* misc.h, misc.c (schpw_util_wrapper): Rename from

	chpass_util_wrapper to make functionality a little more obvious.

	* schpw.c (process_chpw_request): Update for rename of
	chpass_util_wrapper.

	* misc.c (randkey_principal_wrapper_3, schpw_util_wrapper) 
	(chpass_principal_wrapper_3): Update for check_min_life.

	* misc.h, misc.c (check_min_life): Change to take return error
	string from KADM5_PASS_TOOSOON, adapted from patch from Shawn
	Emery.

ticket: 3092
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17417 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 51 insertions, 13 deletions

diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog
index e461f74cab..a84ddc8f03 100644
--- a/src/kadmin/server/ChangeLog
+++ b/src/kadmin/server/ChangeLog
@@ -1,3 +1,18 @@
+2005-10-12  Tom Yu  <tlyu@mit.edu>
+
+	* misc.h, misc.c (schpw_util_wrapper): Rename from
+	chpass_util_wrapper to make functionality a little more obvious.
+
+	* schpw.c (process_chpw_request): Update for rename of
+	chpass_util_wrapper.
+
+	* misc.c (randkey_principal_wrapper_3, schpw_util_wrapper) 
+	(chpass_principal_wrapper_3): Update for check_min_life.
+
+	* misc.h, misc.c (check_min_life): Change to take return error
+	string from KADM5_PASS_TOOSOON, adapted from patch from Shawn
+	Emery.
+
 2005-08-20  Ken Raeburn  <raeburn@mit.edu>
 
 	* kadm_rpc_svc.c, server_stubs.c: Rename all RPC functions from
diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c
index fb9c3a5418..c623e55bd9 100644
--- a/src/kadmin/server/misc.c
+++ b/src/kadmin/server/misc.c
@@ -43,7 +43,7 @@ chpass_principal_wrapper_3(void *server_handle,
 {
     kadm5_ret_t			ret;
 
-    ret = check_min_life(server_handle, principal);
+    ret = check_min_life(server_handle, principal, NULL, 0);
     if (ret)
 	 return ret;
 
@@ -86,7 +86,7 @@ randkey_principal_wrapper_3(void *server_handle,
 {
     kadm5_ret_t			ret;
 
-    ret = check_min_life(server_handle, principal);
+    ret = check_min_life(server_handle, principal, NULL, 0);
     if (ret)
 	 return ret;
     return kadm5_randkey_principal_3(server_handle, principal,
@@ -95,13 +95,13 @@ randkey_principal_wrapper_3(void *server_handle,
 }
 
 kadm5_ret_t
-chpass_util_wrapper(void *server_handle, krb5_principal princ,
-		    char *new_pw, char **ret_pw,
-		    char *msg_ret, unsigned int msg_len)
+schpw_util_wrapper(void *server_handle, krb5_principal princ,
+		   char *new_pw, char **ret_pw,
+		   char *msg_ret, unsigned int msg_len)
 {
     kadm5_ret_t ret;
 
-    ret = check_min_life(server_handle, princ);
+    ret = check_min_life(server_handle, princ, msg_ret, msg_len);
     if (ret)
 	return ret;
 
@@ -111,7 +111,8 @@ chpass_util_wrapper(void *server_handle, krb5_principal princ,
 }
 
 kadm5_ret_t
-check_min_life(void *server_handle, krb5_principal principal)
+check_min_life(void *server_handle, krb5_principal principal,
+	       char *msg_ret, unsigned int msg_len)
 {
     krb5_int32			now;
     kadm5_ret_t			ret;
@@ -119,6 +120,9 @@ check_min_life(void *server_handle, krb5_principal principal)
     kadm5_principal_ent_rec	princ;
     kadm5_server_handle_t	handle = server_handle;
 
+    if (msg_ret != NULL)
+	*msg_ret = '\0';
+
     ret = krb5_timeofday(handle->context, &now);
     if (ret)
 	return ret;
@@ -135,6 +139,24 @@ check_min_life(void *server_handle, krb5_principal principal)
 	}
 	if((now - princ.last_pwd_change) < pol.pw_min_life &&
 	   !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+	    if (msg_ret != NULL) {
+		time_t until;
+		char *time_string, *ptr, *errstr;
+
+		until = princ.last_pwd_change + pol.pw_min_life;
+
+		time_string = ctime(&until);
+		errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
+
+		if (strlen(errstr) + strlen(time_string) >= msg_len) {
+		    *errstr = '\0';
+		} else {
+		    if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
+			*ptr = '\0';
+		    sprintf(msg_ret, errstr, time_string);
+		}
+	    }
+
 	    (void) kadm5_free_policy_ent(handle->lhandle, &pol);
 	    (void) kadm5_free_principal_ent(handle->lhandle, &princ);
 	    return KADM5_PASS_TOOSOON;
diff --git a/src/kadmin/server/misc.h b/src/kadmin/server/misc.h
index be7a53f663..b519ba079e 100644
--- a/src/kadmin/server/misc.h
+++ b/src/kadmin/server/misc.h
@@ -20,11 +20,12 @@ randkey_principal_wrapper_3(void *server_handle,
 			    krb5_keyblock **keys, int *n_keys);
 
 kadm5_ret_t
-chpass_util_wrapper(void *server_handle, krb5_principal princ,
-		    char *new_pw, char **ret_pw,
-		    char *msg_ret, unsigned int msg_len);
+schpw_util_wrapper(void *server_handle, krb5_principal princ,
+		   char *new_pw, char **ret_pw,
+		   char *msg_ret, unsigned int msg_len);
 
-kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal);
+kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal,
+			   char *msg_ret, unsigned int msg_len);
 
 kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
 				   krb5_principal principal, 
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index 90ccba05fa..8c676c08ca 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -248,8 +248,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
     memcpy(ptr, clear.data, clear.length);
     ptr[clear.length] = '\0';
 
-    ret = chpass_util_wrapper(server_handle, ticket->enc_part2->client,
-			      ptr, NULL, strresult, sizeof(strresult));
+    ret = schpw_util_wrapper(server_handle, ticket->enc_part2->client,
+			     ptr, NULL, strresult, sizeof(strresult));
 
     /* zap the password */
     memset(clear.data, 0, clear.length);