mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
s4:kdc: Rename authn_kerberos_client_policy::tgt_lifetime to tgt_lifetime_raw
This more clearly indicates that it is the raw TGT lifetime value straight from the database. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
b3a8565582
commit
a1364c205f
@ -29,8 +29,8 @@ bool authn_policy_is_enforced(const struct authn_policy *policy)
|
|||||||
|
|
||||||
/* Authentication policies for Kerberos clients. */
|
/* Authentication policies for Kerberos clients. */
|
||||||
|
|
||||||
/* Get the TGT lifetime enforced by an authentication policy. */
|
/* Get the raw TGT lifetime enforced by an authentication policy. */
|
||||||
int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_policy *policy)
|
int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy *policy)
|
||||||
{
|
{
|
||||||
if (policy == NULL) {
|
if (policy == NULL) {
|
||||||
return 0;
|
return 0;
|
||||||
@ -40,7 +40,7 @@ int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_po
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return policy->tgt_lifetime;
|
return policy->tgt_lifetime_raw;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Authentication policies for NTLM clients. */
|
/* Authentication policies for NTLM clients. */
|
||||||
|
@ -29,8 +29,8 @@
|
|||||||
|
|
||||||
struct authn_kerberos_client_policy;
|
struct authn_kerberos_client_policy;
|
||||||
|
|
||||||
/* Get the TGT lifetime enforced by an authentication policy. */
|
/* Get the raw TGT lifetime enforced by an authentication policy. */
|
||||||
int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_policy *policy);
|
int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy *policy);
|
||||||
|
|
||||||
/* Authentication policies for NTLM clients. */
|
/* Authentication policies for NTLM clients. */
|
||||||
|
|
||||||
|
@ -38,7 +38,7 @@ bool authn_policy_is_enforced(const struct authn_policy *policy);
|
|||||||
struct authn_kerberos_client_policy {
|
struct authn_kerberos_client_policy {
|
||||||
struct authn_policy policy;
|
struct authn_policy policy;
|
||||||
DATA_BLOB allowed_to_authenticate_from;
|
DATA_BLOB allowed_to_authenticate_from;
|
||||||
int64_t tgt_lifetime;
|
int64_t tgt_lifetime_raw;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct authn_ntlm_client_policy {
|
struct authn_ntlm_client_policy {
|
||||||
|
@ -515,7 +515,7 @@ int authn_policy_kerberos_client(struct ldb_context *samdb,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (authn_attrs.policy->tgt_lifetime != NULL) {
|
if (authn_attrs.policy->tgt_lifetime != NULL) {
|
||||||
client_policy->tgt_lifetime = ldb_msg_find_attr_as_int64(
|
client_policy->tgt_lifetime_raw = ldb_msg_find_attr_as_int64(
|
||||||
authn_policy_msg,
|
authn_policy_msg,
|
||||||
authn_attrs.policy->tgt_lifetime,
|
authn_attrs.policy->tgt_lifetime,
|
||||||
0);
|
0);
|
||||||
|
@ -1092,7 +1092,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
|
|||||||
|
|
||||||
const struct authn_kerberos_client_policy *authn_client_policy = NULL;
|
const struct authn_kerberos_client_policy *authn_client_policy = NULL;
|
||||||
const struct authn_server_policy *authn_server_policy = NULL;
|
const struct authn_server_policy *authn_server_policy = NULL;
|
||||||
int64_t enforced_tgt_lifetime;
|
int64_t enforced_tgt_lifetime_raw;
|
||||||
|
|
||||||
ZERO_STRUCTP(entry);
|
ZERO_STRUCTP(entry);
|
||||||
|
|
||||||
@ -1425,9 +1425,9 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
enforced_tgt_lifetime = authn_policy_enforced_tgt_lifetime(authn_client_policy);
|
enforced_tgt_lifetime_raw = authn_policy_enforced_tgt_lifetime_raw(authn_client_policy);
|
||||||
if (enforced_tgt_lifetime != 0) {
|
if (enforced_tgt_lifetime_raw != 0) {
|
||||||
int64_t lifetime = enforced_tgt_lifetime;
|
int64_t lifetime = enforced_tgt_lifetime_raw;
|
||||||
|
|
||||||
lifetime /= INT64_C(1000) * 1000 * 10;
|
lifetime /= INT64_C(1000) * 1000 * 10;
|
||||||
lifetime = MIN(lifetime, INT_MAX);
|
lifetime = MIN(lifetime, INT_MAX);
|
||||||
@ -1474,7 +1474,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
|
|||||||
|
|
||||||
protected_user = result;
|
protected_user = result;
|
||||||
|
|
||||||
if (protected_user && enforced_tgt_lifetime == 0)
|
if (protected_user && enforced_tgt_lifetime_raw == 0)
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* If a TGT lifetime hasn’t been set, Protected Users
|
* If a TGT lifetime hasn’t been set, Protected Users
|
||||||
|
Loading…
Reference in New Issue
Block a user