diff options
author | Sumit Bose <sbose@redhat.com> | 2010-05-11 17:51:02 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-16 13:28:15 -0400 |
commit | ebb6e30d687a4d6626c735234c85cbb5b06a26aa (patch) | |
tree | 3a925d3c8237c08d0959523858e6ec0ba71ad8a1 /src/providers/ldap/ldap_child.c | |
parent | e6ae55d5423434d5dc6c236e8647b33610d30e2e (diff) | |
download | sssd-ebb6e30d687a4d6626c735234c85cbb5b06a26aa.tar.gz sssd-ebb6e30d687a4d6626c735234c85cbb5b06a26aa.tar.xz sssd-ebb6e30d687a4d6626c735234c85cbb5b06a26aa.zip |
Add ldap_krb5_ticket_lifetime option
Diffstat (limited to 'src/providers/ldap/ldap_child.c')
-rw-r--r-- | src/providers/ldap/ldap_child.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 6a78ca012..3369d7098 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -40,6 +40,7 @@ struct input_buffer { const char *realm_str; const char *princ_str; const char *keytab_name; + krb5_deltat lifetime; }; static errno_t unpack_buffer(uint8_t *buf, size_t size, @@ -86,6 +87,10 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, p += len; } + /* ticket lifetime */ + SAFEALIGN_COPY_INT32_CHECK(&ibuf->lifetime, buf + p, size, &p); + DEBUG(7, ("lifetime: %d\n", ibuf->lifetime)); + return EOK; } @@ -118,6 +123,7 @@ static int ldap_child_get_tgt_sync(TALLOC_CTX *memctx, const char *realm_str, const char *princ_str, const char *keytab_name, + const krb5_deltat lifetime, const char **ccname_out) { char *ccname; @@ -220,8 +226,7 @@ static int ldap_child_get_tgt_sync(TALLOC_CTX *memctx, krb5_get_init_creds_opt_set_address_list(&options, NULL); krb5_get_init_creds_opt_set_forwardable(&options, 0); krb5_get_init_creds_opt_set_proxiable(&options, 0); - /* set a very short lifetime, we don't keep the ticket around */ - krb5_get_init_creds_opt_set_tkt_life(&options, 300); + krb5_get_init_creds_opt_set_tkt_life(&options, lifetime); krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, keytab, 0, NULL, &options); @@ -392,7 +397,7 @@ int main(int argc, const char *argv[]) kerr = ldap_child_get_tgt_sync(main_ctx, ibuf->realm_str, ibuf->princ_str, - ibuf->keytab_name, &ccname); + ibuf->keytab_name, ibuf->lifetime, &ccname); if (kerr != EOK) { DEBUG(1, ("ldap_child_get_tgt_sync failed.\n")); /* Do not return, must report failure */ |