diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ChangeLog | 5 | ||||
| -rw-r--r-- | src/include/krb5.hin | 1 | ||||
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 6 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gic_pwd.c | 41 |
4 files changed, 52 insertions, 1 deletions
diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 77d721b51..6aeda6d41 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,8 @@ +2002-10-23 Ken Hornstein <kenh@cmf.nrl.navy.mil> + + * krb5.hin: Add new LRQ type for password expiration + (from krb-clarifications) + 2002-10-07 Sam Hartman <hartmans@mit.edu> * Makefile.in : Add install-headers support diff --git a/src/include/krb5.hin b/src/include/krb5.hin index a8fa4766b..7ab1cde04 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -839,6 +839,7 @@ krb5_error_code krb5_decrypt_data #define KRB5_LRQ_ONE_LAST_RENEWAL (-4) #define KRB5_LRQ_ALL_LAST_REQ 5 #define KRB5_LRQ_ONE_LAST_REQ (-5) +#define KRB5_LRQ_PW_EXPTIME 6 /* PADATA types */ #define KRB5_PADATA_NONE 0 diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 14b02e6bb..a651f2497 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,9 @@ +2002-10-23 Ken Hornstein <kenh@cmf.nrl.navy.mil> + + * gic_pwd.c (krb5_get_init_creds_password): Fix bug in previous + password expiration warning; also, check for password expiration + warnings via LRQ type from krb-clarifications. + 2002-09-11 Sam Hartman <hartmans@mit.edu> * fwd_tgt.c (krb5_fwd_tgt_creds): If our initial tickets don't diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index caa48c590..776669af4 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -287,6 +287,7 @@ cleanup: if (ret == 0) { krb5_timestamp now; + krb5_last_req_entry **last_req; int hours; /* XXX 7 days should be configurable. This is all pretty ad hoc, @@ -294,7 +295,7 @@ cleanup: with timezones, etc. */ if (prompter && - (in_tkt_service && + (!in_tkt_service || (strcmp(in_tkt_service, "kadmin/changepw") != 0)) && ((ret = krb5_timeofday(context, &now)) == 0) && as_reply->enc_part2->key_exp && @@ -313,6 +314,44 @@ cleanup: /* ignore an error here */ /* PROMPTER_INVOCATION */ (*prompter)(context, data, 0, banner, 0, 0); + } else if (prompter && + (!in_tkt_service || + (strcmp(in_tkt_service, "kadmin/changepw") != 0)) && + as_reply->enc_part2 && as_reply->enc_part2->last_req) { + /* + * Check the last_req fields + */ + + for (last_req = as_reply->enc_part2->last_req; *last_req; last_req++) + if ((*last_req)->lr_type == KRB5_LRQ_PW_EXPTIME) { + krb5_deltat delta; + char ts[256]; + + if ((ret = krb5_timeofday(context, &now))) + break; + + if ((ret = krb5_timestamp_to_string((*last_req)->value, + ts, sizeof(ts)))) + break; + + delta = (*last_req)->value - now; + + if (delta < 3600) + sprintf(banner, + "Warning: Your password will expire in less than one " + "hour on %s", ts); + else if (delta < 86400*2) + sprintf(banner, + "Warning: Your password will expire in %d hour%s on %s", + delta / 3600, delta < 7200 ? "" : "s", ts); + else + sprintf(banner, + "Warning: Your password will expire in %d days on %s", + delta / 86400, ts); + /* ignore an error here */ + /* PROMPTER_INVOCATION */ + (*prompter)(context, data, 0, banner, 0, 0); + } } } |