[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patch to enable account expiration

To: heimdal-discuss@sics.se
Subject: Patch to enable account expiration
From: "James F. Hranicky" <jfh@cise.ufl.edu>
Date: Mon, 13 Dec 2004 16:18:07 -0500
Organization: University of Florida CISE Department
Sender: owner-heimdal-discuss@sics.se

This patch enables account expiration with a samba-ldap backend. 

Is anyone interested in getting lockouts, last successful/unsuccessful
logins, last password change, and perhaps other features enabled 
with the LDAP backend? If so, I could start seeing what I could do. I noticed
that the code for last password change was commented out, but I start by adding
that back. I assume it would require a new field in struct hdb_entry, though.

Thoughts?

Jim

diff -cr heimdal-20041213/lib/hdb/hdb-ldap.c heimdal-20041213.mod/lib/hdb/hdb-ldap.c
*** heimdal-20041213/lib/hdb/hdb-ldap.c	Sun Dec 12 18:29:42 2004
--- heimdal-20041213.mod/lib/hdb/hdb-ldap.c	Mon Dec 13 13:27:10 2004
***************
*** 93,98 ****
--- 93,99 ----
      "sambaNTPassword",
      "sambaPwdLastSet",
      "sambaPwdMustChange",
+     "sambaKickoffTime",
      "uid",
      NULL
  };
***************
*** 543,556 ****
  	}
      }
  
!     if (is_heimdal_entry && ent->valid_end) {
! 	if (orig.valid_end == NULL
! 	    || (*(ent->valid_end) != *(orig.valid_end))) {
! 	    ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
! 					       "krb5ValidEnd",
! 					       ent->valid_end);
! 	    if (ret)
! 		goto out;
  	}
      }
  
--- 544,572 ----
  	}
      }
  
!     if (ent->valid_end) {
! 	if (orig.valid_end == NULL || (*(ent->valid_end) != *(orig.valid_end))) {
!             if (is_heimdal_entry) { 
!                 ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
!                         "krb5ValidEnd",
!                         ent->valid_end);
!                 if (ret)
!                     goto out;
!             }
!             if (is_samba_account) {
!                 rc = asprintf(&tmp, "%ld", *(ent->valid_end));
!                 if (rc < 0) {
!                     krb5_set_error_string(context, "asprintf: out of memory");
!                     ret = ENOMEM;
!                     goto out;
!                 }
!                 ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE,
!                         "sambaKickoffTime", tmp);
!                 free(tmp);
!                 if (ret)
!                     goto out;
!             }
! 
  	}
      }
  
***************
*** 1132,1137 ****
--- 1148,1166 ----
  	ent->valid_end = NULL;
      }
  
+     ret = LDAP_get_integer_value(db, msg, "sambaKickoffTime", &tmp_time);
+     if (ret == 0) {
+ 	if (ent->valid_end == NULL) {
+ 	    ent->valid_end = malloc(sizeof(*ent->valid_end));
+ 	    if (ent->valid_end == NULL) {
+ 		krb5_set_error_string(context, "malloc: out of memory");
+ 		ret = ENOMEM;
+ 		goto out;
+ 	    }
+ 	}
+ 	*ent->valid_end = tmp_time;
+     }
+ 
      ent->pw_end = malloc(sizeof(*ent->pw_end));
      if (ent->pw_end == NULL) {
  	krb5_set_error_string(context, "malloc: out of memory");

Follow-Ups:
- Re: Patch to enable account expiration
  - From: Love <lha@stacken.kth.se>

Prev by Date: Re: Getting tickets for boot scripts
Next by Date: Re: Problems with unified heimdal/samba domain
Prev by thread: Re: Getting tickets for boot scripts
Next by thread: Re: Patch to enable account expiration
Index(es):
- Date
- Thread