diff options
| author | Volker Lendecke <vl@samba.org> | 2020-08-07 13:40:58 +0200 |
|---|---|---|
| committer | Volker Lendecke <vl@samba.org> | 2020-08-21 19:14:32 +0000 |
| commit | 77f72fb01faba45babfe6080f805361492ce49e5 (patch) | |
| tree | 68490780b1007a81832e042af88e6ea288bdfb82 /source4 | |
| parent | 35c4bb0b0c55a65490fe199edb1a534548104e95 (diff) | |
| download | samba-77f72fb01faba45babfe6080f805361492ce49e5.tar.gz | |
ldap_server: Add the krb5 expiry to conn->limits
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/ldap_server/ldap_bind.c | 15 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_server.c | 4 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_server.h | 1 |
3 files changed, 20 insertions, 0 deletions
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 5cddecd79be..54493d040ff 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -29,6 +29,7 @@ #include "auth/gensec/gensec_tstream.h" #include "param/param.h" #include "../lib/util/tevent_ntstatus.h" +#include "lib/util/time_basic.h" static char *ldapsrv_bind_error_msg(TALLOC_CTX *mem_ctx, HRESULT hresult, @@ -483,6 +484,7 @@ static void ldapsrv_BindSASL_done(struct tevent_req *subreq) const char *errstr = NULL; char *ldb_errstring = NULL; DATA_BLOB output = data_blob_null; + NTTIME expire_time_nt; status = gensec_update_recv(subreq, call, &output); TALLOC_FREE(subreq); @@ -602,6 +604,19 @@ static void ldapsrv_BindSASL_done(struct tevent_req *subreq) goto do_reply; } + expire_time_nt = gensec_expire_time(conn->gensec); + if (expire_time_nt != GENSEC_EXPIRE_TIME_INFINITY) { + struct timeval_buf buf; + + nttime_to_timeval(&conn->limits.expire_time, expire_time_nt); + + DBG_DEBUG("Setting connection expire_time to %s\n", + timeval_str_buf(&conn->limits.expire_time, + false, + true, + &buf)); + } + if (context != NULL) { const void *ptr = NULL; diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index cd291c061be..036dfaab5ae 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -47,6 +47,7 @@ #include "../lib/util/tevent_ntstatus.h" #include "../libcli/util/tstream.h" #include "libds/common/roles.h" +#include "lib/util/time.h" static void ldapsrv_terminate_connection_done(struct tevent_req *subreq); @@ -178,6 +179,9 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn) conn->limits.max_page_size = 1000; conn->limits.max_notifications = 5; conn->limits.search_timeout = 120; + conn->limits.expire_time = (struct timeval) { + .tv_sec = get_time_t_max(), + }; tmp_ctx = talloc_new(conn); diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h index e1efe8a4943..74c19fd2fbc 100644 --- a/source4/ldap_server/ldap_server.h +++ b/source4/ldap_server/ldap_server.h @@ -61,6 +61,7 @@ struct ldapsrv_connection { int max_notifications; int search_timeout; struct timeval endtime; + struct timeval expire_time; /* Krb5 ticket expiry */ const char *reason; } limits; |