s4:kdc: Rename authn_kerberos_client_policy::tgt_lifetime to tgt_lifetime_raw

author Joseph Sutton <josephsutton@catalyst.net.nz>

Wed, 14 Jun 2023 22:00:53 +0000 (10:00 +1200)

committer Andrew Bartlett <abartlet@samba.org>

Thu, 15 Jun 2023 05:29:28 +0000 (05:29 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Wed, 14 Jun 2023 22:00:53 +0000 (10:00 +1200)
committer Andrew Bartlett <abartlet@samba.org>
Thu, 15 Jun 2023 05:29:28 +0000 (05:29 +0000)
diff --git a/auth/authn_policy.c b/auth/authn_policy.c

index 6d8220adb36a694145f2e81878ad456e335a6930..3580f15da43c0b209ab1c343c6ea1ca57161bbc6 100644 (file)
--- a/auth/authn_policy.c
+++ b/auth/authn_policy.c
@@ -29,8 +29,8 @@ bool authn_policy_is_enforced(const struct authn_policy *policy)
  
  /* Authentication policies for Kerberos clients. */
  
-/* Get the TGT lifetime enforced by an authentication policy. */
-int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_policy *policy)
+/* Get the raw TGT lifetime enforced by an authentication policy. */
+int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy *policy)
  {
         if (policy == NULL) {
                 return 0;
@@ -40,7 +40,7 @@ int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_po
                 return 0;
         }
  
-       return policy->tgt_lifetime;
+       return policy->tgt_lifetime_raw;
  }
  
  /* Authentication policies for NTLM clients. */
diff --git a/auth/authn_policy.h b/auth/authn_policy.h

index 5017f7dcd3bacd9f5781930fd36880df39614e82..65690ca2c4639d31134a578ff2316137a73e36c8 100644 (file)
--- a/auth/authn_policy.h
+++ b/auth/authn_policy.h
@@ -29,8 +29,8 @@
  
  struct authn_kerberos_client_policy;
  
-/* Get the TGT lifetime enforced by an authentication policy. */
-int64_t authn_policy_enforced_tgt_lifetime(const struct authn_kerberos_client_policy *policy);
+/* Get the raw TGT lifetime enforced by an authentication policy. */
+int64_t authn_policy_enforced_tgt_lifetime_raw(const struct authn_kerberos_client_policy *policy);
  
  /* Authentication policies for NTLM clients. */
  
diff --git a/auth/authn_policy_impl.h b/auth/authn_policy_impl.h

index 580c2ae962684f912ef9418bd08064668c04d998..6f151b66c6c81693b6728c051b08c6479d8fe8bc 100644 (file)
--- a/auth/authn_policy_impl.h
+++ b/auth/authn_policy_impl.h
@@ -38,7 +38,7 @@ bool authn_policy_is_enforced(const struct authn_policy *policy);
  struct authn_kerberos_client_policy {
         struct authn_policy policy;
         DATA_BLOB allowed_to_authenticate_from;
-       int64_t tgt_lifetime;
+       int64_t tgt_lifetime_raw;
  };
  
  struct authn_ntlm_client_policy {
diff --git a/source4/kdc/authn_policy_util.c b/source4/kdc/authn_policy_util.c

index 14f419848c80504a144c7ad2d7d25faca038bc8f..c757e77dbf5f5beee18650325c9115399255e3ad 100644 (file)
--- a/source4/kdc/authn_policy_util.c
+++ b/source4/kdc/authn_policy_util.c
@@ -515,7 +515,7 @@ int authn_policy_kerberos_client(struct ldb_context *samdb,
         }
  
         if (authn_attrs.policy->tgt_lifetime != NULL) {
-               client_policy->tgt_lifetime = ldb_msg_find_attr_as_int64(
+               client_policy->tgt_lifetime_raw = ldb_msg_find_attr_as_int64(
                         authn_policy_msg,
                         authn_attrs.policy->tgt_lifetime,
                         0);
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c

index 9195ebf0c594a86eeee292aa3565699b812af40f..e220cb30d3bb64e05c9377cc747eeaef7dd999e3 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1092,7 +1092,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
  
         const struct authn_kerberos_client_policy *authn_client_policy = NULL;
         const struct authn_server_policy *authn_server_policy = NULL;
-       int64_t enforced_tgt_lifetime;
+       int64_t enforced_tgt_lifetime_raw;
  
         ZERO_STRUCTP(entry);
  
@@ -1425,9 +1425,9 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
                 }
         }
  
-       enforced_tgt_lifetime = authn_policy_enforced_tgt_lifetime(authn_client_policy);
-       if (enforced_tgt_lifetime != 0) {
-               int64_t lifetime = enforced_tgt_lifetime;
+       enforced_tgt_lifetime_raw = authn_policy_enforced_tgt_lifetime_raw(authn_client_policy);
+       if (enforced_tgt_lifetime_raw != 0) {
+               int64_t lifetime = enforced_tgt_lifetime_raw;
  
                 lifetime /= INT64_C(1000) * 1000 * 10;
                 lifetime = MIN(lifetime, INT_MAX);
@@ -1474,7 +1474,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
  
                 protected_user = result;
  
-               if (protected_user && enforced_tgt_lifetime == 0)
+               if (protected_user && enforced_tgt_lifetime_raw == 0)
                 {
                         /*
                          * If a TGT lifetime hasn’t been set, Protected Users
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Wed, 14 Jun 2023 22:00:53 +0000 (10:00 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Thu, 15 Jun 2023 05:29:28 +0000 (05:29 +0000)
auth/authn_policy.c		patch \| blob \| blame \| history
auth/authn_policy.h		patch \| blob \| blame \| history
auth/authn_policy_impl.h		patch \| blob \| blame \| history
source4/kdc/authn_policy_util.c		patch \| blob \| blame \| history
source4/kdc/db-glue.c		patch \| blob \| blame \| history