pull up r18946 from trunk
authorTom Yu <tlyu@mit.edu>
Wed, 13 Dec 2006 22:11:35 +0000 (22:11 +0000)
committerTom Yu <tlyu@mit.edu>
Wed, 13 Dec 2006 22:11:35 +0000 (22:11 +0000)
 r18946@cathode-dark-space:  raeburn | 2006-12-12 20:27:24 -0500
 ticket: 5005

 pull r18926 up to trunk; ready for pullup to 1.6 branch

LDAP plugin was returning the code defaults if maxlife, maxrenewlife and
ticket flags were not set in the realm object. The plugin would now
return values from the conf file if not present in directory.

Commit By: rsavitha

Revision: 18926
Changed Files:
U   users/rsavitha/ldap_plugin_patch/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
U   users/rsavitha/ldap_plugin_patch/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c

ticket: 5005

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18952 dc483132-0cff-0310-8789-dd5450dbe970

src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c

index 883897bc868ee182a73789f617d40580cbbaaee4..40bde9e21637946fdf0a4586797dde954199d0a8 100644 (file)
@@ -37,6 +37,7 @@
 #include "kdb_ldap.h"
 #include "ldap_misc.h"
 #include <kdb5.h>
+#include <kadm5/admin.h>
 
 krb5_error_code
 krb5_ldap_get_db_opt(char *input, char **opt, char **val)
@@ -99,8 +100,8 @@ krb5_ldap_read_startup_information(krb5_context context)
     krb5_error_code      retval = 0;
     kdb5_dal_handle      *dal_handle=NULL;
     krb5_ldap_context    *ldap_context=NULL;
-    int                  mask=0;
-
+    int                  mask = 0;
+                                                                                                                             
     SETUP_CONTEXT();
     if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) {
        prepend_err_str (context, "Unable to read Kerberos container", retval, retval);
@@ -112,6 +113,46 @@ krb5_ldap_read_startup_information(krb5_context context)
        goto cleanup;
     }
 
+    if (((mask & LDAP_REALM_MAXTICKETLIFE) == 0) || ((mask & LDAP_REALM_MAXRENEWLIFE) == 0)
+                                                 || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) {
+        kadm5_config_params  params_in, params_out;
+
+        memset((char *) &params_in, 0, sizeof(params_in));
+        memset((char *) &params_out, 0, sizeof(params_out));
+
+        retval = kadm5_get_config_params(context, 1, &params_in, &params_out);
+        if (retval) {
+            if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
+                ldap_context->lrparams->max_life = 24 * 60 * 60; /* 1 day */
+            }
+            if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
+                ldap_context->lrparams->max_renewable_life = 0;
+            }
+            if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
+                ldap_context->lrparams->tktflags = KRB5_KDB_DEF_FLAGS;
+            }
+            retval = 0;
+            goto cleanup;
+        }
+
+        if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
+            if (params_out.mask & KADM5_CONFIG_MAX_LIFE)
+                ldap_context->lrparams->max_life = params_out.max_life;
+        }
+
+        if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
+            if (params_out.mask & KADM5_CONFIG_MAX_RLIFE)
+                ldap_context->lrparams->max_renewable_life = params_out.max_rlife;
+        }
+
+        if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
+            if (params_out.mask & KADM5_CONFIG_FLAGS)
+                ldap_context->lrparams->tktflags = params_out.flags;
+        }
+
+        kadm5_free_config_params(context, &params_out);
+    }
+
 cleanup:
     return retval;
 }
index a2bfd60ef5909d4561a89070efa191af57aea167..7926484c71c72df4add7d234ea813684acd30ab8 100644 (file)
@@ -1186,8 +1186,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy)
            entries->max_life = tktpoldnparam->maxtktlife;
        else if (ldap_context->lrparams->max_life)
            entries->max_life = ldap_context->lrparams->max_life;
-       else
-           entries->max_life = KRB5_KDB_MAX_LIFE;
     }
 
     if ((mask & KDB_MAX_RLIFE_ATTR) == 0) {
@@ -1195,8 +1193,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy)
            entries->max_renewable_life = tktpoldnparam->maxrenewlife;
        else if (ldap_context->lrparams->max_renewable_life)
            entries->max_renewable_life = ldap_context->lrparams->max_renewable_life;
-       else
-           entries->max_renewable_life = KRB5_KDB_MAX_RLIFE;
     }
 
     if ((mask & KDB_TKT_FLAGS_ATTR) == 0) {