s3:libads: we only need to gensec_expire_time()...

The lifetime of a service ticket is never longer than
the lifetime of the TGT...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/libads/kerberos_util.c b/source3/libads/kerberos_util.c
index 3b25dea28bb4ea5209ea9fbbfbc544aee8f4299c..7fca56d3741218997e4cca3e0bea84e606f7be3a 100644 (file)
--- a/source3/libads/kerberos_util.c
+++ b/source3/libads/kerberos_util.c
@@ -64,7 +64,7 @@ int ads_kinit_password(ADS_STRUCT *ads)
 
        ret = kerberos_kinit_password_ext(s, ads->auth.password,
                                          ads->auth.time_offset,
-                                         &ads->auth.tgt_expire, NULL,
+                                         NULL, NULL,
                                          ads->auth.ccache_name, false, false,
                                          0,
                                          NULL, NULL, NULL, NULL);

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 04f29d35f6a88e557845ad52805b1dc7b474f94d..8cbb8062cca2864f82eead6e0f8bd2968c23e9ca 100644 (file)
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -321,7 +321,6 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
        struct auth_generic_state *auth_generic_state;
        const char *sasl = "GSS-SPNEGO";
        const char *sasl_list[] = { sasl, NULL };
-       NTTIME end_nt_time;
        struct ads_saslwrap *wrap = &ads->ldap_wrap_data;
        const DATA_BLOB *tls_cb = NULL;
 
@@ -488,13 +487,7 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
                }
        }
 
-       ads->auth.tgs_expire = LONG_MAX;
-       end_nt_time = gensec_expire_time(auth_generic_state->gensec_security);
-       if (end_nt_time != GENSEC_EXPIRE_TIME_INFINITY) {
-               struct timeval tv;
-               nttime_to_timeval(&tv, end_nt_time);
-               ads->auth.tgs_expire = tv.tv_sec;
-       }
+       ads->auth.expire_time = gensec_expire_time(auth_generic_state->gensec_security);
 
        if (wrap->wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
                size_t max_wrapped =

diff --git a/source3/librpc/idl/ads.idl b/source3/librpc/idl/ads.idl
index 37f145d66769ab765be1a405778f0986edabf32e..ded3c738d6df249617245843780447c33abb7d87 100644 (file)
--- a/source3/librpc/idl/ads.idl
+++ b/source3/librpc/idl/ads.idl
@@ -54,8 +54,7 @@ interface ads
                ads_auth_flags flags;
                int time_offset;
                string ccache_name;
-               time_t tgt_expire;
-               time_t tgs_expire;
+               NTTIME expire_time;
        } ads_auth;
 
        typedef [nopull,nopush] struct {

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 1714f0e6ef827808974c767c4b296c46488bf392..b2ceada98020de6ac28e64b9265c14b1c9917d14 100644 (file)
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -59,7 +59,7 @@ static void ads_cached_connection_reuse(ADS_STRUCT **adsp)
                time_t expire;
                time_t now = time(NULL);
 
-               expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire);
+               expire = nt_time_to_unix(ads->auth.expire_time);
 
                DEBUG(7, ("Current tickets expire in %d seconds (at %d, time "
                          "is now %d)\n", (uint32_t)expire - (uint32_t)now,