From 8d31a9d396f5bea88def4db395ad12dca2ac2e9f Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sun, 25 Oct 2009 16:55:12 +0000 Subject: Account lockout Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/testing/util/tcl_kadm5.c | 47 ++++++++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 3 deletions(-) (limited to 'src/kadmin/testing/util') diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c index 6679ce0a7..08f3a52a4 100644 --- a/src/kadmin/testing/util/tcl_kadm5.c +++ b/src/kadmin/testing/util/tcl_kadm5.c @@ -71,7 +71,10 @@ static struct flagval policy_mask_flags[] = { {"KADM5_PW_MIN_LENGTH", KADM5_PW_MIN_LENGTH}, {"KADM5_PW_MIN_CLASSES", KADM5_PW_MIN_CLASSES}, {"KADM5_PW_HISTORY_NUM", KADM5_PW_HISTORY_NUM}, - {"KADM5_REF_COUNT", KADM5_REF_COUNT} + {"KADM5_REF_COUNT", KADM5_REF_COUNT}, + {"KADM5_PW_MAX_FAILURE", KADM5_PW_MAX_FAILURE}, + {"KADM5_PW_FAILURE_COUNT_INTERVAL", KADM5_PW_FAILURE_COUNT_INTERVAL}, + {"KADM5_PW_LOCKOUT_DURATION", KADM5_PW_LOCKOUT_DURATION}, }; static struct flagval config_mask_flags[] = { @@ -1309,6 +1312,7 @@ static int parse_principal_ent(Tcl_Interp *interp, char *list, retcode = TCL_ERROR; goto finished; } + princ->n_tl_data = tmp; finished: Tcl_Free((char *) argv); @@ -1360,6 +1364,15 @@ static Tcl_DString *unparse_policy_ent(kadm5_policy_ent_t policy) sprintf(buf, "%ld", policy->policy_refcnt); Tcl_DStringAppendElement(str, buf); + sprintf(buf, "%d", policy->pw_max_fail); + Tcl_DStringAppendElement(str, buf); + + sprintf(buf, "%d", policy->pw_failcnt_interval); + Tcl_DStringAppendElement(str, buf); + + sprintf(buf, "%d", policy->pw_lockout_duration); + Tcl_DStringAppendElement(str, buf); + return str; } @@ -1379,8 +1392,8 @@ static int parse_policy_ent(Tcl_Interp *interp, char *list, return tcl_ret; } - if (argc != 7) { - sprintf(interp->result, "wrong # args in policy structure (%d should be 7)", + if (argc != 7 && argc != 10) { + sprintf(interp->result, "wrong # args in policy structure (%d should be 7 or 10)", argc); retcode = TCL_ERROR; goto finished; @@ -1459,6 +1472,32 @@ static int parse_policy_ent(Tcl_Interp *interp, char *list, } policy->policy_refcnt = tmp; + if (argc == 7) goto finished; + + if ((tcl_ret = Tcl_GetInt(interp, argv[7], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_max_fail"); + retcode = TCL_ERROR; + goto finished; + } + policy->pw_max_fail = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_failcnt_interval"); + retcode = TCL_ERROR; + goto finished; + } + policy->pw_failcnt_interval = tmp; + + if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp)) + != TCL_OK) { + Tcl_AppendElement(interp, "while parsing pw_lockout_duration"); + retcode = TCL_ERROR; + goto finished; + } + policy->pw_lockout_duration = tmp; + finished: Tcl_Free((char *) argv); *out_policy = policy; @@ -2488,6 +2527,8 @@ void Tcl_kadm5_init(Tcl_Interp *interp) Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_API_VERSION_2); Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY); + (void) sprintf(buf, "%d", KADM5_API_VERSION_3); + Tcl_SetVar(interp, "KADM5_API_VERSION_3", buf, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_API_VERSION_MASK); Tcl_SetVar(interp, "KADM5_API_VERSION_MASK", buf, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION_MASK); -- cgit