summaryrefslogtreecommitdiffstats
path: root/examples/test.py
diff options
context:
space:
mode:
authorDavid Sommerseth <davids@redhat.com>2009-04-30 16:07:43 +0200
committerDavid Sommerseth <davids@redhat.com>2009-04-30 16:07:43 +0200
commitcea1270777d0a5bd42284011307fe183a67f8ada (patch)
tree484fe523e3d8ccb36aa0bd6ba437926b3b6ab7c2 /examples/test.py
parent6453a1131547b71c4a21a978fd9588d67d056233 (diff)
Rewritten dmixml_GetXPathContent(...) and _get_key_value(...)
This rewrite was to handle XPATH_NUMBER more correctly. Now these functions needs an preallocated memory buffer for the result.
Diffstat (limited to 'examples/test.py')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2026-03-05 01:17:24 +0000
n134'>134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
 *
 */

#include    <k5-int.h>
#include    <kdb.h>
#include    <kadm5/server_internal.h>
#include    <kadm5/server_acl.h>
#include    "misc.h"
#include    "net-server.h"

/*
 * Function: chpass_principal_wrapper_3
 *
 * Purpose: wrapper to kadm5_chpass_principal that checks to see if
 *          pw_min_life has been reached. if not it returns an error.
 *          otherwise it calls kadm5_chpass_principal
 *
 * Arguments:
 *      principal       (input) krb5_principals whose password we are
 *                              changing
 *      keepold         (input) whether to preserve old keys
 *      n_ks_tuple      (input) the number of key-salt tuples in ks_tuple
 *      ks_tuple        (input) array of tuples indicating the caller's
 *                              requested enctypes/salttypes
 *      password        (input) password we are going to change to.
 *      <return value>  0 on success error code on failure.
 *
 * Requires:
 *      kadm5_init to have been run.
 *
 * Effects:
 *      calls kadm5_chpass_principal which changes the kdb and the
 *      the admin db.
 *
 */
kadm5_ret_t
chpass_principal_wrapper_3(void *server_handle,
                           krb5_principal principal,
                           krb5_boolean keepold,
                           int n_ks_tuple,
                           krb5_key_salt_tuple *ks_tuple,
                           char *password)
{
    kadm5_ret_t                 ret;

    ret = check_min_life(server_handle, principal, NULL, 0);
    if (ret)
        return ret;

    return kadm5_chpass_principal_3(server_handle, principal,
                                    keepold, n_ks_tuple, ks_tuple,
                                    password);
}


/*
 * Function: randkey_principal_wrapper_3
 *
 * Purpose: wrapper to kadm5_randkey_principal which checks the
 *          password's min. life.
 *
 * Arguments:
 *      principal           (input) krb5_principal whose password we are
 *                                  changing
 *      keepold         (input) whether to preserve old keys
 *      n_ks_tuple      (input) the number of key-salt tuples in ks_tuple
 *      ks_tuple        (input) array of tuples indicating the caller's
 *                              requested enctypes/salttypes
 *      key                 (output) new random key
 *      <return value>      0, error code on error.
 *
 * Requires:
 *      kadm5_init       needs to be run
 *
 * Effects:
 *      calls kadm5_randkey_principal
 *
 */
kadm5_ret_t
randkey_principal_wrapper_3(void *server_handle,
                            krb5_principal principal,
                            krb5_boolean keepold,
                            int n_ks_tuple,
                            krb5_key_salt_tuple *ks_tuple,
                            krb5_keyblock **keys, int *n_keys)
{
    kadm5_ret_t                 ret;

    ret = check_min_life(server_handle, principal, NULL, 0);
    if (ret)
        return ret;
    return kadm5_randkey_principal_3(server_handle, principal,
                                     keepold, n_ks_tuple, ks_tuple,
                                     keys, n_keys);
}

kadm5_ret_t
schpw_util_wrapper(void *server_handle,
                   krb5_principal client,
                   krb5_principal target,
                   krb5_boolean initial_flag,
                   char *new_pw, char **ret_pw,
                   char *msg_ret, unsigned int msg_len)
{
    kadm5_ret_t                 ret;
    kadm5_server_handle_t       handle = server_handle;
    krb5_boolean                access_granted;
    krb5_boolean                self;

    /*
     * If no target is explicitly provided, then the target principal
     * is the client principal.
     */
    if (target == NULL)
        target = client;

    /*
     * A principal can always change its own password, as long as it
     * has an initial ticket and meets the minimum password lifetime
     * requirement.
     */
    self = krb5_principal_compare(handle->context, client, target);
    if (self) {
        ret = check_min_life(server_handle, target, msg_ret, msg_len);
        if (ret != 0)
            return ret;

        access_granted = initial_flag;
    } else
        access_granted = FALSE;

    if (!access_granted &&
        kadm5int_acl_check_krb(handle->context, client,
                               ACL_CHANGEPW, target, NULL)) {
        /*
         * Otherwise, principals with appropriate privileges can change
         * any password
         */
        access_granted = TRUE;
    }

    if (access_granted) {
        ret = kadm5_chpass_principal_util(server_handle,
                                          target,
                                          new_pw, ret_pw,
                                          msg_ret, msg_len);
    } else {
        ret = KADM5_AUTH_CHANGEPW;
        strlcpy(msg_ret, "Unauthorized request", msg_len);
    }

    return ret;
}

kadm5_ret_t
check_min_life(void *server_handle, krb5_principal principal,
               char *msg_ret, unsigned int msg_len)
{
    krb5_int32                  now;
    kadm5_ret_t                 ret;
    kadm5_policy_ent_rec        pol;
    kadm5_principal_ent_rec     princ;
    kadm5_server_handle_t       handle = server_handle;

    if (msg_ret != NULL)
        *msg_ret = '\0';

    ret = krb5_timeofday(handle->context, &now);
    if (ret)
        return ret;

    ret = kadm5_get_principal(handle->lhandle, principal,