From 1535cbcbc0aae55fc70f1004ed35679b52127945 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 13 Dec 2006 22:11:35 +0000 Subject: [PATCH] pull up r18946 from trunk r18946@cathode-dark-space: raeburn | 2006-12-12 20:27:24 -0500 ticket: 5005 pull r18926 up to trunk; ready for pullup to 1.6 branch LDAP plugin was returning the code defaults if maxlife, maxrenewlife and ticket flags were not set in the realm object. The plugin would now return values from the conf file if not present in directory. Commit By: rsavitha Revision: 18926 Changed Files: U users/rsavitha/ldap_plugin_patch/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c U users/rsavitha/ldap_plugin_patch/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c ticket: 5005 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18952 dc483132-0cff-0310-8789-dd5450dbe970 --- src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c | 45 ++++++++++++++++++- .../kdb/ldap/libkdb_ldap/ldap_principal2.c | 4 -- 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index 883897bc8..40bde9e21 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -37,6 +37,7 @@ #include "kdb_ldap.h" #include "ldap_misc.h" #include +#include krb5_error_code krb5_ldap_get_db_opt(char *input, char **opt, char **val) @@ -99,8 +100,8 @@ krb5_ldap_read_startup_information(krb5_context context) krb5_error_code retval = 0; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; - int mask=0; - + int mask = 0; + SETUP_CONTEXT(); if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) { prepend_err_str (context, "Unable to read Kerberos container", retval, retval); @@ -112,6 +113,46 @@ krb5_ldap_read_startup_information(krb5_context context) goto cleanup; } + if (((mask & LDAP_REALM_MAXTICKETLIFE) == 0) || ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) + || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) { + kadm5_config_params params_in, params_out; + + memset((char *) ¶ms_in, 0, sizeof(params_in)); + memset((char *) ¶ms_out, 0, sizeof(params_out)); + + retval = kadm5_get_config_params(context, 1, ¶ms_in, ¶ms_out); + if (retval) { + if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) { + ldap_context->lrparams->max_life = 24 * 60 * 60; /* 1 day */ + } + if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) { + ldap_context->lrparams->max_renewable_life = 0; + } + if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) { + ldap_context->lrparams->tktflags = KRB5_KDB_DEF_FLAGS; + } + retval = 0; + goto cleanup; + } + + if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) { + if (params_out.mask & KADM5_CONFIG_MAX_LIFE) + ldap_context->lrparams->max_life = params_out.max_life; + } + + if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) { + if (params_out.mask & KADM5_CONFIG_MAX_RLIFE) + ldap_context->lrparams->max_renewable_life = params_out.max_rlife; + } + + if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) { + if (params_out.mask & KADM5_CONFIG_FLAGS) + ldap_context->lrparams->tktflags = params_out.flags; + } + + kadm5_free_config_params(context, ¶ms_out); + } + cleanup: return retval; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index a2bfd60ef..7926484c7 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -1186,8 +1186,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy) entries->max_life = tktpoldnparam->maxtktlife; else if (ldap_context->lrparams->max_life) entries->max_life = ldap_context->lrparams->max_life; - else - entries->max_life = KRB5_KDB_MAX_LIFE; } if ((mask & KDB_MAX_RLIFE_ATTR) == 0) { @@ -1195,8 +1193,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy) entries->max_renewable_life = tktpoldnparam->maxrenewlife; else if (ldap_context->lrparams->max_renewable_life) entries->max_renewable_life = ldap_context->lrparams->max_renewable_life; - else - entries->max_renewable_life = KRB5_KDB_MAX_RLIFE; } if ((mask & KDB_TKT_FLAGS_ATTR) == 0) { -- 2.26.2