int update_pw_retry ( Slapi_PBlock *pb )
{
Slapi_Entry *e;
int retry_cnt=0;
time_t reset_time;
time_t cur_time;
char *cur_time_str = NULL;
char *retryCountResetTime;
int passwordRetryCount;
int rc = 0;
/* get the entry */
e = get_entry ( pb, NULL );
if ( e == NULL ) {
return ( 1 );
}
cur_time = current_time();
/* check if the retry count can be reset. */
retryCountResetTime= slapi_entry_attr_get_charptr(e, "retryCountResetTime");
if(retryCountResetTime!=NULL)
{
reset_time = parse_genTime (retryCountResetTime);
slapi_ch_free((void **) &retryCountResetTime );
cur_time_str = format_genTime ( cur_time );
if ( difftime ( parse_genTime( cur_time_str ), reset_time) >= 0 )
{
/* set passwordRetryCount to 1 */
/* reset retryCountResetTime */
rc = set_retry_cnt_and_time ( pb, 1, cur_time );
slapi_ch_free((void **) &cur_time_str );
slapi_entry_free( e );
return ( rc ); /* success */
} else {
slapi_ch_free((void **) &cur_time_str );
}
} else {
/* initialize passwordRetryCount and retryCountResetTime */
rc = set_retry_cnt_and_time ( pb, 1, cur_time );
slapi_entry_free( e );
return ( rc ); /* success */
}
passwordRetryCount = slapi_entry_attr_get_int(e, "passwordRetryCount");
if (passwordRetryCount >= 0)
{
retry_cnt = passwordRetryCount + 1;
if ( retry_cnt == 1 ) {
/* set retryCountResetTime */
rc = set_retry_cnt_and_time ( pb, retry_cnt, cur_time );
} else {
/* set passwordRetryCount to retry_cnt */
rc = set_retry_cnt ( pb, retry_cnt );
}
}
slapi_entry_free( e );
return rc; /* success */
}
int ipapwd_getPolicy(const char *dn,
Slapi_Entry *target,
struct ipapwd_policy *policy)
{
const char *krbPwdPolicyReference;
char *pdn = NULL;
Slapi_PBlock *pb = NULL;
char *attrs[] = { "krbMaxPwdLife", "krbMinPwdLife",
"krbPwdMinDiffChars", "krbPwdMinLength",
"krbPwdHistoryLength", NULL};
Slapi_Entry **es = NULL;
Slapi_Entry *pe = NULL;
int ret, res, scope, i;
int buffer_flags=0;
Slapi_ValueSet* results = NULL;
char *actual_type_name = NULL;
LOG_TRACE("Searching policy for [%s]\n", dn);
pwd_get_values(target, "krbPwdPolicyReference",
&results, &actual_type_name, &buffer_flags);
if (results) {
Slapi_Value *sv;
slapi_valueset_first_value(results, &sv);
krbPwdPolicyReference = slapi_value_get_string(sv);
pdn = slapi_ch_strdup(krbPwdPolicyReference);
} else {
/* Fallback to hardcoded value */
pdn = slapi_ch_smprintf("cn=global_policy,%s", ipa_realm_dn);
}
if (pdn == NULL) {
LOG_OOM();
ret = -1;
goto done;
}
LOG_TRACE("Using policy at [%s]\n", pdn);
scope = LDAP_SCOPE_BASE;
pb = slapi_pblock_new();
slapi_search_internal_set_pb(pb,
pdn, scope,
"(objectClass=krbPwdPolicy)",
attrs, 0,
NULL, /* Controls */
NULL, /* UniqueID */
ipapwd_plugin_id,
0); /* Flags */
/* do search the tree */
ret = slapi_search_internal_pb(pb);
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
if (ret == -1 || res != LDAP_SUCCESS) {
LOG_FATAL("Couldn't find policy, err (%d)\n", res ? res : ret);
ret = -1;
goto done;
}
/* get entries */
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &es);
if (!es) {
LOG_TRACE("No entries ?!");
ret = -1;
goto done;
}
/* count entries */
for (i = 0; es[i]; i++) /* count */ ;
/* if there is only one, return that */
if (i == 1) {
pe = es[0];
} else {
LOG_TRACE("Multiple entries from a base search ?!");
ret = -1;
goto done;
}
/* read data out of policy object */
policy->min_pwd_life = slapi_entry_attr_get_int(pe, "krbMinPwdLife");
policy->max_pwd_life = slapi_entry_attr_get_int(pe, "krbMaxPwdLife");
policy->min_pwd_length = slapi_entry_attr_get_int(pe, "krbPwdMinLength");
policy->history_length = slapi_entry_attr_get_int(pe,
"krbPwdHistoryLength");
policy->min_complexity = slapi_entry_attr_get_int(pe,
"krbPwdMinDiffChars");
ret = 0;
done:
if (results) {
pwd_values_free(&results, &actual_type_name, buffer_flags);
}
if (pb) {
slapi_free_search_results_internal(pb);
slapi_pblock_destroy(pb);
}
slapi_ch_free_string(&pdn);
return ret;
}
