From a409afa9a0c80b2471f73bfe1bf4afffcfee2a44 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Wed, 12 Oct 2005 04:09:19 +0000
Subject: 	* misc.h, misc.c (schpw_util_wrapper): Rename from 
 chpass_util_wrapper to make functionality a little more obvious.

	* schpw.c (process_chpw_request): Update for rename of
	chpass_util_wrapper.

	* misc.c (randkey_principal_wrapper_3, schpw_util_wrapper)
	(chpass_principal_wrapper_3): Update for check_min_life.

	* misc.h, misc.c (check_min_life): Change to take return error
	string from KADM5_PASS_TOOSOON, adapted from patch from Shawn
	Emery.

ticket: 3092
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17417 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kadmin/server/misc.c | 36 +++++++++++++++++++++++++++++-------
 1 file changed, 29 insertions(+), 7 deletions(-)

(limited to 'src/kadmin/server/misc.c')

diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c
index fb9c3a541..c623e55bd 100644
--- a/src/kadmin/server/misc.c
+++ b/src/kadmin/server/misc.c
@@ -43,7 +43,7 @@ chpass_principal_wrapper_3(void *server_handle,
 {
     kadm5_ret_t			ret;
 
-    ret = check_min_life(server_handle, principal);
+    ret = check_min_life(server_handle, principal, NULL, 0);
     if (ret)
 	 return ret;
 
@@ -86,7 +86,7 @@ randkey_principal_wrapper_3(void *server_handle,
 {
     kadm5_ret_t			ret;
 
-    ret = check_min_life(server_handle, principal);
+    ret = check_min_life(server_handle, principal, NULL, 0);
     if (ret)
 	 return ret;
     return kadm5_randkey_principal_3(server_handle, principal,
@@ -95,13 +95,13 @@ randkey_principal_wrapper_3(void *server_handle,
 }
 
 kadm5_ret_t
-chpass_util_wrapper(void *server_handle, krb5_principal princ,
-		    char *new_pw, char **ret_pw,
-		    char *msg_ret, unsigned int msg_len)
+schpw_util_wrapper(void *server_handle, krb5_principal princ,
+		   char *new_pw, char **ret_pw,
+		   char *msg_ret, unsigned int msg_len)
 {
     kadm5_ret_t ret;
 
-    ret = check_min_life(server_handle, princ);
+    ret = check_min_life(server_handle, princ, msg_ret, msg_len);
     if (ret)
 	return ret;
 
@@ -111,7 +111,8 @@ chpass_util_wrapper(void *server_handle, krb5_principal princ,
 }
 
 kadm5_ret_t
-check_min_life(void *server_handle, krb5_principal principal)
+check_min_life(void *server_handle, krb5_principal principal,
+	       char *msg_ret, unsigned int msg_len)
 {
     krb5_int32			now;
     kadm5_ret_t			ret;
@@ -119,6 +120,9 @@ check_min_life(void *server_handle, krb5_principal principal)
     kadm5_principal_ent_rec	princ;
     kadm5_server_handle_t	handle = server_handle;
 
+    if (msg_ret != NULL)
+	*msg_ret = '\0';
+
     ret = krb5_timeofday(handle->context, &now);
     if (ret)
 	return ret;
@@ -135,6 +139,24 @@ check_min_life(void *server_handle, krb5_principal principal)
 	}
 	if((now - princ.last_pwd_change) < pol.pw_min_life &&
 	   !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+	    if (msg_ret != NULL) {
+		time_t until;
+		char *time_string, *ptr, *errstr;
+
+		until = princ.last_pwd_change + pol.pw_min_life;
+
+		time_string = ctime(&until);
+		errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
+
+		if (strlen(errstr) + strlen(time_string) >= msg_len) {
+		    *errstr = '\0';
+		} else {
+		    if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
+			*ptr = '\0';
+		    sprintf(msg_ret, errstr, time_string);
+		}
+	    }
+
 	    (void) kadm5_free_policy_ent(handle->lhandle, &pol);
 	    (void) kadm5_free_principal_ent(handle->lhandle, &princ);
 	    return KADM5_PASS_TOOSOON;
-- 
cgit