summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2012-04-19 11:17:25 -0400
committerSimo Sorce <idra@samba.org>2012-04-19 18:14:02 -0400
commit37e98ff252edc5e76d2c74a8459247ffcb5fd101 (patch)
treeee94afabcfc24a80504439e61cdfae3bc4a78ad1
parent86910e15feaa490cf70f592c6e9af44f3db7e6f0 (diff)
downloadsamba-37e98ff252edc5e76d2c74a8459247ffcb5fd101.tar.gz
samba-37e98ff252edc5e76d2c74a8459247ffcb5fd101.tar.bz2
samba-37e98ff252edc5e76d2c74a8459247ffcb5fd101.zip
Use loadparm helper to find lifetime defaults
Implictly fixes buggy use of int for time_t
-rw-r--r--source4/kdc/policy.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/source4/kdc/policy.c b/source4/kdc/policy.c
index e9cc608e10..4109cb4c85 100644
--- a/source4/kdc/policy.c
+++ b/source4/kdc/policy.c
@@ -29,17 +29,21 @@ void kdc_get_policy(struct loadparm_context *lp_ctx,
struct smb_krb5_context *smb_krb5_context,
struct lsa_DomainInfoKerberos *k)
{
+ time_t svc_tkt_lifetime;
+ time_t usr_tkt_lifetime;
+ time_t renewal_lifetime;
+
/* These should be set and stored via Group Policy, but until then, some defaults are in order */
/* Our KDC always re-validates the client */
k->authentication_options = LSA_POLICY_KERBEROS_VALIDATE_CLIENT;
- unix_to_nt_time(&k->service_tkt_lifetime,
- lpcfg_parm_int(lp_ctx, NULL, "kdc", "service ticket lifetime", 10) * 60 * 60);
- unix_to_nt_time(&k->user_tkt_lifetime,
- lpcfg_parm_int(lp_ctx, NULL, "kdc", "user ticket lifetime", 10) * 60 * 60);
- unix_to_nt_time(&k->user_tkt_renewaltime,
- lpcfg_parm_int(lp_ctx, NULL, "kdc", "renewal lifetime", 24*7) * 60 * 60);
+ lpcfg_default_kdc_policy(lp_ctx, &svc_tkt_lifetime,
+ &usr_tkt_lifetime, &renewal_lifetime);
+
+ unix_to_nt_time(&k->service_tkt_lifetime, svc_tkt_lifetime);
+ unix_to_nt_time(&k->user_tkt_lifetime, usr_tkt_lifetime);
+ unix_to_nt_time(&k->user_tkt_renewaltime, renewal_lifetime);
if (smb_krb5_context) {
unix_to_nt_time(&k->clock_skew,
krb5_get_max_time_skew(smb_krb5_context->krb5_context));