diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-01-13 10:54:37 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-01-15 15:05:23 -0500 |
| commit | e987546b4ff1689bb711cc46118ad9fc0a5613f6 (patch) | |
| tree | 4c2a2d919733b173f970e3fcc5e3995d6c9d0530 | |
| parent | 744d6c334fa8448c604c3948a10b88098a6dcf51 (diff) | |
| download | krb5-e987546b4ff1689bb711cc46118ad9fc0a5613f6.tar.gz krb5-e987546b4ff1689bb711cc46118ad9fc0a5613f6.tar.xz krb5-e987546b4ff1689bb711cc46118ad9fc0a5613f6.zip | |
Remove KDC macros for realm config fields
Stop using macros to refer to kdc_realm_t fields, as they could
conflict with structure field names for the same. Leave behind the
kdc_context and tgs_server macros for now.
| -rw-r--r-- | src/kdc/do_as_req.c | 2 | ||||
| -rw-r--r-- | src/kdc/do_tgs_req.c | 6 | ||||
| -rw-r--r-- | src/kdc/kdc_util.c | 9 | ||||
| -rw-r--r-- | src/kdc/realm_data.h | 7 |
4 files changed, 9 insertions, 15 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 453f319ce1..4f0fc2e630 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -702,7 +702,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, min(rtime, state->enc_tkt_reply.times.starttime + min(state->client->max_renewable_life, min(state->server->max_renewable_life, - max_renewable_life_for_realm))); + kdc_active_realm->realm_maxrlife))); } else state->enc_tkt_reply.times.renew_till = 0; /* XXX */ diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 1e7331347a..d2b89e25ec 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -462,7 +462,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt, min(header_enc_tkt->times.renew_till, enc_tkt_reply.times.starttime + min(server->max_renewable_life, - max_renewable_life_for_realm))); + kdc_active_realm->realm_maxrlife))); } else { enc_tkt_reply.times.renew_till = 0; } @@ -641,8 +641,8 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt, } } else krb5_klog_syslog(LOG_INFO, _("not checking transit path")); - if (reject_bad_transit - && !isflagset (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED)) { + if (kdc_active_realm->realm_reject_bad_transit && + !isflagset(enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED)) { errcode = KRB5KDC_ERR_POLICY; status = "BAD_TRANSIT"; goto cleanup; diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 6722d5a8be..930aa7a5ea 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -568,7 +568,7 @@ check_anon(kdc_realm_t *kdc_active_realm, { /* If restrict_anon is set, reject requests from anonymous to principals * other than the local TGT. */ - if (restrict_anon && + if (kdc_active_realm->realm_restrict_anon && krb5_principal_compare_any_realm(kdc_context, client, krb5_anonymous_principal()) && !krb5_principal_compare(kdc_context, server, tgs_server)) @@ -909,7 +909,8 @@ dbentry_supports_enctype(kdc_realm_t *kdc_active_realm, krb5_db_entry *server, /* If configured to, assume every server without a session_enctypes * attribute supports DES_CBC_CRC. */ - if (assume_des_crc_sess && enctype == ENCTYPE_DES_CBC_CRC) + if (kdc_active_realm->realm_assume_des_crc_sess && + enctype == ENCTYPE_DES_CBC_CRC) return TRUE; /* Due to an ancient interop problem, assume nothing supports des-cbc-md5 @@ -1884,8 +1885,8 @@ kdc_get_ticket_endtime(kdc_realm_t *kdc_active_realm, life = min(life, client->max_life); if (server->max_life != 0) life = min(life, server->max_life); - if (max_life_for_realm != 0) - life = min(life, max_life_for_realm); + if (kdc_active_realm->realm_maxlife != 0) + life = min(life, kdc_active_realm->realm_maxlife); *out_endtime = starttime + life; } diff --git a/src/kdc/realm_data.h b/src/kdc/realm_data.h index c1a64fba09..79ac1e1866 100644 --- a/src/kdc/realm_data.h +++ b/src/kdc/realm_data.h @@ -91,13 +91,6 @@ kdc_realm_t *setup_server_realm(struct server_handle *, krb5_principal); * properly declared in each function that uses these macros. */ #define kdc_context kdc_active_realm->realm_context -#define max_life_for_realm kdc_active_realm->realm_maxlife -#define max_renewable_life_for_realm kdc_active_realm->realm_maxrlife -#define master_keyblock kdc_active_realm->realm_mkey -#define master_princ kdc_active_realm->realm_mprinc #define tgs_server kdc_active_realm->realm_tgsprinc -#define reject_bad_transit kdc_active_realm->realm_reject_bad_transit -#define restrict_anon kdc_active_realm->realm_restrict_anon -#define assume_des_crc_sess kdc_active_realm->realm_assume_des_crc_sess #endif /* REALM_DATA_H */ |