pull r18926 up to trunk; ready for pullup to 1.6 branch

ticket: 5005

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18946 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
index 883897bc868ee182a73789f617d40580cbbaaee4..40bde9e21637946fdf0a4586797dde954199d0a8 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
@@ -37,6 +37,7 @@
 #include "kdb_ldap.h"
 #include "ldap_misc.h"
 #include <kdb5.h>
+#include <kadm5/admin.h>
 
 krb5_error_code
 krb5_ldap_get_db_opt(char *input, char **opt, char **val)
@@ -99,8 +100,8 @@ krb5_ldap_read_startup_information(krb5_context context)
     krb5_error_code      retval = 0;
     kdb5_dal_handle      *dal_handle=NULL;
     krb5_ldap_context    *ldap_context=NULL;
-    int                  mask=0;
-
+    int                  mask = 0;
+                                                                                                                             
     SETUP_CONTEXT();
     if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) {
        prepend_err_str (context, "Unable to read Kerberos container", retval, retval);
@@ -112,6 +113,46 @@ krb5_ldap_read_startup_information(krb5_context context)
        goto cleanup;
     }
 
+    if (((mask & LDAP_REALM_MAXTICKETLIFE) == 0) || ((mask & LDAP_REALM_MAXRENEWLIFE) == 0)
+                                                 || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) {
+        kadm5_config_params  params_in, params_out;
+
+        memset((char *) &params_in, 0, sizeof(params_in));
+        memset((char *) &params_out, 0, sizeof(params_out));
+
+        retval = kadm5_get_config_params(context, 1, &params_in, &params_out);
+        if (retval) {
+            if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
+                ldap_context->lrparams->max_life = 24 * 60 * 60; /* 1 day */
+            }
+            if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
+                ldap_context->lrparams->max_renewable_life = 0;
+            }
+            if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
+                ldap_context->lrparams->tktflags = KRB5_KDB_DEF_FLAGS;
+            }
+            retval = 0;
+            goto cleanup;
+        }
+
+        if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
+            if (params_out.mask & KADM5_CONFIG_MAX_LIFE)
+                ldap_context->lrparams->max_life = params_out.max_life;
+        }
+
+        if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
+            if (params_out.mask & KADM5_CONFIG_MAX_RLIFE)
+                ldap_context->lrparams->max_renewable_life = params_out.max_rlife;
+        }
+
+        if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
+            if (params_out.mask & KADM5_CONFIG_FLAGS)
+                ldap_context->lrparams->tktflags = params_out.flags;
+        }
+
+        kadm5_free_config_params(context, &params_out);
+    }
+
 cleanup:
     return retval;
 }

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index a2bfd60ef5909d4561a89070efa191af57aea167..7926484c71c72df4add7d234ea813684acd30ab8 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -1186,8 +1186,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy)
            entries->max_life = tktpoldnparam->maxtktlife;
        else if (ldap_context->lrparams->max_life)
            entries->max_life = ldap_context->lrparams->max_life;
-       else
-           entries->max_life = KRB5_KDB_MAX_LIFE;
     }
 
     if ((mask & KDB_MAX_RLIFE_ATTR) == 0) {
@@ -1195,8 +1193,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy)
            entries->max_renewable_life = tktpoldnparam->maxrenewlife;
        else if (ldap_context->lrparams->max_renewable_life)
            entries->max_renewable_life = ldap_context->lrparams->max_renewable_life;
-       else
-           entries->max_renewable_life = KRB5_KDB_MAX_RLIFE;
     }
 
     if ((mask & KDB_TKT_FLAGS_ATTR) == 0) {