diff options
author | David Kupka <dkupka@redhat.com> | 2016-06-30 08:52:33 +0200 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2016-07-01 11:22:02 +0200 |
commit | d2cb9ed327ee4003598d5e45d80ab7918b89eeed (patch) | |
tree | 759a8dbeb8cec1226cefdb097354e78756bcf639 /daemons/ipa-slapi-plugins | |
parent | 3691e39a62da5134f911f6a798f79a3a2ae0c025 (diff) | |
download | freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.tar.gz freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.tar.xz freeipa-d2cb9ed327ee4003598d5e45d80ab7918b89eeed.zip |
Allow unexpiring passwords
Treat maxlife=0 in password policy as "never expire". Delete
krbPasswordExpiration in user entry when password should never expire.
https://fedorahosted.org/freeipa/ticket/2795
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
Diffstat (limited to 'daemons/ipa-slapi-plugins')
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c | 22 | ||||
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c | 4 |
2 files changed, 16 insertions, 10 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c index 5dc606d22..0bb50fc31 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c @@ -317,7 +317,6 @@ int ipapwd_getPolicy(const char *dn, int buffer_flags=0; Slapi_ValueSet* results = NULL; char *actual_type_name = NULL; - int tmpint; LOG_TRACE("Searching policy for [%s]\n", dn); @@ -382,15 +381,9 @@ int ipapwd_getPolicy(const char *dn, /* read data out of policy object */ policy->min_pwd_life = slapi_entry_attr_get_int(pe, "krbMinPwdLife"); - tmpint = slapi_entry_attr_get_int(pe, "krbMaxPwdLife"); - if (tmpint != 0) { - policy->max_pwd_life = tmpint; - } + policy->max_pwd_life = slapi_entry_attr_get_int(pe, "krbMaxPwdLife"); - tmpint = slapi_entry_attr_get_int(pe, "krbPwdMinLength"); - if (tmpint != 0) { - policy->min_pwd_length = tmpint; - } + policy->min_pwd_length = slapi_entry_attr_get_int(pe, "krbPwdMinLength"); policy->history_length = slapi_entry_attr_get_int(pe, "krbPwdHistoryLength"); @@ -620,7 +613,11 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data) slapi_ch_array_free(pwd_history); if (data->expireTime == 0) { - data->expireTime = data->timeNow + pol.max_pwd_life; + if (pol.max_pwd_life > 0) { + /* max_pwd_life = 0 => never expire + * set expire time only when max_pwd_life > 0 */ + data->expireTime = data->timeNow + pol.max_pwd_life; + } } data->policy = pol; @@ -788,6 +785,11 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, "%Y%m%d%H%M%SZ", &utctime); slapi_mods_add_string(smods, LDAP_MOD_REPLACE, "krbPasswordExpiration", timestr); + if (data->expireTime == 0) { + slapi_mods_add_string(smods, LDAP_MOD_DELETE, + "krbPasswordExpiration", timestr); + } + } } diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c index 5c700211b..9d923d6fb 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c @@ -1123,6 +1123,10 @@ static int ipapwd_post_modadd(Slapi_PBlock *pb) "%Y%m%d%H%M%SZ", &utctime); slapi_mods_add_string(smods, LDAP_MOD_REPLACE, "krbPasswordExpiration", timestr); + if (pwdop->pwdata.expireTime == 0) { + slapi_mods_add_string(smods, LDAP_MOD_DELETE, + "krbPasswordExpiration", timestr); + } /* change Last Password Change field with the current date */ if (!gmtime_r(&(pwdop->pwdata.timeNow), &utctime)) { |