diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-11-08 02:30:42 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:54 -0500 |
commit | 9a9604b26c7639e3ebf989e6c9195bcca008d65c (patch) | |
tree | 0689334724d403fa7934180bef50524907a6fd90 /source4/kdc | |
parent | 30d164d9f08af7edde9c417650b60d354e02c61c (diff) | |
download | samba-9a9604b26c7639e3ebf989e6c9195bcca008d65c.tar.gz samba-9a9604b26c7639e3ebf989e6c9195bcca008d65c.tar.bz2 samba-9a9604b26c7639e3ebf989e6c9195bcca008d65c.zip |
r11572: Add support for accountExpires and password expiry (should cause the
ticket to be reduced in validity).
Andrew Bartlett
(This used to be commit 5575a1443b5225140f401bde7f897f96dfe73b39)
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/hdb-ldb.c | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index 7f2289bdeb..bc83973e93 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -219,9 +219,11 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, krb5_error_code ret = 0; const char *dnsdomain = ldb_msg_find_string(realm_ref_msg, "dnsRoot", NULL); char *realm = strupper_talloc(mem_ctx, dnsdomain); + struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, realm_ref_msg, "nCName", ldb_dn_new(mem_ctx)); struct hdb_ldb_private *private; hdb_entry *ent = &entry_ex->entry; + NTTIME acct_expiry; memset(ent, 0, sizeof(*ent)); @@ -308,9 +310,37 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, ent->valid_start = NULL; - ent->valid_end = NULL; - ent->pw_end = NULL; + acct_expiry = samdb_result_nttime(msg, "accountExpires", -1LL); + if (acct_expiry != -1LL && acct_expiry != 0x7FFFFFFFFFFFFFFFLL) { + ent->valid_end = malloc(sizeof(*ent->valid_end)); + if (ent->valid_end == NULL) { + ret = ENOMEM; + goto out; + } + *ent->valid_end = nt_time_to_unix(acct_expiry); + } else { + ent->valid_end = NULL; + } + if ((ent_type != HDB_LDB_ENT_TYPE_KRBTGT) && (!(userAccountControl & UF_DONT_EXPIRE_PASSWD))) { + NTTIME must_change_time + = samdb_result_force_password_change((struct ldb_context *)db->hdb_db, mem_ctx, + domain_dn, msg, + "pwdLastSet"); + if (must_change_time != 0) { + ent->pw_end = malloc(sizeof(*ent->pw_end)); + if (ent->pw_end == NULL) { + ret = ENOMEM; + goto out; + } + *ent->pw_end = nt_time_to_unix(must_change_time); + } else { + ent->pw_end = NULL; + } + } else { + ent->pw_end = NULL; + } + ent->max_life = NULL; ent->max_renew = NULL; |