From 37e98ff252edc5e76d2c74a8459247ffcb5fd101 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 19 Apr 2012 11:17:25 -0400 Subject: [PATCH] Use loadparm helper to find lifetime defaults Implictly fixes buggy use of int for time_t --- source4/kdc/policy.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/source4/kdc/policy.c b/source4/kdc/policy.c index e9cc608e10..4109cb4c85 100644 --- a/source4/kdc/policy.c +++ b/source4/kdc/policy.c @@ -29,17 +29,21 @@ void kdc_get_policy(struct loadparm_context *lp_ctx, struct smb_krb5_context *smb_krb5_context, struct lsa_DomainInfoKerberos *k) { + time_t svc_tkt_lifetime; + time_t usr_tkt_lifetime; + time_t renewal_lifetime; + /* These should be set and stored via Group Policy, but until then, some defaults are in order */ /* Our KDC always re-validates the client */ k->authentication_options = LSA_POLICY_KERBEROS_VALIDATE_CLIENT; - unix_to_nt_time(&k->service_tkt_lifetime, - lpcfg_parm_int(lp_ctx, NULL, "kdc", "service ticket lifetime", 10) * 60 * 60); - unix_to_nt_time(&k->user_tkt_lifetime, - lpcfg_parm_int(lp_ctx, NULL, "kdc", "user ticket lifetime", 10) * 60 * 60); - unix_to_nt_time(&k->user_tkt_renewaltime, - lpcfg_parm_int(lp_ctx, NULL, "kdc", "renewal lifetime", 24*7) * 60 * 60); + lpcfg_default_kdc_policy(lp_ctx, &svc_tkt_lifetime, + &usr_tkt_lifetime, &renewal_lifetime); + + unix_to_nt_time(&k->service_tkt_lifetime, svc_tkt_lifetime); + unix_to_nt_time(&k->user_tkt_lifetime, usr_tkt_lifetime); + unix_to_nt_time(&k->user_tkt_renewaltime, renewal_lifetime); if (smb_krb5_context) { unix_to_nt_time(&k->clock_skew, krb5_get_max_time_skew(smb_krb5_context->krb5_context)); -- 2.34.1