From: Tom Yu Date: Wed, 13 Dec 2006 22:11:35 +0000 (+0000) Subject: pull up r18946 from trunk X-Git-Tag: krb5-1.6-beta2~24 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=1535cbcbc0aae55fc70f1004ed35679b52127945;p=krb5.git pull up r18946 from trunk r18946@cathode-dark-space: raeburn | 2006-12-12 20:27:24 -0500 ticket: 5005 pull r18926 up to trunk; ready for pullup to 1.6 branch LDAP plugin was returning the code defaults if maxlife, maxrenewlife and ticket flags were not set in the realm object. The plugin would now return values from the conf file if not present in directory. Commit By: rsavitha Revision: 18926 Changed Files: U users/rsavitha/ldap_plugin_patch/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c U users/rsavitha/ldap_plugin_patch/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c ticket: 5005 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18952 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index 883897bc8..40bde9e21 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -37,6 +37,7 @@ #include "kdb_ldap.h" #include "ldap_misc.h" #include +#include krb5_error_code krb5_ldap_get_db_opt(char *input, char **opt, char **val) @@ -99,8 +100,8 @@ krb5_ldap_read_startup_information(krb5_context context) krb5_error_code retval = 0; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; - int mask=0; - + int mask = 0; + SETUP_CONTEXT(); if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) { prepend_err_str (context, "Unable to read Kerberos container", retval, retval); @@ -112,6 +113,46 @@ krb5_ldap_read_startup_information(krb5_context context) goto cleanup; } + if (((mask & LDAP_REALM_MAXTICKETLIFE) == 0) || ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) + || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) { + kadm5_config_params params_in, params_out; + + memset((char *) ¶ms_in, 0, sizeof(params_in)); + memset((char *) ¶ms_out, 0, sizeof(params_out)); + + retval = kadm5_get_config_params(context, 1, ¶ms_in, ¶ms_out); + if (retval) { + if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) { + ldap_context->lrparams->max_life = 24 * 60 * 60; /* 1 day */ + } + if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) { + ldap_context->lrparams->max_renewable_life = 0; + } + if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) { + ldap_context->lrparams->tktflags = KRB5_KDB_DEF_FLAGS; + } + retval = 0; + goto cleanup; + } + + if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) { + if (params_out.mask & KADM5_CONFIG_MAX_LIFE) + ldap_context->lrparams->max_life = params_out.max_life; + } + + if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) { + if (params_out.mask & KADM5_CONFIG_MAX_RLIFE) + ldap_context->lrparams->max_renewable_life = params_out.max_rlife; + } + + if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) { + if (params_out.mask & KADM5_CONFIG_FLAGS) + ldap_context->lrparams->tktflags = params_out.flags; + } + + kadm5_free_config_params(context, ¶ms_out); + } + cleanup: return retval; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index a2bfd60ef..7926484c7 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -1186,8 +1186,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy) entries->max_life = tktpoldnparam->maxtktlife; else if (ldap_context->lrparams->max_life) entries->max_life = ldap_context->lrparams->max_life; - else - entries->max_life = KRB5_KDB_MAX_LIFE; } if ((mask & KDB_MAX_RLIFE_ATTR) == 0) { @@ -1195,8 +1193,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy) entries->max_renewable_life = tktpoldnparam->maxrenewlife; else if (ldap_context->lrparams->max_renewable_life) entries->max_renewable_life = ldap_context->lrparams->max_renewable_life; - else - entries->max_renewable_life = KRB5_KDB_MAX_RLIFE; } if ((mask & KDB_TKT_FLAGS_ATTR) == 0) {