oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Check for principals changing their own passwords.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4622 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1998-03-21 00:51:03 +00:00
parent 0a2002c848
commit 400133be0b
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
kadmin/server.c
View File

@@ -293,7 +293,11 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
}
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
/* anyone can change her/his own password */
if(!krb5_principal_compare(context->context, context->caller, princ))
ret = KADM5_AUTH_INSUFFICIENT;
if(ret)
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
if(ret){
krb5_free_principal(context->context, princ);
goto fail;
@@ -313,7 +317,11 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
goto fail;
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
/* anyone can change her/his own password */
if(!krb5_principal_compare(context->context, context->caller, princ))
ret = KADM5_AUTH_INSUFFICIENT;
if(ret)
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
if(ret){
krb5_free_principal(context->context, princ);
goto fail;

12
lib/kadm5/server.c
View File

@@ -293,7 +293,11 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
}
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
/* anyone can change her/his own password */
if(!krb5_principal_compare(context->context, context->caller, princ))
ret = KADM5_AUTH_INSUFFICIENT;
if(ret)
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
if(ret){
krb5_free_principal(context->context, princ);
goto fail;
@@ -313,7 +317,11 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
goto fail;
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
/* anyone can change her/his own password */
if(!krb5_principal_compare(context->context, context->caller, princ))
ret = KADM5_AUTH_INSUFFICIENT;
if(ret)
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW);
if(ret){
krb5_free_principal(context->context, princ);
goto fail;