#include "kdb_ldap.h"
#include "ldap_misc.h"
#include <kdb5.h>
+#include <kadm5/admin.h>
krb5_error_code
krb5_ldap_get_db_opt(char *input, char **opt, char **val)
krb5_error_code retval = 0;
kdb5_dal_handle *dal_handle=NULL;
krb5_ldap_context *ldap_context=NULL;
- int mask=0;
-
+ int mask = 0;
+
SETUP_CONTEXT();
if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) {
prepend_err_str (context, "Unable to read Kerberos container", retval, retval);
goto cleanup;
}
+ if (((mask & LDAP_REALM_MAXTICKETLIFE) == 0) || ((mask & LDAP_REALM_MAXRENEWLIFE) == 0)
+ || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) {
+ kadm5_config_params params_in, params_out;
+
+ memset((char *) ¶ms_in, 0, sizeof(params_in));
+ memset((char *) ¶ms_out, 0, sizeof(params_out));
+
+ retval = kadm5_get_config_params(context, 1, ¶ms_in, ¶ms_out);
+ if (retval) {
+ if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
+ ldap_context->lrparams->max_life = 24 * 60 * 60; /* 1 day */
+ }
+ if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
+ ldap_context->lrparams->max_renewable_life = 0;
+ }
+ if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
+ ldap_context->lrparams->tktflags = KRB5_KDB_DEF_FLAGS;
+ }
+ retval = 0;
+ goto cleanup;
+ }
+
+ if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
+ if (params_out.mask & KADM5_CONFIG_MAX_LIFE)
+ ldap_context->lrparams->max_life = params_out.max_life;
+ }
+
+ if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
+ if (params_out.mask & KADM5_CONFIG_MAX_RLIFE)
+ ldap_context->lrparams->max_renewable_life = params_out.max_rlife;
+ }
+
+ if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
+ if (params_out.mask & KADM5_CONFIG_FLAGS)
+ ldap_context->lrparams->tktflags = params_out.flags;
+ }
+
+ kadm5_free_config_params(context, ¶ms_out);
+ }
+
cleanup:
return retval;
}
entries->max_life = tktpoldnparam->maxtktlife;
else if (ldap_context->lrparams->max_life)
entries->max_life = ldap_context->lrparams->max_life;
- else
- entries->max_life = KRB5_KDB_MAX_LIFE;
}
if ((mask & KDB_MAX_RLIFE_ATTR) == 0) {
entries->max_renewable_life = tktpoldnparam->maxrenewlife;
else if (ldap_context->lrparams->max_renewable_life)
entries->max_renewable_life = ldap_context->lrparams->max_renewable_life;
- else
- entries->max_renewable_life = KRB5_KDB_MAX_RLIFE;
}
if ((mask & KDB_TKT_FLAGS_ATTR) == 0) {