mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:kdc: Rename authn_kerberos_client_policy::tgt_lifetime to tgt_lifetime_raw
This more clearly indicates that it is the raw TGT lifetime value straight from the database. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
b3a8565582
commit
a1364c205f
@ -29,8 +29,8 @@ bool authn_policy_is_enforced(const struct authn_policy *policy)
|
||||
|
||||
/* Authentication policies for Kerberos clients. */
|
||||
|
||||
/* Get the TGT lifetime enforced by an authentication policy. */
|
||||
int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_policy *policy)
|
||||
/* Get the raw TGT lifetime enforced by an authentication policy. */
|
||||
int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy *policy)
|
||||
{
|
||||
if (policy == NULL) {
|
||||
return 0;
|
||||
@ -40,7 +40,7 @@ int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_po
|
||||
return 0;
|
||||
}
|
||||
|
||||
return policy->tgt_lifetime;
|
||||
return policy->tgt_lifetime_raw;
|
||||
}
|
||||
|
||||
/* Authentication policies for NTLM clients. */
|
||||
|
@ -29,8 +29,8 @@
|
||||
|
||||
struct authn_kerberos_client_policy;
|
||||
|
||||
/* Get the TGT lifetime enforced by an authentication policy. */
|
||||
int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_policy *policy);
|
||||
/* Get the raw TGT lifetime enforced by an authentication policy. */
|
||||
int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy *policy);
|
||||
|
||||
/* Authentication policies for NTLM clients. */
|
||||
|
||||
|
@ -38,7 +38,7 @@ bool authn_policy_is_enforced(const struct authn_policy *policy);
|
||||
struct authn_kerberos_client_policy {
|
||||
struct authn_policy policy;
|
||||
DATA_BLOB allowed_to_authenticate_from;
|
||||
int64_t tgt_lifetime;
|
||||
int64_t tgt_lifetime_raw;
|
||||
};
|
||||
|
||||
struct authn_ntlm_client_policy {
|
||||
|
@ -515,7 +515,7 @@ int authn_policy_kerberos_client(struct ldb_context *samdb,
|
||||
}
|
||||
|
||||
if (authn_attrs.policy->tgt_lifetime != NULL) {
|
||||
client_policy->tgt_lifetime = ldb_msg_find_attr_as_int64(
|
||||
client_policy->tgt_lifetime_raw = ldb_msg_find_attr_as_int64(
|
||||
authn_policy_msg,
|
||||
authn_attrs.policy->tgt_lifetime,
|
||||
0);
|
||||
|
@ -1092,7 +1092,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
|
||||
|
||||
const struct authn_kerberos_client_policy *authn_client_policy = NULL;
|
||||
const struct authn_server_policy *authn_server_policy = NULL;
|
||||
int64_t enforced_tgt_lifetime;
|
||||
int64_t enforced_tgt_lifetime_raw;
|
||||
|
||||
ZERO_STRUCTP(entry);
|
||||
|
||||
@ -1425,9 +1425,9 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
|
||||
}
|
||||
}
|
||||
|
||||
enforced_tgt_lifetime = authn_policy_enforced_tgt_lifetime(authn_client_policy);
|
||||
if (enforced_tgt_lifetime != 0) {
|
||||
int64_t lifetime = enforced_tgt_lifetime;
|
||||
enforced_tgt_lifetime_raw = authn_policy_enforced_tgt_lifetime_raw(authn_client_policy);
|
||||
if (enforced_tgt_lifetime_raw != 0) {
|
||||
int64_t lifetime = enforced_tgt_lifetime_raw;
|
||||
|
||||
lifetime /= INT64_C(1000) * 1000 * 10;
|
||||
lifetime = MIN(lifetime, INT_MAX);
|
||||
@ -1474,7 +1474,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
|
||||
|
||||
protected_user = result;
|
||||
|
||||
if (protected_user && enforced_tgt_lifetime == 0)
|
||||
if (protected_user && enforced_tgt_lifetime_raw == 0)
|
||||
{
|
||||
/*
|
||||
* If a TGT lifetime hasn’t been set, Protected Users
|
||||
|
Loading…
Reference in New Issue
Block a user