- *ptr = '\0';
- sprintf(msg_ret, errstr, time_string);
- }
- }
-
- (void) kadm5_free_policy_ent(handle->lhandle, &pol);
- (void) kadm5_free_principal_ent(handle->lhandle, &princ);
- return KADM5_PASS_TOOSOON;
- }
-
- ret = kadm5_free_policy_ent(handle->lhandle, &pol);
- if (ret) {
- (void) kadm5_free_principal_ent(handle->lhandle, &princ);
- return ret;
- }
- }
-
- return kadm5_free_principal_ent(handle->lhandle, &princ);
-}
--- a/usr/src/cmd/krb5/kadmin/server/misc.h Mon Apr 26 10:26:33 2010 -0700
+++ b/usr/src/cmd/krb5/kadmin/server/misc.h Mon Apr 26 13:42:14 2010 -0400
@@ -1,6 +1,5 @@
/*
- * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _MISC_H
@@ -55,9 +54,6 @@
char *new_pw, char **ret_pw,
char *msg_ret, unsigned int msg_len);
-kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal,
- char *msg_ret, unsigned int msg_len);
-
kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
krb5_principal principal,
kadm5_principal_ent_t_v1 *ent);
--- a/usr/src/lib/krb5/kadm5/admin.h Mon Apr 26 10:26:33 2010 -0700
+++ b/usr/src/lib/krb5/kadm5/admin.h Mon Apr 26 13:42:14 2010 -0400
@@ -1,6 +1,5 @@
/*
- * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef __KADM5_ADMIN_H__
@@ -433,6 +432,10 @@
kadm5_ret_t kadm5_unlock(void *server_handle);
kadm5_ret_t kadm5_flush(void *server_handle);
kadm5_ret_t kadm5_destroy(void *server_handle);
+kadm5_ret_t kadm5_check_min_life(void *server_handle, /* Solaris Kerberos */
+ krb5_principal principal,
+ char *msg_ret,
+ unsigned int msg_len);
kadm5_ret_t kadm5_create_principal(void *server_handle,
kadm5_principal_ent_t ent,
long mask, char *pass);
--- a/usr/src/lib/krb5/kadm5/srv/mapfile-vers Mon Apr 26 10:26:33 2010 -0700
+++ b/usr/src/lib/krb5/kadm5/srv/mapfile-vers Mon Apr 26 13:42:14 2010 -0400
@@ -18,8 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
#
#
@@ -59,6 +58,7 @@
hist_kvno;
hist_princ;
init_dict;
+ kadm5_check_min_life;
kadm5_chpass_principal;
kadm5_chpass_principal_3;
kadm5_chpass_principal_util;
--- a/usr/src/lib/krb5/kadm5/srv/svr_principal.c Mon Apr 26 10:26:33 2010 -0700
+++ b/usr/src/lib/krb5/kadm5/srv/svr_principal.c Mon Apr 26 13:42:14 2010 -0400
@@ -1,9 +1,7 @@
/*
- * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
*/
-
/*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
@@ -21,7 +19,6 @@
*
*/
-
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
@@ -42,6 +39,9 @@
#include <string.h>
#include <stdarg.h>
#include <stdlib.h>
+#include <k5-int.h>
+#include <kadm5/server_internal.h>
+#include <kadm5/admin.h>
#ifdef USE_PASSWORD_SERVER
#include <sys/wait.h>
#endif
@@ -1350,6 +1350,10 @@
CHECK_HANDLE(server_handle);
+ /* Solaris Kerberos - kadm5_check_min_life checks for null principal. */
+ ret = kadm5_check_min_life(server_handle,principal,NULL,0);
+ if (ret)
+ return (ret);
krb5_clear_error_message(handle->context);
hist_added = 0;
@@ -2194,3 +2198,65 @@
return KADM5_OK;
}
+/* Solaris Kerberos */
+kadm5_ret_t
+kadm5_check_min_life(void *server_handle, krb5_principal principal,
+ char *msg_ret, unsigned int msg_len)
+{
+ krb5_int32 now;
+ kadm5_ret_t ret;
+ kadm5_policy_ent_rec pol;
+ kadm5_principal_ent_rec princ;
+ kadm5_server_handle_t handle = server_handle;
+
+ if (msg_ret != NULL)
+ *msg_ret = '\0';
+
+ ret = krb5_timeofday(handle->context, &now);
+ if (ret)
+ return ret;
+
+ ret = kadm5_get_principal(handle->lhandle, principal,
+ &princ, KADM5_PRINCIPAL_NORMAL_MASK);
+ if(ret)
+ return ret;
+ if(princ.aux_attributes & KADM5_POLICY) {
+ if((ret=kadm5_get_policy(handle->lhandle,
+ princ.policy, &pol)) != KADM5_OK) {
+ (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+ return ret;
+ }
+ if((now - princ.last_pwd_change) < pol.pw_min_life &&
+ !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+ if (msg_ret != NULL) {
+ time_t until;
+ char *time_string, *ptr, *errstr;
+
+ until = princ.last_pwd_change + pol.pw_min_life;
+
+ time_string = ctime(&until);
+ errstr = (char *)error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
+
+ if (strlen(errstr) + strlen(time_string) >= msg_len) {
+ *errstr = '\0';
+ } else {
+ if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
+ *ptr = '\0';
+ sprintf(msg_ret, errstr, time_string);
+ }
+ }
+
+ (void) kadm5_free_policy_ent(handle->lhandle, &pol);
+ (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+ return KADM5_PASS_TOOSOON;
+ }
+
+ ret = kadm5_free_policy_ent(handle->lhandle, &pol);
+ if (ret) {
+ (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+ return ret;
+ }
+ }
+
+ return kadm5_free_principal_ent(handle->lhandle, &princ);
+}