krb5 commit: Factor out LDAP policy marshalling
Greg Hudson
ghudson at MIT.EDU
Thu Jul 26 12:25:28 EDT 2012
https://github.com/krb5/krb5/commit/9c2e435d02d91018be41a55e0412b9256b40b583
commit 9c2e435d02d91018be41a55e0412b9256b40b583
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Jul 26 12:25:01 2012 -0400
Factor out LDAP policy marshalling
Use a helper function add_policy_mods() in
krb5_ldap_create_password_policy() and krb5_ldap_put_password_policy()
to avoid duplicating code for each field.
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c | 87 ++++++++++++-------
1 files changed, 55 insertions(+), 32 deletions(-)
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
index 03502c9..f65f626 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
@@ -43,6 +43,57 @@ static char *password_policy_attributes[] = { "cn", "krbmaxpwdlife", "krbminpwdl
"krbpwdfailurecountinterval",
"krbpwdlockoutduration", NULL };
+/* Fill in mods with LDAP operations for the fields of policy, using the
+ * modification type op. mods must be freed by the caller on error. */
+static krb5_error_code
+add_policy_mods(krb5_context context, LDAPMod ***mods, osa_policy_ent_t policy,
+ int op)
+{
+ krb5_error_code st;
+
+ st = krb5_add_int_mem_ldap_mod(mods, "krbmaxpwdlife", op,
+ (int)policy->pw_max_life);
+ if (st)
+ return st;
+
+ st = krb5_add_int_mem_ldap_mod(mods, "krbminpwdlife", op,
+ (int)policy->pw_min_life);
+ if (st)
+ return st;
+
+ st = krb5_add_int_mem_ldap_mod(mods, "krbpwdmindiffchars", op,
+ (int)policy->pw_min_classes);
+ if (st)
+ return st;
+
+ st = krb5_add_int_mem_ldap_mod(mods, "krbpwdminlength", op,
+ (int)policy->pw_min_length);
+ if (st)
+ return st;
+
+ st = krb5_add_int_mem_ldap_mod(mods, "krbpwdhistorylength", op,
+ (int)policy->pw_history_num);
+ if (st)
+ return st;
+
+ st = krb5_add_int_mem_ldap_mod(mods, "krbpwdmaxfailure", op,
+ (int)policy->pw_max_fail);
+ if (st)
+ return st;
+
+ st = krb5_add_int_mem_ldap_mod(mods, "krbpwdfailurecountinterval", op,
+ (int)policy->pw_failcnt_interval);
+ if (st)
+ return st;
+
+ st = krb5_add_int_mem_ldap_mod(mods, "krbpwdlockoutduration", op,
+ (int)policy->pw_lockout_duration);
+ if (st)
+ return st;
+
+ return 0;
+}
+
/*
* Function to create password policy object.
*/
@@ -89,22 +140,8 @@ krb5_ldap_create_password_policy(krb5_context context, osa_policy_ent_t policy)
if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
goto cleanup;
- if (((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxpwdlife", LDAP_MOD_ADD,
- (signed) policy->pw_max_life)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbminpwdlife", LDAP_MOD_ADD,
- (signed) policy->pw_min_life)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmindiffchars", LDAP_MOD_ADD,
- (signed) policy->pw_min_classes)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdminlength", LDAP_MOD_ADD,
- (signed) policy->pw_min_length)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdhistorylength", LDAP_MOD_ADD,
- (signed) policy->pw_history_num)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmaxfailure", LDAP_MOD_ADD,
- (signed) policy->pw_max_fail)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdfailurecountinterval", LDAP_MOD_ADD,
- (signed) policy->pw_failcnt_interval)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdlockoutduration", LDAP_MOD_ADD,
- (signed) policy->pw_lockout_duration)) != 0))
+ st = add_policy_mods(context, &mods, policy, LDAP_MOD_ADD);
+ if (st)
goto cleanup;
/* password policy object creation */
@@ -153,22 +190,8 @@ krb5_ldap_put_password_policy(krb5_context context, osa_policy_ent_t policy)
if (st != 0)
goto cleanup;
- if (((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxpwdlife", LDAP_MOD_REPLACE,
- (signed) policy->pw_max_life)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbminpwdlife", LDAP_MOD_REPLACE,
- (signed) policy->pw_min_life)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmindiffchars", LDAP_MOD_REPLACE,
- (signed) policy->pw_min_classes)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdminlength", LDAP_MOD_REPLACE,
- (signed) policy->pw_min_length)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdhistorylength", LDAP_MOD_REPLACE,
- (signed) policy->pw_history_num)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmaxfailure", LDAP_MOD_REPLACE,
- (signed) policy->pw_max_fail)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdfailurecountinterval", LDAP_MOD_REPLACE,
- (signed) policy->pw_failcnt_interval)) != 0)
- || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdlockoutduration", LDAP_MOD_REPLACE,
- (signed) policy->pw_lockout_duration)) != 0))
+ st = add_policy_mods(context, &mods, policy, LDAP_MOD_REPLACE);
+ if (st)
goto cleanup;
/* modify the password policy object. */
More information about the cvs-krb5
mailing list