diff options
| author | Simo Sorce <idra@samba.org> | 2012-04-19 17:54:57 -0400 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2012-04-20 01:53:37 +0200 |
| commit | 4b29cf5f66c5e75f759a5c2a79ba26629f907778 (patch) | |
| tree | bd2d0eadafc8387bb7dc79166af4beb0d926d63f /source4/kdc/db-glue.c | |
| parent | 37e98ff252edc5e76d2c74a8459247ffcb5fd101 (diff) | |
| download | samba-4b29cf5f66c5e75f759a5c2a79ba26629f907778.tar.gz samba-4b29cf5f66c5e75f759a5c2a79ba26629f907778.tar.bz2 samba-4b29cf5f66c5e75f759a5c2a79ba26629f907778.zip | |
Move kdc_get_policy helper in the lsa server where it belongs.
This was used in only 2 places, db-glue.c and the lsa server.
In db-glue.c it is awkward though, as it forces to use an unconvenient lsa
structure and conversions from time_t to nt_time only to have nt_times
converted back to time_t for actual use. This is silly.
Also the kdc-policy file was a single funciton library, that's just ridiculous.
The loadparm helper is all we need to keep the values consistent, and if we
ever end up doing something with group policies we will care about it when it's
the time. the code would have to change quite a lot anyway.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri Apr 20 01:53:37 CEST 2012 on sn-devel-104
Diffstat (limited to 'source4/kdc/db-glue.c')
| -rw-r--r-- | source4/kdc/db-glue.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 95a524d605..7bb2db2fb0 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -35,7 +35,6 @@ #include <hdb.h> #include "kdc/samba_kdc.h" #include "kdc/kdc-glue.h" -#include "kdc/kdc-policy.h" #include "kdc/db-glue.h" #define SAMBA_KVNO_GET_KRBTGT(kvno) \ @@ -784,12 +783,12 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, } if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER) { - *entry_ex->entry.max_life = nt_time_to_unix(kdc_db_ctx->policy.service_tkt_lifetime); + *entry_ex->entry.max_life = kdc_db_ctx->policy.svc_tkt_lifetime; } else if (ent_type == SAMBA_KDC_ENT_TYPE_KRBTGT || ent_type == SAMBA_KDC_ENT_TYPE_CLIENT) { - *entry_ex->entry.max_life = nt_time_to_unix(kdc_db_ctx->policy.user_tkt_lifetime); + *entry_ex->entry.max_life = kdc_db_ctx->policy.usr_tkt_lifetime; } else { - *entry_ex->entry.max_life = MIN(nt_time_to_unix(kdc_db_ctx->policy.service_tkt_lifetime), - nt_time_to_unix(kdc_db_ctx->policy.user_tkt_lifetime)); + *entry_ex->entry.max_life = MIN(kdc_db_ctx->policy.svc_tkt_lifetime, + kdc_db_ctx->policy.usr_tkt_lifetime); } entry_ex->entry.max_renew = malloc(sizeof(*entry_ex->entry.max_life)); @@ -798,7 +797,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, goto out; } - *entry_ex->entry.max_renew = nt_time_to_unix(kdc_db_ctx->policy.user_tkt_renewaltime); + *entry_ex->entry.max_renew = kdc_db_ctx->policy.renewal_lifetime; entry_ex->entry.generation = NULL; @@ -1881,7 +1880,11 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte kdc_db_ctx->ev_ctx = base_ctx->ev_ctx; kdc_db_ctx->lp_ctx = base_ctx->lp_ctx; - kdc_get_policy(base_ctx->lp_ctx, NULL, &kdc_db_ctx->policy); + /* get default kdc policy */ + lpcfg_default_kdc_policy(base_ctx->lp_ctx, + &kdc_db_ctx->policy.svc_tkt_lifetime, + &kdc_db_ctx->policy.usr_tkt_lifetime, + &kdc_db_ctx->policy.renewal_lifetime); session_info = system_session(kdc_db_ctx->lp_ctx); if (session_info == NULL) { |