aboutsummaryrefslogtreecommitdiff
path: root/src/lib/kadm5/srv/svr_policy.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/kadm5/srv/svr_policy.c')
-rw-r--r--src/lib/kadm5/srv/svr_policy.c33
1 files changed, 33 insertions, 0 deletions
diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c
index 5b7828c..0d8c5ce 100644
--- a/src/lib/kadm5/srv/svr_policy.c
+++ b/src/lib/kadm5/srv/svr_policy.c
@@ -140,6 +140,26 @@ kadm5_create_policy_internal(void *server_handle,
pent.policy_refcnt = 0;
else
pent.policy_refcnt = entry->policy_refcnt;
+
+ if (handle->api_version == KADM5_API_VERSION_3) {
+ if (!(mask & KADM5_PW_MAX_FAILURE))
+ pent.pw_max_fail = 0;
+ else
+ pent.pw_max_fail = entry->pw_max_fail;
+ if (!(mask & KADM5_PW_FAILURE_COUNT_INTERVAL))
+ pent.pw_failcnt_interval = 0;
+ else
+ pent.pw_failcnt_interval = entry->pw_failcnt_interval;
+ if (!(mask & KADM5_PW_LOCKOUT_DURATION))
+ pent.pw_lockout_duration = 0;
+ else
+ pent.pw_lockout_duration = entry->pw_lockout_duration;
+ } else {
+ pent.pw_max_fail = 0;
+ pent.pw_failcnt_interval = 0;
+ pent.pw_lockout_duration = 0;
+ }
+
if ((ret = krb5_db_create_policy(handle->context, &pent)))
return ret;
else
@@ -248,6 +268,14 @@ kadm5_modify_policy_internal(void *server_handle,
}
if ((mask & KADM5_REF_COUNT))
p->policy_refcnt = entry->policy_refcnt;
+ if (handle->api_version == KADM5_API_VERSION_3) {
+ if ((mask & KADM5_PW_MAX_FAILURE))
+ p->pw_max_fail = entry->pw_max_fail;
+ if ((mask & KADM5_PW_FAILURE_COUNT_INTERVAL))
+ p->pw_failcnt_interval = entry->pw_failcnt_interval;
+ if ((mask & KADM5_PW_LOCKOUT_DURATION))
+ p->pw_lockout_duration = entry->pw_lockout_duration;
+ }
ret = krb5_db_put_policy(handle->context, p);
krb5_db_free_policy(handle->context, p);
return ret;
@@ -286,6 +314,11 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
entry->pw_min_classes = t->pw_min_classes;
entry->pw_history_num = t->pw_history_num;
entry->policy_refcnt = t->policy_refcnt;
+ if (handle->api_version == KADM5_API_VERSION_3) {
+ entry->pw_max_fail = t->pw_max_fail;
+ entry->pw_failcnt_interval = t->pw_failcnt_interval;
+ entry->pw_lockout_duration = t->pw_lockout_duration;
+ }
krb5_db_free_policy(handle->context, t);
return KADM5_OK;
generated by cgit v1.1 at 2024-07-09 15:19:32 +0000