From: Arvid Requate <requate@univention.de>
Date: Mon, 7 Jul 2014 15:59:29 +0000 (+0200)
Subject: s4-backupkey: Cert lifetime of 365 days, not secs
X-Git-Tag: samba-4.2.0~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b75a0cb352272fe48c286170996171fce7ed417;p=thirdparty%2Fsamba.git

s4-backupkey: Cert lifetime of 365 days, not secs

hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in
in seconds. The Windows 7 client didn't seem to care that the lifetime
was only 6'03''. Two other TODOs in this implementation:

* Since notBefore is not set explicietely to "now", the heimdal code
  default of now-(24 hours) is applied.

* Server side validity checks and cert renewal are missing.

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 89803009b957b980818aa971a0f5dd14f75cbbe1)
---

diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 7daa500ce5a..5abfa87b022 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -994,7 +994,7 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
 	char *secret_name;
 	struct bkrp_exported_RSA_key_pair keypair;
 	enum ndr_err_code ndr_err;
-	uint32_t nb_days_validity = 365;
+	uint32_t nb_days_validity = 3600 * 24 * 365;
 
 	DEBUG(6, ("Trying to generate a certificate\n"));
 	hx509_context_init(&hctx);