diff options
Diffstat (limited to 'source4/kdc/db-glue.c')
-rw-r--r-- | source4/kdc/db-glue.c | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 4bb8e35091..15024fa38e 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -43,6 +43,7 @@ #include <hdb.h> #include "kdc/samba_kdc.h" #include "kdc/db-glue.h" +#include "kdc/kdc-policy.h" enum samba_kdc_ent_type { SAMBA_KDC_ENT_TYPE_CLIENT, SAMBA_KDC_ENT_TYPE_SERVER, @@ -740,9 +741,28 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, entry_ex->entry.valid_start = NULL; - entry_ex->entry.max_life = NULL; + entry_ex->entry.max_life = malloc(sizeof(*entry_ex->entry.max_life)); + if (entry_ex->entry.max_life == NULL) { + ret = ENOMEM; + goto out; + } - entry_ex->entry.max_renew = NULL; + if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER) { + *entry_ex->entry.max_life = nt_time_to_unix(kdc_db_ctx->policy.service_tkt_lifetime); + } else if (ent_type == SAMBA_KDC_ENT_TYPE_KRBTGT || ent_type == SAMBA_KDC_ENT_TYPE_CLIENT) { + *entry_ex->entry.max_life = nt_time_to_unix(kdc_db_ctx->policy.user_tkt_lifetime); + } else { + *entry_ex->entry.max_life = MIN(nt_time_to_unix(kdc_db_ctx->policy.service_tkt_lifetime), + nt_time_to_unix(kdc_db_ctx->policy.user_tkt_lifetime)); + } + + entry_ex->entry.max_renew = malloc(sizeof(*entry_ex->entry.max_life)); + if (entry_ex->entry.max_renew == NULL) { + ret = ENOMEM; + goto out; + } + + *entry_ex->entry.max_renew = nt_time_to_unix(kdc_db_ctx->policy.user_tkt_renewaltime); entry_ex->entry.generation = NULL; @@ -1636,6 +1656,8 @@ NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_conte kdc_db_ctx->ev_ctx = base_ctx->ev_ctx; kdc_db_ctx->lp_ctx = base_ctx->lp_ctx; + kdc_get_policy(base_ctx->lp_ctx, NULL, &kdc_db_ctx->policy); + session_info = system_session(kdc_db_ctx->lp_ctx); if (session_info == NULL) { return NT_STATUS_INTERNAL_ERROR; |