From ae9cca63ec3361417215f59f578e20d16cd05e13 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Wed, 13 Dec 2006 01:27:24 +0000 Subject: [PATCH] pull r18926 up to trunk; ready for pullup to 1.6 branch ticket: 5005 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18946 dc483132-0cff-0310-8789-dd5450dbe970 --- src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c | 45 ++++++++++++++++++- .../kdb/ldap/libkdb_ldap/ldap_principal2.c | 4 -- 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index 883897bc8..40bde9e21 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -37,6 +37,7 @@ #include "kdb_ldap.h" #include "ldap_misc.h" #include +#include krb5_error_code krb5_ldap_get_db_opt(char *input, char **opt, char **val) @@ -99,8 +100,8 @@ krb5_ldap_read_startup_information(krb5_context context) krb5_error_code retval = 0; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; - int mask=0; - + int mask = 0; + SETUP_CONTEXT(); if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) { prepend_err_str (context, "Unable to read Kerberos container", retval, retval); @@ -112,6 +113,46 @@ krb5_ldap_read_startup_information(krb5_context context) goto cleanup; } + if (((mask & LDAP_REALM_MAXTICKETLIFE) == 0) || ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) + || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) { + kadm5_config_params params_in, params_out; + + memset((char *) ¶ms_in, 0, sizeof(params_in)); + memset((char *) ¶ms_out, 0, sizeof(params_out)); + + retval = kadm5_get_config_params(context, 1, ¶ms_in, ¶ms_out); + if (retval) { + if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) { + ldap_context->lrparams->max_life = 24 * 60 * 60; /* 1 day */ + } + if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) { + ldap_context->lrparams->max_renewable_life = 0; + } + if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) { + ldap_context->lrparams->tktflags = KRB5_KDB_DEF_FLAGS; + } + retval = 0; + goto cleanup; + } + + if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) { + if (params_out.mask & KADM5_CONFIG_MAX_LIFE) + ldap_context->lrparams->max_life = params_out.max_life; + } + + if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) { + if (params_out.mask & KADM5_CONFIG_MAX_RLIFE) + ldap_context->lrparams->max_renewable_life = params_out.max_rlife; + } + + if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) { + if (params_out.mask & KADM5_CONFIG_FLAGS) + ldap_context->lrparams->tktflags = params_out.flags; + } + + kadm5_free_config_params(context, ¶ms_out); + } + cleanup: return retval; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index a2bfd60ef..7926484c7 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -1186,8 +1186,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy) entries->max_life = tktpoldnparam->maxtktlife; else if (ldap_context->lrparams->max_life) entries->max_life = ldap_context->lrparams->max_life; - else - entries->max_life = KRB5_KDB_MAX_LIFE; } if ((mask & KDB_MAX_RLIFE_ATTR) == 0) { @@ -1195,8 +1193,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy) entries->max_renewable_life = tktpoldnparam->maxrenewlife; else if (ldap_context->lrparams->max_renewable_life) entries->max_renewable_life = ldap_context->lrparams->max_renewable_life; - else - entries->max_renewable_life = KRB5_KDB_MAX_RLIFE; } if ((mask & KDB_TKT_FLAGS_ATTR) == 0) { -- 2.26.2