diff options
author | Sumit Bose <sbose@redhat.com> | 2010-05-11 17:51:02 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-16 13:28:43 -0400 |
commit | bc45212faf209b10d2d6eb57e056a5e6f04b0876 (patch) | |
tree | 13acb88ce72e2c7f0d584e2b6bc175e6bfe5b793 /src/providers/ldap/ldap_child.c | |
parent | 6597b6ee3c848079c11975e4d9d02a567fdb7cf6 (diff) | |
download | sssd-bc45212faf209b10d2d6eb57e056a5e6f04b0876.tar.gz sssd-bc45212faf209b10d2d6eb57e056a5e6f04b0876.tar.xz sssd-bc45212faf209b10d2d6eb57e056a5e6f04b0876.zip |
Add ldap_krb5_ticket_lifetime option
Diffstat (limited to 'src/providers/ldap/ldap_child.c')
-rw-r--r-- | src/providers/ldap/ldap_child.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 6a78ca012..3369d7098 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -40,6 +40,7 @@ struct input_buffer { const char *realm_str; const char *princ_str; const char *keytab_name; + krb5_deltat lifetime; }; static errno_t unpack_buffer(uint8_t *buf, size_t size, @@ -86,6 +87,10 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, p += len; } + /* ticket lifetime */ + SAFEALIGN_COPY_INT32_CHECK(&ibuf->lifetime, buf + p, size, &p); + DEBUG(7, ("lifetime: %d\n", ibuf->lifetime)); + return EOK; } @@ -118,6 +123,7 @@ static int ldap_child_get_tgt_sync(TALLOC_CTX *memctx, const char *realm_str, const char *princ_str, const char *keytab_name, + const krb5_deltat lifetime, const char **ccname_out) { char *ccname; @@ -220,8 +226,7 @@ static int ldap_child_get_tgt_sync(TALLOC_CTX *memctx, krb5_get_init_creds_opt_set_address_list(&options, NULL); krb5_get_init_creds_opt_set_forwardable(&options, 0); krb5_get_init_creds_opt_set_proxiable(&options, 0); - /* set a very short lifetime, we don't keep the ticket around */ - krb5_get_init_creds_opt_set_tkt_life(&options, 300); + krb5_get_init_creds_opt_set_tkt_life(&options, lifetime); krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, keytab, 0, NULL, &options); @@ -392,7 +397,7 @@ int main(int argc, const char *argv[]) kerr = ldap_child_get_tgt_sync(main_ctx, ibuf->realm_str, ibuf->princ_str, - ibuf->keytab_name, &ccname); + ibuf->keytab_name, ibuf->lifetime, &ccname); if (kerr != EOK) { DEBUG(1, ("ldap_child_get_tgt_sync failed.\n")); /* Do not return, must report failure */ |