In the LDAP KDB module's populate_krb5_db_entry, fix the checks for
authorGreg Hudson <ghudson@mit.edu>
Tue, 24 Aug 2010 22:45:37 +0000 (22:45 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 24 Aug 2010 22:45:37 +0000 (22:45 +0000)
the KDB_PRINC_EXPIRE_TIME_ATTR and KDB_PWD_EXPIRE_TIME_ATTR flags so
that they properly succeed when the flags are set.  Bug report from
Rob Crittenden, patch from nalin@redhat.com.

ticket: 6762

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24254 dc483132-0cff-0310-8789-dd5450dbe970

src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c

index 1f3e60e926e475975a88c56a4327bf6a7f2ad230..e9d50196dec46a694578da85e8fa862bb182e504 100644 (file)
@@ -2087,7 +2087,7 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
             goto cleanup;
 
         if (attr_present == TRUE) {
-            if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) {
+            if (mask & KDB_PRINC_EXPIRE_TIME_ATTR) {
                 if (expiretime < entry->expiration)
                     entry->expiration = expiretime;
             } else {
@@ -2127,7 +2127,7 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
             if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0)
                 goto cleanup;
 
-            if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) {
+            if (mask & KDB_PWD_EXPIRE_TIME_ATTR) {
                 if ((last_pw_changed + pw_max_life) < entry->pw_expiration)
                     entry->pw_expiration = last_pw_changed + pw_max_life;
             } else