diff options
author | Simo Sorce <ssorce@redhat.com> | 2012-02-13 12:15:07 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2012-02-14 18:03:45 -0500 |
commit | 651f9324735d0680c6a56246616932459e15b99d (patch) | |
tree | fc31c99ff422fe9e072210a89e87a4cfadb52dfe /daemons/ipa-kdb/ipa_kdb_pwdpolicy.c | |
parent | 431286a0f61e7bc61d05a6da172cad07801652c2 (diff) | |
download | freeipa-651f9324735d0680c6a56246616932459e15b99d.tar.gz freeipa-651f9324735d0680c6a56246616932459e15b99d.tar.xz freeipa-651f9324735d0680c6a56246616932459e15b99d.zip |
ipa-kdb: add AS auditing support
Fixes: https://fedorahosted.org/freeipa/ticket/2334
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb_pwdpolicy.c')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_pwdpolicy.c | 89 |
1 files changed, 88 insertions, 1 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c index 46a051330..03948029f 100644 --- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c +++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c @@ -21,10 +21,11 @@ */ #include "ipa_kdb.h" +#include "ipa_pwd.h" #define POLICY_SEARCH_FILTER "(&(objectClass=krbPwdPolicy)(cn=%s))" -static char *std_pwdpolicy_attrs[] = { +char *std_pwdpolicy_attrs[] = { "krbmaxpwdlife", "krbminpwdlife", "krbpwdmindiffchars", @@ -37,6 +38,92 @@ static char *std_pwdpolicy_attrs[] = { NULL }; +krb5_error_code ipadb_get_ipapwd_policy(struct ipadb_context *ipactx, + char *pw_policy_dn, + struct ipapwd_policy **_pol) +{ + struct ipapwd_policy *pol; + krb5_error_code kerr; + LDAPMessage *res = NULL; + LDAPMessage *lentry; + uint32_t result; + int ret; + + pol = calloc(1, sizeof(struct ipapwd_policy)); + if (!pol) { + return ENOMEM; + } + + pol->max_pwd_life = IPAPWD_DEFAULT_PWDLIFE; + pol->min_pwd_length = IPAPWD_DEFAULT_MINLEN; + + kerr = ipadb_simple_search(ipactx, pw_policy_dn, LDAP_SCOPE_BASE, + "(objectClass=*)", std_pwdpolicy_attrs, &res); + if (kerr) { + goto done; + } + + lentry = ldap_first_entry(ipactx->lcontext, res); + if (!lentry) { + kerr = KRB5_KDB_INTERNAL_ERROR; + goto done; + } + + ret = ipadb_ldap_attr_to_uint32(ipactx->lcontext, lentry, + "krbMinPwdLife", &result); + if (ret == 0) { + pol->min_pwd_life = result; + } + + ret = ipadb_ldap_attr_to_uint32(ipactx->lcontext, lentry, + "krbMaxPwdLife", &result); + if (ret == 0) { + pol->max_pwd_life = result; + } + + ret = ipadb_ldap_attr_to_uint32(ipactx->lcontext, lentry, + "krbPwdMinLength", &result); + if (ret == 0) { + pol->min_pwd_length = result; + } + + ret = ipadb_ldap_attr_to_uint32(ipactx->lcontext, lentry, + "krbPwdHistoryLength", &result); + if (ret == 0) { + pol->history_length = result; + } + + ret = ipadb_ldap_attr_to_uint32(ipactx->lcontext, lentry, + "krbPwdMinDiffChars", &result); + if (ret == 0) { + pol->min_complexity = result; + } + + ret = ipadb_ldap_attr_to_uint32(ipactx->lcontext, lentry, + "krbPwdMaxFailure", &result); + if (ret == 0) { + pol->max_fail = result; + } + + ret = ipadb_ldap_attr_to_uint32(ipactx->lcontext, lentry, + "krbPwdFailureCountInterval", &result); + if (ret == 0) { + pol->failcnt_interval = result; + } + + ret = ipadb_ldap_attr_to_uint32(ipactx->lcontext, lentry, + "krbPwdLockoutDuration", &result); + if (ret == 0) { + pol->lockout_duration = result; + } + + *_pol = pol; + +done: + ldap_msgfree(res); + return kerr; +} + krb5_error_code ipadb_create_pwd_policy(krb5_context kcontext, osa_policy_ent_t policy) { |