[PATCH 02/10] s4-backupkey: Cert lifetime of 365 days, not secs

Mon Jul 7 11:14:36 MDT 2014

hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in
in seconds. The Windows 7 client didn't seem to care that the lifetime
was only 6'03''. Let's fix it anyway.


Note two other TODOs in this implementation not yet covered:

* Since notBefore is not set explicietely to "now", the heimdal code
  default of now-(24 hours) is applied.

* Server side validity checks and cert renewal are missing.


Signed-off-by: Arvid Requate <requate at univention.de>
---
 source4/rpc_server/backupkey/dcesrv_backupkey.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c 
b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 765caeb..50ceeeb 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -994,7 +994,7 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct 
dcesrv_call_state *dce_
        char *secret_name;
        struct bkrp_exported_RSA_key_pair keypair;
        enum ndr_err_code ndr_err;
-       uint32_t nb_days_validity = 365;
+       uint32_t nb_days_validity = 3600 * 24 * 365;
 
        DEBUG(6, ("Trying to generate a certificate\n"));
        hx509_context_init(&hctx);
-- 
2.0.0.rc2

