summaryrefslogtreecommitdiffstats
path: root/source4/auth/gensec/schannel_state.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-05-16 01:31:22 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:16:45 -0500
commit1d0e2b9569be6f2e8a5495ead1f92c9855f0e7f9 (patch)
treee3f821c9a79f24292f4cf34d04ed880de69e57ef /source4/auth/gensec/schannel_state.c
parent03435f5de11b364d6a7bb8bf99c12afd5cdd286e (diff)
downloadsamba-1d0e2b9569be6f2e8a5495ead1f92c9855f0e7f9.tar.gz
samba-1d0e2b9569be6f2e8a5495ead1f92c9855f0e7f9.tar.xz
samba-1d0e2b9569be6f2e8a5495ead1f92c9855f0e7f9.zip
r6803: Try to bring in the correct GSSAPI headers for the krb5 mech. This
should allow us to ditch the local static storage for OIDs, as well as fix the build on non-heimdal platforms. Andrew Bartlett (This used to be commit a7e2ecfac9aaacd673e3583b62139e4f4e114429)
Diffstat (limited to 'source4/auth/gensec/schannel_state.c')
-rw-r--r--source4/auth/gensec/schannel_state.c23
1 files changed, 0 insertions, 23 deletions
diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c
index 99d5fdef535..0c5ce09637a 100644
--- a/source4/auth/gensec/schannel_state.c
+++ b/source4/auth/gensec/schannel_state.c
@@ -26,9 +26,6 @@
#include "lib/ldb/include/ldb.h"
#include "db_wrap.h"
-/* a reasonable amount of time to keep credentials live */
-#define SCHANNEL_CREDENTIALS_EXPIRY 600
-
/*
connect to the schannel ldb
*/
@@ -72,11 +69,9 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb;
struct ldb_message *msg;
struct ldb_val val, seed;
- char *s;
char *f;
char *sct;
char *rid;
- time_t expiry = time(NULL) + SCHANNEL_CREDENTIALS_EXPIRY;
int ret;
ldb = schannel_db_connect(mem_ctx);
@@ -84,13 +79,6 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- s = talloc_asprintf(mem_ctx, "%u", (unsigned int)expiry);
-
- if (s == NULL) {
- talloc_free(ldb);
- return NT_STATUS_NO_MEMORY;
- }
-
f = talloc_asprintf(mem_ctx, "%u", (unsigned int)creds->negotiate_flags);
if (f == NULL) {
@@ -133,7 +121,6 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
ldb_msg_add_value(ldb, msg, "sessionKey", &val);
ldb_msg_add_value(ldb, msg, "seed", &seed);
- ldb_msg_add_string(ldb, msg, "expiry", s);
ldb_msg_add_string(ldb, msg, "negotiateFlags", f);
ldb_msg_add_string(ldb, msg, "secureChannelType", sct);
ldb_msg_add_string(ldb, msg, "accountName", creds->account_name);
@@ -145,8 +132,6 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
ret = ldb_add(ldb, msg);
- talloc_free(s);
-
if (ret != 0) {
DEBUG(0,("Unable to add %s to session key db - %s\n",
msg->dn, ldb_errstring(ldb)));
@@ -171,7 +156,6 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
struct creds_CredentialState **creds)
{
struct ldb_context *ldb;
- time_t expiry;
struct ldb_message **res;
int ret;
const struct ldb_val *val;
@@ -199,13 +183,6 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_HANDLE;
}
- expiry = ldb_msg_find_uint(res[0], "expiry", 0);
- if (expiry < time(NULL)) {
- DEBUG(1,("schannel: attempt to use expired session key for %s\n", computer_name));
- talloc_free(ldb);
- return NT_STATUS_INVALID_HANDLE;
- }
-
val = ldb_msg_find_ldb_val(res[0], "sessionKey");
if (val == NULL || val->length != 16) {
DEBUG(1,("schannel: record in schannel DB must contain a sessionKey of length 16, when searching for client: %s\n", computer_name));