1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00

s4:kdc: Rename authn_kerberos_client_policy::tgt_lifetime to tgt_lifetime_raw

This more clearly indicates that it is the raw TGT lifetime value
straight from the database.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-06-15 10:00:53 +12:00 committed by Andrew Bartlett
parent b3a8565582
commit a1364c205f
5 changed files with 12 additions and 12 deletions

View File

@ -29,8 +29,8 @@ bool authn_policy_is_enforced(const struct authn_policy *policy)
/* Authentication policies for Kerberos clients. */ /* Authentication policies for Kerberos clients. */
/* Get the TGT lifetime enforced by an authentication policy. */ /* Get the raw TGT lifetime enforced by an authentication policy. */
int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_policy *policy) int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy *policy)
{ {
if (policy == NULL) { if (policy == NULL) {
return 0; return 0;
@ -40,7 +40,7 @@ int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_po
return 0; return 0;
} }
return policy->tgt_lifetime; return policy->tgt_lifetime_raw;
} }
/* Authentication policies for NTLM clients. */ /* Authentication policies for NTLM clients. */

View File

@ -29,8 +29,8 @@
struct authn_kerberos_client_policy; struct authn_kerberos_client_policy;
/* Get the TGT lifetime enforced by an authentication policy. */ /* Get the raw TGT lifetime enforced by an authentication policy. */
int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_policy *policy); int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy *policy);
/* Authentication policies for NTLM clients. */ /* Authentication policies for NTLM clients. */

View File

@ -38,7 +38,7 @@ bool authn_policy_is_enforced(const struct authn_policy *policy);
struct authn_kerberos_client_policy { struct authn_kerberos_client_policy {
struct authn_policy policy; struct authn_policy policy;
DATA_BLOB allowed_to_authenticate_from; DATA_BLOB allowed_to_authenticate_from;
int64_t tgt_lifetime; int64_t tgt_lifetime_raw;
}; };
struct authn_ntlm_client_policy { struct authn_ntlm_client_policy {

View File

@ -515,7 +515,7 @@ int authn_policy_kerberos_client(struct ldb_context *samdb,
} }
if (authn_attrs.policy->tgt_lifetime != NULL) { if (authn_attrs.policy->tgt_lifetime != NULL) {
client_policy->tgt_lifetime = ldb_msg_find_attr_as_int64( client_policy->tgt_lifetime_raw = ldb_msg_find_attr_as_int64(
authn_policy_msg, authn_policy_msg,
authn_attrs.policy->tgt_lifetime, authn_attrs.policy->tgt_lifetime,
0); 0);

View File

@ -1092,7 +1092,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
const struct authn_kerberos_client_policy *authn_client_policy = NULL; const struct authn_kerberos_client_policy *authn_client_policy = NULL;
const struct authn_server_policy *authn_server_policy = NULL; const struct authn_server_policy *authn_server_policy = NULL;
int64_t enforced_tgt_lifetime; int64_t enforced_tgt_lifetime_raw;
ZERO_STRUCTP(entry); ZERO_STRUCTP(entry);
@ -1425,9 +1425,9 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
} }
} }
enforced_tgt_lifetime = authn_policy_enforced_tgt_lifetime(authn_client_policy); enforced_tgt_lifetime_raw = authn_policy_enforced_tgt_lifetime_raw(authn_client_policy);
if (enforced_tgt_lifetime != 0) { if (enforced_tgt_lifetime_raw != 0) {
int64_t lifetime = enforced_tgt_lifetime; int64_t lifetime = enforced_tgt_lifetime_raw;
lifetime /= INT64_C(1000) * 1000 * 10; lifetime /= INT64_C(1000) * 1000 * 10;
lifetime = MIN(lifetime, INT_MAX); lifetime = MIN(lifetime, INT_MAX);
@ -1474,7 +1474,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
protected_user = result; protected_user = result;
if (protected_user && enforced_tgt_lifetime == 0) if (protected_user && enforced_tgt_lifetime_raw == 0)
{ {
/* /*
* If a TGT lifetime hasnt been set, Protected Users * If a TGT lifetime hasnt been set, Protected Users