xref: /illumos-gate/usr/src/cmd/krb5/kadmin/server/misc.c (revision 7c478bd9) 
1 #pragma ident	"%Z%%M%	%I%	%E% SMI"
2 
3 /*
4  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
5  *
6  *	Openvision retains the copyright to derivative works of
7  *	this source code.  Do *NOT* create a derivative of this
8  *	source code before consulting with your legal department.
9  *	Do *NOT* integrate *ANY* of this source code into another
10  *	product before consulting with your legal department.
11  *
12  *	For further information, read the top-level Openvision
13  *	copyright which is contained in the top-level MIT Kerberos
14  *	copyright.
15  *
16  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
17  *
18  */
19 
20 
21 /*
22  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
23  *
24  * $Header: /afs/athena.mit.edu/astaff/project/krbdev/.cvsroot/src/kadmin/\
25  * server/misc.c,v 1.10 1996/07/22 20:28:55 marc Exp $
26  */
27 
28 #if !defined(lint) && !defined(__CODECENTER__)
29 static char *rcsid = "$Header: /afs/athena.mit.edu/astaff/project/krbdev"
30 	"/.cvsroot/src/kadmin/server/misc.c,v 1.10 1996/07/22 20:28:55 "
31 	"marc Exp $";
32 
33 #endif
34 
35 #include    <kadm5/adb.h>
36 #include    <kadm5/server_internal.h>
37 #include    <krb5/kdb.h>
38 #include    "misc.h"
39 
40 /*
41  * Function: chpass_principal_wrapper
42  *
43  * Purpose: wrapper to kadm5_chpass_principal that checks to see if
44  *	    pw_min_life has been reached. if not it returns an error.
45  *	    otherwise it calls kadm5_chpass_principal
46  *
47  * Arguments:
48  *	principal	(input) krb5_principals whose password we are
49  *				changing
50  *	passoword	(input) passowrd we are going to change to.
51  * 	<return value>	0 on sucsess error code on failure.
52  *
53  * Requires:
54  *	kadm5_init to have been run.
55  *
56  * Effects:
57  *	calls kadm5_chpass_principal which changes the kdb and the
58  *	the admin db.
59  *
60  */
61 kadm5_ret_t
62 chpass_principal_wrapper(void *server_handle,
63     krb5_principal principal, char *password)
64 {
65 	krb5_int32 now;
66 	kadm5_ret_t ret;
67 	kadm5_policy_ent_rec pol;
68 	kadm5_principal_ent_rec princ;
69 	kadm5_server_handle_t handle = server_handle;
70 
71 	if (ret = krb5_timeofday(handle->context, &now))
72 		return (ret);
73 
74 	if ((ret = kadm5_get_principal(handle->lhandle, principal,
75 		    &princ,
76 		    KADM5_PRINCIPAL_NORMAL_MASK)) !=
77 	    KADM5_OK)
78 		return (ret);
79 	if (princ.aux_attributes & KADM5_POLICY) {
80 		if ((ret = kadm5_get_policy(handle->lhandle,
81 			    princ.policy, &pol)) != KADM5_OK) {
82 			(void) kadm5_free_principal_ent(handle->lhandle,
83 							&princ);
84 			return (ret);
85 		}
86 		if ((now - princ.last_pwd_change) < pol.pw_min_life &&
87 		    !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
88 			(void) kadm5_free_policy_ent(handle->lhandle, &pol);
89 			(void) kadm5_free_principal_ent(handle->lhandle,
90 							&princ);
91 			return (KADM5_PASS_TOOSOON);
92 		}
93 		if (ret = kadm5_free_policy_ent(handle->lhandle, &pol)) {
94 			(void) kadm5_free_principal_ent(handle->lhandle,
95 							&princ);
96 			return (ret);
97 		}
98 	}
99 	if (ret = kadm5_free_principal_ent(handle->lhandle, &princ))
100 		return (ret);
101 
102 	return (kadm5_chpass_principal(server_handle, principal, password));
103 }
104 
105 
106 /*
107  * Function: randkey_principal_wrapper
108  *
109  * Purpose: wrapper to kadm5_randkey_principal which checks the
110  *	    passwords min. life.
111  *
112  * Arguments:
113  *	principal	    (input) krb5_principal whose password we are
114  *				    changing
115  *	key		    (output) new random key
116  * 	< return value >    0, error code on error.
117  *
118  * Requires:
119  *	kadm5_init	 needs to be run
120  *
121  * Effects:
122  *	calls kadm5_randkey_principal
123  *
124  */
125 kadm5_ret_t
126 randkey_principal_wrapper(void *server_handle,
127     krb5_principal principal,
128     krb5_keyblock ** keys, int *n_keys)
129 {
130 
131 	krb5_int32 now;
132 	kadm5_ret_t ret;
133 	kadm5_policy_ent_rec pol;
134 	kadm5_principal_ent_rec princ;
135 	kadm5_server_handle_t handle = server_handle;
136 
137 	if (ret = krb5_timeofday(handle->context, &now))
138 		return (ret);
139 
140 	if ((ret = kadm5_get_principal(handle->lhandle,
141 		    principal, &princ,
142 		    KADM5_PRINCIPAL_NORMAL_MASK)) !=
143 	    OSA_ADB_OK)
144 		return (ret);
145 	if (princ.aux_attributes & KADM5_POLICY) {
146 		if ((ret = kadm5_get_policy(handle->lhandle,
147 			    princ.policy, &pol)) != KADM5_OK) {
148 			(void) kadm5_free_principal_ent(handle->lhandle,
149 							&princ);
150 			return (ret);
151 		}
152 		if ((now - princ.last_pwd_change) < pol.pw_min_life &&
153 		    !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
154 			(void) kadm5_free_policy_ent(handle->lhandle, &pol);
155 			(void) kadm5_free_principal_ent(handle->lhandle,
156 							&princ);
157 			return (KADM5_PASS_TOOSOON);
158 		}
159 		if (ret = kadm5_free_policy_ent(handle->lhandle, &pol)) {
160 			(void) kadm5_free_principal_ent(handle->lhandle,
161 							&princ);
162 			return (ret);
163 		}
164 	}
165 	if (ret = kadm5_free_principal_ent(handle->lhandle, &princ))
166 		return (ret);
167 	return (kadm5_randkey_principal(server_handle,
168 					principal, keys, n_keys));
169 }
170