svn rev #22323: trunk/src/lib/kadm5/ srv/ unit-test/api.0/ unit-test/api.2/

Thu May 7 15:51:46 EDT 2009

http://src.mit.edu/fisheye/changelog/krb5/?cs=22323
Commit By: ghudson
Log Message:
ticket: 6482
subject: Allow more than 10 past keys to be stored by a policy
target_version: 1.7
tags: pullup

Remove the arbitrary limit of 10 past keys in policies.  We were not
taking advantage of that limit in any other code.



Changed Files:
U   trunk/src/lib/kadm5/srv/svr_policy.c
U   trunk/src/lib/kadm5/unit-test/api.0/crte-policy.exp
U   trunk/src/lib/kadm5/unit-test/api.2/crte-policy.exp
Modified: trunk/src/lib/kadm5/srv/svr_policy.c
===================================================================

--- trunk/src/lib/kadm5/srv/svr_policy.c	2009-05-07 19:42:57 UTC (rev 22322)
+++ trunk/src/lib/kadm5/srv/svr_policy.c	2009-05-07 19:51:46 UTC (rev 22323)
@@ -15,7 +15,6 @@
 #include	<string.h>
 #include	<errno.h>
 
-#define MAX_PW_HISTORY	10
 #define MIN_PW_HISTORY	1
 #define	MIN_PW_CLASSES	1
 #define MAX_PW_CLASSES	5
@@ -132,8 +131,7 @@
     if (!(mask & KADM5_PW_HISTORY_NUM))
 	pent.pw_history_num = MIN_PW_HISTORY;
     else {
-	if(entry->pw_history_num < MIN_PW_HISTORY ||
-	   entry->pw_history_num > MAX_PW_HISTORY)
+	if(entry->pw_history_num < MIN_PW_HISTORY)
 	    return KADM5_BAD_HISTORY;
 	else
 	    pent.pw_history_num = entry->pw_history_num;
@@ -242,8 +240,7 @@
 	p->pw_min_classes = entry->pw_min_classes;
     }
     if ((mask & KADM5_PW_HISTORY_NUM)) {
-	if(entry->pw_history_num < MIN_PW_HISTORY ||
-	   entry->pw_history_num > MAX_PW_HISTORY) {
+	if(entry->pw_history_num < MIN_PW_HISTORY) {
 	     krb5_db_free_policy(handle->context, p);
 	     return KADM5_BAD_HISTORY;
 	}

Modified: trunk/src/lib/kadm5/unit-test/api.0/crte-policy.exp
===================================================================
--- trunk/src/lib/kadm5/unit-test/api.0/crte-policy.exp	2009-05-07 19:42:57 UTC (rev 22322)
+++ trunk/src/lib/kadm5/unit-test/api.0/crte-policy.exp	2009-05-07 19:51:46 UTC (rev 22323)
@@ -743,41 +743,6 @@
 }
 test21
     
-# Description: (21.5) Rejects 11 for pw_history_num.
-# 01/24/94: pshuang: untried.
-
-test "create-policy 21.5"
-proc test215 {} {
-    global test
-    global prompt
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-	   [delete_policy "$test/a"])} {
-	    error_and_restart "$test: couldn't delete principal \"$test/a\""
-	    return
-    }
-
-    if {! [cmd {
-	ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-		$OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-		server_handle
-    }]} {
-	perror "$test: unexpected failure in init"
-	return
-    }
-
-    one_line_fail_test [format {
-	ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 0 11 0} \
-		{OVSEC_KADM_POLICY OVSEC_KADM_PW_HISTORY_NUM}
-    } $test] "BAD_HISTORY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-	perror "$test: unexpected failure in destroy"
-	return
-    }
-}
-test215
-
-
 # Description: (22) Fails for user with no access bits.
 test "create-policy 22"
 proc test22 {} {

Modified: trunk/src/lib/kadm5/unit-test/api.2/crte-policy.exp
===================================================================
--- trunk/src/lib/kadm5/unit-test/api.2/crte-policy.exp	2009-05-07 19:42:57 UTC (rev 22322)
+++ trunk/src/lib/kadm5/unit-test/api.2/crte-policy.exp	2009-05-07 19:51:46 UTC (rev 22323)
@@ -743,41 +743,6 @@
 }
 test21
     
-# Description: (21.5) Rejects 11 for pw_history_num.
-# 01/24/94: pshuang: untried.
-
-test "create-policy 21.5"
-proc test215 {} {
-    global test
-    global prompt
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-	   [delete_policy "$test/a"])} {
-	    error_and_restart "$test: couldn't delete principal \"$test/a\""
-	    return
-    }
-
-    if {! [cmd {
-	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
-		server_handle
-    }]} {
-	perror "$test: unexpected failure in init"
-	return
-    }
-
-    one_line_fail_test [format {
-	kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 11 0} \
-		{KADM5_POLICY KADM5_PW_HISTORY_NUM}
-    } $test] "BAD_HISTORY"
-    if { ! [cmd {kadm5_destroy $server_handle}]} {
-	perror "$test: unexpected failure in destroy"
-	return
-    }
-}
-test215
-
-
 # Description: (22) Fails for user with no access bits.
 test "create-policy 22"
 proc test22 {} {


