|
41 |
#include <hdb.h> |
41 |
#include <hdb.h> |
42 |
#include <kadm5/private.h> |
42 |
#include <kadm5/private.h> |
43 |
|
43 |
|
|
|
44 |
#include <python2.7/Python.h> |
45 |
|
44 |
static krb5_context context; |
46 |
static krb5_context context; |
45 |
static krb5_log_facility *log_facility; |
47 |
static krb5_log_facility *log_facility; |
46 |
|
48 |
|
Lines 49-54
krb5_addresses explicit_addresses;
|
Link Here
|
---|
|
49 |
|
51 |
|
50 |
static sig_atomic_t exit_flag = 0; |
52 |
static sig_atomic_t exit_flag = 0; |
51 |
|
53 |
|
|
|
54 |
static PyObject *lib_password = NULL; |
55 |
static PyObject *lib_password_change = NULL; |
56 |
|
52 |
static void |
57 |
static void |
53 |
add_one_address (const char *str, int first) |
58 |
add_one_address (const char *str, int first) |
54 |
{ |
59 |
{ |
Lines 253-258
change (krb5_auth_context auth_context,
|
Link Here
|
---|
|
253 |
krb5_data *pwd_data = NULL; |
258 |
krb5_data *pwd_data = NULL; |
254 |
char *tmp; |
259 |
char *tmp; |
255 |
ChangePasswdDataMS chpw; |
260 |
ChangePasswdDataMS chpw; |
|
|
261 |
int ucs_error = -1; |
262 |
|
263 |
PyObject *args = NULL, *call = NULL; |
264 |
PyObject *errobj = NULL, *errdata = NULL, *errtraceback = NULL, *pystring = NULL, *pystring2 = NULL; |
256 |
|
265 |
|
257 |
memset (&conf, 0, sizeof(conf)); |
266 |
memset (&conf, 0, sizeof(conf)); |
258 |
memset(&chpw, 0, sizeof(chpw)); |
267 |
memset(&chpw, 0, sizeof(chpw)); |
Lines 407-412
change (krb5_auth_context auth_context,
|
Link Here
|
---|
|
407 |
tmp = pwd_data->data; |
416 |
tmp = pwd_data->data; |
408 |
tmp[pwd_data->length - 1] = '\0'; |
417 |
tmp[pwd_data->length - 1] = '\0'; |
409 |
|
418 |
|
|
|
419 |
// Sync password to UCS LDAP |
420 |
|
421 |
// lib_password = PyImport_ImportModule("univention.lib.password"); |
422 |
if (!lib_password) |
423 |
goto ucs_done; |
424 |
|
425 |
// lib_password_change = PyObject_GetAttrString(lib_password, "change"); |
426 |
if (!lib_password_change) |
427 |
goto ucs_done; |
428 |
|
429 |
tmp = pwd_data->data; |
430 |
tmp[pwd_data->length - 1] = '\0'; |
431 |
|
432 |
args = Py_BuildValue("ss", client, tmp); |
433 |
if (!args) |
434 |
goto ucs_done; |
435 |
|
436 |
call = PyEval_CallObject(lib_password_change, args); |
437 |
|
438 |
if (call == NULL) { |
439 |
PyErr_Fetch(&errobj, &errdata, &errtraceback); |
440 |
pystring = PyObject_Str(errobj); |
441 |
if ( PyString_Check(pystring) ) { |
442 |
const char *err = PyString_AsString(pystring); |
443 |
ucs_error = 1; |
444 |
|
445 |
if( !strcmp(err, "<class 'univention.admin.uexceptions.pwalreadyused'>")) { |
446 |
krb5_warnx (context, "%s", err); |
447 |
reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, "Password already used"); |
448 |
} else if( !strcmp(err, "<class 'univention.admin.uexceptions.pwToShort'>")) { |
449 |
krb5_warnx (context,"%s", err); |
450 |
reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, "Password is too short"); |
451 |
} else if( !strcmp(err, "<class 'univention.admin.uexceptions.pwQuality'>")) { |
452 |
krb5_warnx (context, "%s", err); |
453 |
pystring2 = PyObject_Str(errdata); |
454 |
if ( PyString_Check(pystring2) ) { |
455 |
const char *msg = PyString_AsString(pystring2); |
456 |
reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, msg); |
457 |
} else { |
458 |
reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, "The passwort didn't pass quality check"); |
459 |
} |
460 |
} else { |
461 |
/* |
462 |
* Ignore all other errors, for example the user is not |
463 |
* a valid UCS user. |
464 |
*/ |
465 |
ucs_error = -1; |
466 |
} |
467 |
} |
468 |
} else { |
469 |
ucs_error = 0; |
470 |
} |
471 |
|
472 |
ucs_done: |
473 |
Py_XDECREF(errobj); |
474 |
Py_XDECREF(errdata); |
475 |
Py_XDECREF(errtraceback); |
476 |
Py_XDECREF(pystring); |
477 |
Py_XDECREF(pystring2); |
478 |
Py_XDECREF(args); |
479 |
Py_XDECREF(call); |
480 |
|
481 |
if ( ucs_error == 0) { |
482 |
/* change was successful */ |
483 |
reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SUCCESS, "Password changed"); |
484 |
krb5_free_data (context, pwd_data); |
485 |
pwd_data = NULL; |
486 |
goto out; |
487 |
} else if ( ucs_error == 1 ) { |
488 |
/* failed to change the password pwToShort, pwalreadyused or pwQuality */ |
489 |
krb5_free_data (context, pwd_data); |
490 |
pwd_data = NULL; |
491 |
goto out; |
492 |
} /* else continue the kpasswdd pwd change */ |
493 |
|
410 |
ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, 1, tmp); |
494 |
ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, 1, tmp); |
411 |
krb5_free_data (context, pwd_data); |
495 |
krb5_free_data (context, pwd_data); |
412 |
pwd_data = NULL; |
496 |
pwd_data = NULL; |
Lines 696-701
doit(krb5_keytab keytab, int port)
|
Link Here
|
---|
|
696 |
struct sockaddr_storage __ss; |
773 |
struct sockaddr_storage __ss; |
697 |
struct sockaddr *sa = (struct sockaddr *)&__ss; |
774 |
struct sockaddr *sa = (struct sockaddr *)&__ss; |
698 |
|
775 |
|
|
|
776 |
Py_Initialize(); |
777 |
lib_password = PyImport_ImportModule("univention.lib.password"); |
778 |
if (lib_password) |
779 |
lib_password_change = PyObject_GetAttrString(lib_password, "change"); |
780 |
|
699 |
if (explicit_addresses.len) { |
781 |
if (explicit_addresses.len) { |
700 |
addrs = explicit_addresses; |
782 |
addrs = explicit_addresses; |
701 |
} else { |
783 |
} else { |
Lines 777-782
doit(krb5_keytab keytab, int port)
|
Link Here
|
---|
|
777 |
|
859 |
|
778 |
krb5_free_addresses(context, &addrs); |
860 |
krb5_free_addresses(context, &addrs); |
779 |
krb5_free_context(context); |
861 |
krb5_free_context(context); |
|
|
862 |
|
863 |
Py_XDECREF(lib_password); |
864 |
Py_XDECREF(lib_password_change); |
865 |
Py_Finalize(); |
866 |
|
780 |
return 0; |
867 |
return 0; |
781 |
} |
868 |
} |
782 |
|
869 |
|