IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Simplify date manipulation in pwd plugin

Browse Source 
Use a helper function to perform operations on dates in LDAP attributes.

Related to #2795

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: David Kupka <dkupka@redhat.com>
This commit is contained in:
Simo Sorce 2016-07-19 07:43:50 -04:00
parent f8bf8a6240
commit ab4fcb0fe2
3 changed files with 50 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
View File

@ -702,6 +702,33 @@ next:
return kvno; return kvno;
} }
int ipapwd_setdate(Slapi_Entry *source, Slapi_Mods *smods, const char *attr,
time_t date, bool remove)
{
char timestr[GENERALIZED_TIME_LENGTH+1];
struct tm utctime;
Slapi_Attr *t;
bool exists;
exists = (slapi_entry_attr_find(source, attr, &t) == 0);
if (remove) {
if (exists) {
slapi_mods_add_mod_values(smods, LDAP_MOD_DELETE, attr, NULL);
}
return LDAP_SUCCESS;
}
if (!gmtime_r(&date, &utctime)) {
LOG_FATAL("failed to convert %s date\n", attr);
return LDAP_OPERATIONS_ERROR;
}
strftime(timestr, GENERALIZED_TIME_LENGTH + 1, "%Y%m%d%H%M%SZ", &utctime);
slapi_mods_add_string(smods, exists ? LDAP_MOD_REPLACE : LDAP_MOD_ADD,
attr, timestr);
return LDAP_SUCCESS;
}
/* Modify the Password attributes of the entry */ /* Modify the Password attributes of the entry */
int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
struct ipapwd_data *data, int is_krb) struct ipapwd_data *data, int is_krb)
@ -711,8 +738,6 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
Slapi_Value **svals = NULL; Slapi_Value **svals = NULL;
Slapi_Value **ntvals = NULL; Slapi_Value **ntvals = NULL;
Slapi_Value **pwvals = NULL; Slapi_Value **pwvals = NULL;
struct tm utctime;
char timestr[GENERALIZED_TIME_LENGTH+1];
char *nt = NULL; char *nt = NULL;
int is_smb = 0; int is_smb = 0;
int is_ipant = 0; int is_ipant = 0;
@ -764,34 +789,19 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
* keytab so don't set it on hosts. * keytab so don't set it on hosts.
*/ */
if (!is_host) { if (!is_host) {
/* change Last Password Change field with the current date */ /* change Last Password Change field with the current date */
if (!gmtime_r(&(data->timeNow), &utctime)) { ret = ipapwd_setdate(data->target, smods, "krbLastPwdChange",
LOG_FATAL("failed to retrieve current date (buggy gmtime_r ?)\n"); data->timeNow, false);
ret = LDAP_OPERATIONS_ERROR; if (ret != LDAP_SUCCESS)
goto free_and_return; goto free_and_return;
}
strftime(timestr, GENERALIZED_TIME_LENGTH + 1,
"%Y%m%d%H%M%SZ", &utctime);
slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
"krbLastPwdChange", timestr);
/* set Password Expiration date */ /* set Password Expiration date */
if (!gmtime_r(&(data->expireTime), &utctime)) { ret = ipapwd_setdate(data->target, smods, "krbPasswordExpiration",
LOG_FATAL("failed to convert expiration date\n"); data->expireTime, (data->expireTime == 0));
ret = LDAP_OPERATIONS_ERROR; if (ret != LDAP_SUCCESS)
goto free_and_return; goto free_and_return;
}
strftime(timestr, GENERALIZED_TIME_LENGTH + 1,
"%Y%m%d%H%M%SZ", &utctime);
slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
"krbPasswordExpiration", timestr);
if (data->expireTime == 0) {
slapi_mods_add_string(smods, LDAP_MOD_DELETE,
"krbPasswordExpiration", timestr);
}
}
} }
}
if (nt && is_smb) { if (nt && is_smb) {
slapi_mods_add_string(smods, LDAP_MOD_REPLACE, slapi_mods_add_string(smods, LDAP_MOD_REPLACE,

2
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
View File

@ -119,6 +119,8 @@ int ipapwd_gen_checks(Slapi_PBlock *pb, char **errMesg,
int ipapwd_CheckPolicy(struct ipapwd_data *data); int ipapwd_CheckPolicy(struct ipapwd_data *data);
int ipapwd_getEntry(const char *dn, Slapi_Entry **e2, char **attrlist); int ipapwd_getEntry(const char *dn, Slapi_Entry **e2, char **attrlist);
int ipapwd_get_cur_kvno(Slapi_Entry *target); int ipapwd_get_cur_kvno(Slapi_Entry *target);
int ipapwd_setdate(Slapi_Entry *source, Slapi_Mods *smods, const char *attr,
time_t date, bool remove);
int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg, int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
struct ipapwd_data *data, int is_krb); struct ipapwd_data *data, int is_krb);
Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods, Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods,

31
daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
View File

@ -1028,8 +1028,6 @@ static int ipapwd_post_modadd(Slapi_PBlock *pb)
struct ipapwd_operation *pwdop = NULL; struct ipapwd_operation *pwdop = NULL;
Slapi_Mods *smods; Slapi_Mods *smods;
Slapi_Value **pwvals; Slapi_Value **pwvals;
struct tm utctime;
char timestr[GENERALIZED_TIME_LENGTH+1];
int ret; int ret;
char *errMsg = "Internal operations error\n"; char *errMsg = "Internal operations error\n";
struct ipapwd_krbcfg *krbcfg = NULL; struct ipapwd_krbcfg *krbcfg = NULL;
@ -1115,29 +1113,19 @@ static int ipapwd_post_modadd(Slapi_PBlock *pb)
(slapi_entry_attr_has_syntax_value(pwdop->pwdata.target, (slapi_entry_attr_has_syntax_value(pwdop->pwdata.target,
SLAPI_ATTR_OBJECTCLASS, ipahost)) == 0) { SLAPI_ATTR_OBJECTCLASS, ipahost)) == 0) {
/* set Password Expiration date */ /* set Password Expiration date */
if (!gmtime_r(&(pwdop->pwdata.expireTime), &utctime)) { ret = ipapwd_setdate(pwdop->pwdata.target, smods,
LOG_FATAL("failed to parse expiration date (buggy gmtime_r ?)\n"); "krbPasswordExpiration",
pwdop->pwdata.expireTime,
(pwdop->pwdata.expireTime == 0));
if (ret != LDAP_SUCCESS)
goto done; goto done;
}
strftime(timestr, GENERALIZED_TIME_LENGTH+1,
"%Y%m%d%H%M%SZ", &utctime);
slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
"krbPasswordExpiration", timestr);
if (pwdop->pwdata.expireTime == 0) {
slapi_mods_add_string(smods, LDAP_MOD_DELETE,
"krbPasswordExpiration", timestr);
}
/* change Last Password Change field with the current date */ /* change Last Password Change field with the current date */
if (!gmtime_r(&(pwdop->pwdata.timeNow), &utctime)) { ret = ipapwd_setdate(pwdop->pwdata.target, smods,
LOG_FATAL("failed to parse current date (buggy gmtime_r ?)\n"); "krbLastPwdChange",
slapi_value_free(&ipahost); pwdop->pwdata.timeNow, false);
if (ret != LDAP_SUCCESS)
goto done; goto done;
}
strftime(timestr, GENERALIZED_TIME_LENGTH+1,
"%Y%m%d%H%M%SZ", &utctime);
slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
"krbLastPwdChange", timestr);
} }
slapi_value_free(&ipahost); slapi_value_free(&ipahost);
} }
@ -1391,6 +1379,7 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb)
SLAPI_USERPWD_ATTR, "ipaUserAuthType", "krbprincipalkey", "uid", SLAPI_USERPWD_ATTR, "ipaUserAuthType", "krbprincipalkey", "uid",
"krbprincipalname", "objectclass", "passwordexpirationtime", "krbprincipalname", "objectclass", "passwordexpirationtime",
"passwordhistory", "krbprincipalexpiration", "krbcanonicalname", "passwordhistory", "krbprincipalexpiration", "krbcanonicalname",
"krbPasswordExpiration", "krblastpwchange",
NULL NULL
}; };
struct berval *credentials = NULL; struct berval *credentials = NULL;