diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2006-12-13 01:27:24 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2006-12-13 01:27:24 +0000 |
| commit | ae9cca63ec3361417215f59f578e20d16cd05e13 (patch) | |
| tree | 042cd78961b24f940972fedf2103d35939b30f72 /src/plugins | |
| parent | a499c0e688cfa1ffa257c7ffc709b5808700068d (diff) | |
| download | krb5-ae9cca63ec3361417215f59f578e20d16cd05e13.tar.gz krb5-ae9cca63ec3361417215f59f578e20d16cd05e13.tar.xz krb5-ae9cca63ec3361417215f59f578e20d16cd05e13.zip | |
pull r18926 up to trunk; ready for pullup to 1.6 branch
ticket: 5005
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18946 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins')
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c | 45 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 4 |
2 files changed, 43 insertions, 6 deletions
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index 883897bc86..40bde9e216 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -37,6 +37,7 @@ #include "kdb_ldap.h" #include "ldap_misc.h" #include <kdb5.h> +#include <kadm5/admin.h> krb5_error_code krb5_ldap_get_db_opt(char *input, char **opt, char **val) @@ -99,8 +100,8 @@ krb5_ldap_read_startup_information(krb5_context context) krb5_error_code retval = 0; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; - int mask=0; - + int mask = 0; + SETUP_CONTEXT(); if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) { prepend_err_str (context, "Unable to read Kerberos container", retval, retval); @@ -112,6 +113,46 @@ krb5_ldap_read_startup_information(krb5_context context) goto cleanup; } + if (((mask & LDAP_REALM_MAXTICKETLIFE) == 0) || ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) + || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) { + kadm5_config_params params_in, params_out; + + memset((char *) ¶ms_in, 0, sizeof(params_in)); + memset((char *) ¶ms_out, 0, sizeof(params_out)); + + retval = kadm5_get_config_params(context, 1, ¶ms_in, ¶ms_out); + if (retval) { + if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) { + ldap_context->lrparams->max_life = 24 * 60 * 60; /* 1 day */ + } + if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) { + ldap_context->lrparams->max_renewable_life = 0; + } + if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) { + ldap_context->lrparams->tktflags = KRB5_KDB_DEF_FLAGS; + } + retval = 0; + goto cleanup; + } + + if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) { + if (params_out.mask & KADM5_CONFIG_MAX_LIFE) + ldap_context->lrparams->max_life = params_out.max_life; + } + + if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) { + if (params_out.mask & KADM5_CONFIG_MAX_RLIFE) + ldap_context->lrparams->max_renewable_life = params_out.max_rlife; + } + + if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) { + if (params_out.mask & KADM5_CONFIG_FLAGS) + ldap_context->lrparams->tktflags = params_out.flags; + } + + kadm5_free_config_params(context, ¶ms_out); + } + cleanup: return retval; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index a2bfd60ef5..7926484c71 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -1186,8 +1186,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy) entries->max_life = tktpoldnparam->maxtktlife; else if (ldap_context->lrparams->max_life) entries->max_life = ldap_context->lrparams->max_life; - else - entries->max_life = KRB5_KDB_MAX_LIFE; } if ((mask & KDB_MAX_RLIFE_ATTR) == 0) { @@ -1195,8 +1193,6 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy) entries->max_renewable_life = tktpoldnparam->maxrenewlife; else if (ldap_context->lrparams->max_renewable_life) entries->max_renewable_life = ldap_context->lrparams->max_renewable_life; - else - entries->max_renewable_life = KRB5_KDB_MAX_RLIFE; } if ((mask & KDB_TKT_FLAGS_ATTR) == 0) { |