int update_pw_retry ( Slapi_PBlock *pb ) { Slapi_Entry *e; int retry_cnt=0; time_t reset_time; time_t cur_time; char *cur_time_str = NULL; char *retryCountResetTime; int passwordRetryCount; int rc = 0; /* get the entry */ e = get_entry ( pb, NULL ); if ( e == NULL ) { return ( 1 ); } cur_time = current_time(); /* check if the retry count can be reset. */ retryCountResetTime= slapi_entry_attr_get_charptr(e, "retryCountResetTime"); if(retryCountResetTime!=NULL) { reset_time = parse_genTime (retryCountResetTime); slapi_ch_free((void **) &retryCountResetTime ); cur_time_str = format_genTime ( cur_time ); if ( difftime ( parse_genTime( cur_time_str ), reset_time) >= 0 ) { /* set passwordRetryCount to 1 */ /* reset retryCountResetTime */ rc = set_retry_cnt_and_time ( pb, 1, cur_time ); slapi_ch_free((void **) &cur_time_str ); slapi_entry_free( e ); return ( rc ); /* success */ } else { slapi_ch_free((void **) &cur_time_str ); } } else { /* initialize passwordRetryCount and retryCountResetTime */ rc = set_retry_cnt_and_time ( pb, 1, cur_time ); slapi_entry_free( e ); return ( rc ); /* success */ } passwordRetryCount = slapi_entry_attr_get_int(e, "passwordRetryCount"); if (passwordRetryCount >= 0) { retry_cnt = passwordRetryCount + 1; if ( retry_cnt == 1 ) { /* set retryCountResetTime */ rc = set_retry_cnt_and_time ( pb, retry_cnt, cur_time ); } else { /* set passwordRetryCount to retry_cnt */ rc = set_retry_cnt ( pb, retry_cnt ); } } slapi_entry_free( e ); return rc; /* success */ }
int ipapwd_getPolicy(const char *dn, Slapi_Entry *target, struct ipapwd_policy *policy) { const char *krbPwdPolicyReference; char *pdn = NULL; Slapi_PBlock *pb = NULL; char *attrs[] = { "krbMaxPwdLife", "krbMinPwdLife", "krbPwdMinDiffChars", "krbPwdMinLength", "krbPwdHistoryLength", NULL}; Slapi_Entry **es = NULL; Slapi_Entry *pe = NULL; int ret, res, scope, i; int buffer_flags=0; Slapi_ValueSet* results = NULL; char *actual_type_name = NULL; LOG_TRACE("Searching policy for [%s]\n", dn); pwd_get_values(target, "krbPwdPolicyReference", &results, &actual_type_name, &buffer_flags); if (results) { Slapi_Value *sv; slapi_valueset_first_value(results, &sv); krbPwdPolicyReference = slapi_value_get_string(sv); pdn = slapi_ch_strdup(krbPwdPolicyReference); } else { /* Fallback to hardcoded value */ pdn = slapi_ch_smprintf("cn=global_policy,%s", ipa_realm_dn); } if (pdn == NULL) { LOG_OOM(); ret = -1; goto done; } LOG_TRACE("Using policy at [%s]\n", pdn); scope = LDAP_SCOPE_BASE; pb = slapi_pblock_new(); slapi_search_internal_set_pb(pb, pdn, scope, "(objectClass=krbPwdPolicy)", attrs, 0, NULL, /* Controls */ NULL, /* UniqueID */ ipapwd_plugin_id, 0); /* Flags */ /* do search the tree */ ret = slapi_search_internal_pb(pb); slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &res); if (ret == -1 || res != LDAP_SUCCESS) { LOG_FATAL("Couldn't find policy, err (%d)\n", res ? res : ret); ret = -1; goto done; } /* get entries */ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &es); if (!es) { LOG_TRACE("No entries ?!"); ret = -1; goto done; } /* count entries */ for (i = 0; es[i]; i++) /* count */ ; /* if there is only one, return that */ if (i == 1) { pe = es[0]; } else { LOG_TRACE("Multiple entries from a base search ?!"); ret = -1; goto done; } /* read data out of policy object */ policy->min_pwd_life = slapi_entry_attr_get_int(pe, "krbMinPwdLife"); policy->max_pwd_life = slapi_entry_attr_get_int(pe, "krbMaxPwdLife"); policy->min_pwd_length = slapi_entry_attr_get_int(pe, "krbPwdMinLength"); policy->history_length = slapi_entry_attr_get_int(pe, "krbPwdHistoryLength"); policy->min_complexity = slapi_entry_attr_get_int(pe, "krbPwdMinDiffChars"); ret = 0; done: if (results) { pwd_values_free(&results, &actual_type_name, buffer_flags); } if (pb) { slapi_free_search_results_internal(pb); slapi_pblock_destroy(pb); } slapi_ch_free_string(&pdn); return ret; }