Remove KDC macros for realm config fields

author Greg Hudson <ghudson@mit.edu>

Sun, 13 Jan 2013 15:54:37 +0000 (10:54 -0500)

committer Greg Hudson <ghudson@mit.edu>

Tue, 15 Jan 2013 20:05:23 +0000 (15:05 -0500)
author Greg Hudson <ghudson@mit.edu>
Sun, 13 Jan 2013 15:54:37 +0000 (10:54 -0500)
committer Greg Hudson <ghudson@mit.edu>
Tue, 15 Jan 2013 20:05:23 +0000 (15:05 -0500)
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c

index 453f319ce13fc570dba2c07c091dd403c2868e4a..4f0fc2e63026623755994a33f43e84e2cf0a811a 100644 (file)
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -702,7 +702,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
              min(rtime, state->enc_tkt_reply.times.starttime +
                  min(state->client->max_renewable_life,
                      min(state->server->max_renewable_life,
-                        max_renewable_life_for_realm)));
+                        kdc_active_realm->realm_maxrlife)));
      } else
          state->enc_tkt_reply.times.renew_till = 0; /* XXX */
  
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c

index 1e7331347a7d723d29734e646b94b585cdb8ad5b..d2b89e25ec5a88b7a558fbae9114fb94b990e230 100644 (file)
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -462,7 +462,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
                  min(header_enc_tkt->times.renew_till,
                      enc_tkt_reply.times.starttime +
                      min(server->max_renewable_life,
-                        max_renewable_life_for_realm)));
+                        kdc_active_realm->realm_maxrlife)));
      } else {
          enc_tkt_reply.times.renew_till = 0;
      }
@@ -641,8 +641,8 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
          }
      } else
          krb5_klog_syslog(LOG_INFO, _("not checking transit path"));
-    if (reject_bad_transit
-        && !isflagset (enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED)) {
+    if (kdc_active_realm->realm_reject_bad_transit &&
+        !isflagset(enc_tkt_reply.flags, TKT_FLG_TRANSIT_POLICY_CHECKED)) {
          errcode = KRB5KDC_ERR_POLICY;
          status = "BAD_TRANSIT";
          goto cleanup;
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c

index 6722d5a8be605bd51fcc9981b8efc8fe0ab2dee9..930aa7a5ea95aea02bf3e261c8ab775751a764cd 100644 (file)
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -568,7 +568,7 @@ check_anon(kdc_realm_t *kdc_active_realm,
  {
      /* If restrict_anon is set, reject requests from anonymous to principals
       * other than the local TGT. */
-    if (restrict_anon &&
+    if (kdc_active_realm->realm_restrict_anon &&
          krb5_principal_compare_any_realm(kdc_context, client,
                                           krb5_anonymous_principal()) &&
          !krb5_principal_compare(kdc_context, server, tgs_server))
@@ -909,7 +909,8 @@ dbentry_supports_enctype(kdc_realm_t *kdc_active_realm, krb5_db_entry *server,
  
      /* If configured to, assume every server without a session_enctypes
       * attribute supports DES_CBC_CRC. */
-    if (assume_des_crc_sess && enctype == ENCTYPE_DES_CBC_CRC)
+    if (kdc_active_realm->realm_assume_des_crc_sess &&
+        enctype == ENCTYPE_DES_CBC_CRC)
          return TRUE;
  
      /* Due to an ancient interop problem, assume nothing supports des-cbc-md5
@@ -1884,8 +1885,8 @@ kdc_get_ticket_endtime(kdc_realm_t *kdc_active_realm,
          life = min(life, client->max_life);
      if (server->max_life != 0)
          life = min(life, server->max_life);
-    if (max_life_for_realm != 0)
-        life = min(life, max_life_for_realm);
+    if (kdc_active_realm->realm_maxlife != 0)
+        life = min(life, kdc_active_realm->realm_maxlife);
  
      *out_endtime = starttime + life;
  }
diff --git a/src/kdc/realm_data.h b/src/kdc/realm_data.h

index c1a64fba092f074618430ad7199493e64cf88e65..79ac1e1866be3adc8a15a7db4cf0137185209182 100644 (file)
--- a/src/kdc/realm_data.h
+++ b/src/kdc/realm_data.h
@@ -91,13 +91,6 @@ kdc_realm_t *setup_server_realm(struct server_handle *, krb5_principal);
   * properly declared in each function that uses these macros.
   */
  #define kdc_context                     kdc_active_realm->realm_context
-#define max_life_for_realm              kdc_active_realm->realm_maxlife
-#define max_renewable_life_for_realm    kdc_active_realm->realm_maxrlife
-#define master_keyblock                 kdc_active_realm->realm_mkey
-#define master_princ                    kdc_active_realm->realm_mprinc
  #define tgs_server                      kdc_active_realm->realm_tgsprinc
-#define reject_bad_transit              kdc_active_realm->realm_reject_bad_transit
-#define restrict_anon                   kdc_active_realm->realm_restrict_anon
-#define assume_des_crc_sess             kdc_active_realm->realm_assume_des_crc_sess
  
  #endif  /* REALM_DATA_H */
author	Greg Hudson <ghudson@mit.edu>
	Sun, 13 Jan 2013 15:54:37 +0000 (10:54 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Tue, 15 Jan 2013 20:05:23 +0000 (15:05 -0500)
src/kdc/do_as_req.c		patch \| blob \| blame \| history
src/kdc/do_tgs_req.c		patch \| blob \| blame \| history
src/kdc/kdc_util.c		patch \| blob \| blame \| history
src/kdc/realm_data.h		patch \| blob \| blame \| history