diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-10-05 14:53:09 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-10-05 14:53:09 +0000 |
| commit | 96f2a016991c199be477b6abd48824ec1cb6641f (patch) | |
| tree | c1d70a4b27bf8befad040b06c4831e842506fd51 /src/lib/kdb/kdb5.c | |
| parent | 0ce5cb2e9dc040f35a91bca8dcad68d10ed7ea8a (diff) | |
| download | krb5-96f2a016991c199be477b6abd48824ec1cb6641f.tar.gz krb5-96f2a016991c199be477b6abd48824ec1cb6641f.tar.xz krb5-96f2a016991c199be477b6abd48824ec1cb6641f.zip | |
Propagate modprinc -unlock from master to slave KDCs
Create a new tl-data type to hold the time of the last administrative
unlock, and factor it into decisions about account lockout. Since
tl-data values are propagated from master to slave, this will cause
modprinc -unlock operations to reach slave KDCs on the next
propagation.
ticket: 6795
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kdb/kdb5.c')
| -rw-r--r-- | src/lib/kdb/kdb5.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index 5e00d127ee..b37a5c1102 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -1431,6 +1431,31 @@ krb5_dbe_lookup_last_pwd_change(krb5_context context, krb5_db_entry *entry, } krb5_error_code +krb5_dbe_lookup_last_admin_unlock(krb5_context context, krb5_db_entry *entry, + krb5_timestamp *stamp) +{ + krb5_tl_data tl_data; + krb5_error_code code; + krb5_int32 tmp; + + tl_data.tl_data_type = KRB5_TL_LAST_ADMIN_UNLOCK; + + if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) + return (code); + + if (tl_data.tl_data_length != 4) { + *stamp = 0; + return (0); + } + + krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp); + + *stamp = (krb5_timestamp) tmp; + + return (0); +} + +krb5_error_code krb5_dbe_lookup_tl_data(krb5_context context, krb5_db_entry *entry, krb5_tl_data *ret_tl_data) { @@ -1922,6 +1947,21 @@ krb5_dbe_update_last_pwd_change(krb5_context context, krb5_db_entry *entry, } krb5_error_code +krb5_dbe_update_last_admin_unlock(krb5_context context, krb5_db_entry *entry, + krb5_timestamp stamp) +{ + krb5_tl_data tl_data; + krb5_octet buf[4]; /* this is the encoded size of an int32 */ + + tl_data.tl_data_type = KRB5_TL_LAST_ADMIN_UNLOCK; + tl_data.tl_data_length = sizeof(buf); + krb5_kdb_encode_int32((krb5_int32) stamp, buf); + tl_data.tl_data_contents = buf; + + return (krb5_dbe_update_tl_data(context, entry, &tl_data)); +} + +krb5_error_code krb5_dbe_delete_tl_data(krb5_context context, krb5_db_entry *entry, krb5_int16 tl_data_type) { |