Add API to interpret changepw result strings

Active Directory returns structured policy information in the nominally UTF-8 result string field of a password change reply. Add a new API krb5_chpw_message() to convert a result string into a displayable message, interpreting policy information if present. Patch from stefw@gnome.org with changes. ticket: 7128 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25857 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2012-05-09 17:40:38 +0000
committer: Greg Hudson <ghudson@mit.edu> 2012-05-09 17:40:38 +0000
commit: 13a0013f55e9bea8384234f5caa1a0b444749daf (patch)
tree: 421085bed0a911b9a5de9ea06fbd401f37d5904b /src/tests/misc
parent: c250f6743a623ab5086c56324060ebf99c740379 (diff)
download: krb5-13a0013f55e9bea8384234f5caa1a0b444749daf.tar.gz
krb5-13a0013f55e9bea8384234f5caa1a0b444749daf.tar.xz
krb5-13a0013f55e9bea8384234f5caa1a0b444749daf.zip
2 files changed, 186 insertions, 4 deletions
diff --git a/src/tests/misc/Makefile.in b/src/tests/misc/Makefile.in
index 5a4b329bc..8a601bf0d 100644
--- a/src/tests/misc/Makefile.in
+++ b/src/tests/misc/Makefile.in
@@ -4,9 +4,13 @@ RUN_SETUP = @KRB5_RUN_ENV@
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
-OBJS=test_getpw.o
+OBJS=\
+	test_getpw.o \
+	test_chpw_message.o
+
 SRCS=\
 	$(srcdir)/test_getpw.c \
+	$(srcdir)/test_chpw_message.c \
 	$(srcdir)/test_getsockname.c \
 	$(srcdir)/test_cxx_krb5.cpp \
 	$(srcdir)/test_cxx_k5int.cpp \
@@ -14,10 +18,11 @@ SRCS=\
 	$(srcdir)/test_cxx_rpc.cpp \
 	$(srcdir)/test_cxx_kadm5.cpp
 
-all:: test_getpw
+all:: test_getpw test_chpw_message
 
-check:: test_getpw test_cxx_krb5 test_cxx_gss test_cxx_rpc test_cxx_k5int test_cxx_kadm5
+check:: test_getpw test_chpw_message test_cxx_krb5 test_cxx_gss test_cxx_rpc test_cxx_k5int test_cxx_kadm5
 	$(RUN_SETUP) $(VALGRIND) ./test_getpw
+	$(RUN_SETUP) $(VALGRIND) ./test_chpw_message
 	$(RUN_SETUP) $(VALGRIND) ./test_cxx_krb5
 	$(RUN_SETUP) $(VALGRIND) ./test_cxx_k5int
 	$(RUN_SETUP) $(VALGRIND) ./test_cxx_gss
@@ -27,6 +32,9 @@ check:: test_getpw test_cxx_krb5 test_cxx_gss test_cxx_rpc test_cxx_k5int test_c
 test_getpw: $(OUTPRE)test_getpw.$(OBJEXT) $(SUPPORT_DEPLIB)
 	$(CC_LINK) $(ALL_CFLAGS) -o test_getpw $(OUTPRE)test_getpw.$(OBJEXT) $(SUPPORT_LIB)
 
+test_chpw_message: $(OUTPRE)test_chpw_message.$(OBJEXT) $(SUPPORT_DEPLIB)
+	$(CC_LINK) $(ALL_CFLAGS) -o test_chpw_message $(OUTPRE)test_chpw_message.$(OBJEXT) $(KRB5_BASE_LIBS) $(LIBS)
+
 test_getsockname: $(OUTPRE)test_getsockname.$(OBJEXT)
 	$(CC_LINK) $(ALL_CFLAGS) -o test_getsockname $(OUTPRE)test_getsockname.$(OBJEXT) $(LIBS)
 
@@ -49,5 +57,5 @@ test_cxx_kadm5.$(OBJEXT): test_cxx_kadm5.cpp
 install::
 
 clean::
-	$(RM) test_getpw test_cxx_krb5 test_cxx_gss test_cxx_k5int test_cxx_rpc test_cxx_kadm5 *.o
+	$(RM) test_getpw test_chpw_message test_cxx_krb5 test_cxx_gss test_cxx_k5int test_cxx_rpc test_cxx_kadm5 *.o
 
diff --git a/src/tests/misc/test_chpw_message.c b/src/tests/misc/test_chpw_message.c
new file mode 100644
index 000000000..bf3169a25
--- /dev/null
+++ b/src/tests/misc/test_chpw_message.c
@@ -0,0 +1,174 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/misc/test_getpw.c */
+/*
+ * Copyright (C) 2012 by the Red Hat Inc.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "autoconf.h"
+#include "krb5.h"
+
+#include <sys/types.h>
+#include <assert.h>
+#include <locale.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+static krb5_data result_utf8 = {
+    0, 23, "This is a valid string.",
+};
+
+static krb5_data result_invalid_utf8 = {
+    0, 19, "\0This is not valid.",
+};
+
+static krb5_data result_ad_complex = {
+    0, 30,
+    "\0\0"             /* zero bytes */
+    "\0\0\0\0"         /* min length */
+    "\0\0\0\0"         /* history */
+    "\0\0\0\1"         /* properties, complex */
+    "\0\0\0\0\0\0\0\0" /* expire */
+    "\0\0\0\0\0\0\0\0" /* min age */
+};
+
+static krb5_data result_ad_length = {
+    0, 30,
+    "\0\0"             /* zero bytes */
+    "\0\0\0\x0d"       /* min length, 13 charaters */
+    "\0\0\0\0"         /* history */
+    "\0\0\0\0"         /* properties */
+    "\0\0\0\0\0\0\0\0" /* expire */
+    "\0\0\0\0\0\0\0\0" /* min age */
+};
+
+static krb5_data result_ad_history = {
+    0, 30,
+    "\0\0"             /* zero bytes */
+    "\0\0\0\0"         /* min length */
+    "\0\0\0\x09"       /* history, 9 passwords */
+    "\0\0\0\0"         /* properties */
+    "\0\0\0\0\0\0\0\0" /* expire */
+    "\0\0\0\0\0\0\0\0" /* min age */
+};
+
+static krb5_data result_ad_age = {
+    0, 30,
+    "\0\0"                        /* zero bytes */
+    "\0\0\0\0"                    /* min length */
+    "\0\0\0\0"                    /* history, 9 passwords */
+    "\0\0\0\0"                    /* properties */
+    "\0\0\0\0\0\0\0\0"            /* expire */
+    "\0\0\x01\x92\x54\xd3\x80\0"  /* min age, 2 days */
+};
+
+static krb5_data result_ad_all = {
+    0, 30,
+    "\0\0"                      /* zero bytes */
+    "\0\0\0\x05"                /* min length, 5 characters */
+    "\0\0\0\x0D"                /* history, 13 passwords */
+    "\0\0\0\x01"                /* properties, complex */
+    "\0\0\0\0\0\0\0\0"          /* expire */
+    "\0\0\0\xc9\x2a\x69\xc0\0"  /* min age, 1 day */
+};
+
+static void
+check(krb5_error_code code)
+{
+    if (code != 0) {
+        com_err("t_vfy_increds", code, NULL);
+        abort();
+    }
+}
+
+static void
+check_msg(const char *real, const char *expected)
+{
+    if (strstr(real, expected) == NULL) {
+        fprintf(stderr, "Expected to see: %s\n", expected);
+        abort();
+    }
+}
+
+int
+main(void)
+{
+    krb5_context context;
+    char *msg;
+
+    setlocale(LC_MESSAGES, "C");
+
+    check(krb5_init_context(&context));
+
+    /* Valid utf-8 data in the result should be returned as is */
+    check(krb5_chpw_message(context, &result_utf8, &msg));
+    printf("  UTF8 valid:   %s\n", msg);
+    check_msg(msg, "This is a valid string.");
+    free(msg);
+
+    /* Invalid data should have a generic message. */
+    check(krb5_chpw_message(context, &result_invalid_utf8, &msg));
+    printf("  UTF8 invalid: %s\n", msg);
+    check_msg(msg, "contact your administrator");
+    free(msg);
+
+    /* AD data with complex data requirement */
+    check(krb5_chpw_message(context, &result_ad_complex, &msg));
+    printf("  AD complex:   %s\n", msg);
+    check_msg(msg, "The password must include numbers or symbols.");
+    check_msg(msg, "Don't include any part of your name in the password.");
+    free(msg);
+
+    /* AD data with min password length */
+    check(krb5_chpw_message(context, &result_ad_length, &msg));
+    printf("  AD length:    %s\n", msg);
+    check_msg(msg, "The password must contain at least 13 characters.");
+    free(msg);
+
+    /* AD data with history requirements */
+    check(krb5_chpw_message(context, &result_ad_history, &msg));
+    printf("  AD history:   %s\n", msg);
+    check_msg(msg, "The password must be different from the previous 9 "
+              "passwords.");
+    free(msg);
+
+    /* AD data with minimum age */
+    check(krb5_chpw_message(context, &result_ad_age, &msg));
+    printf("  AD min age:   %s\n", msg);
+    check_msg(msg, "The password can only be changed every 2 days.");
+    free(msg);
+
+    /* AD data with all */
+    check(krb5_chpw_message(context, &result_ad_all, &msg));
+    printf("  AD all:       %s\n", msg);
+    check_msg(msg, "The password can only be changed once a day.");
+    check_msg(msg, "The password must be different from the previous 13 "
+              "passwords.");
+    check_msg(msg, "The password must contain at least 5 characters.");
+    check_msg(msg, "The password must include numbers or symbols.");
+    check_msg(msg, "Don't include any part of your name in the password.");
+    free(msg);
+
+    krb5_free_context(context);
+    exit(0);
+}
author	Greg Hudson <ghudson@mit.edu>	2012-05-09 17:40:38 +0000
committer	Greg Hudson <ghudson@mit.edu>	2012-05-09 17:40:38 +0000
commit	13a0013f55e9bea8384234f5caa1a0b444749daf (patch)
tree	421085bed0a911b9a5de9ea06fbd401f37d5904b /src/tests/misc
parent	c250f6743a623ab5086c56324060ebf99c740379 (diff)
download	krb5-13a0013f55e9bea8384234f5caa1a0b444749daf.tar.gz krb5-13a0013f55e9bea8384234f5caa1a0b444749daf.tar.xz krb5-13a0013f55e9bea8384234f5caa1a0b444749daf.zip