diff options
| -rw-r--r-- | src/man/sssd-krb5.5.xml | 8 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_common.c | 101 |
2 files changed, 73 insertions, 36 deletions
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index a499d758f..d1341d9b2 100644 --- a/src/man/sssd-krb5.5.xml +++ b/src/man/sssd-krb5.5.xml @@ -289,6 +289,10 @@ <emphasis>d</emphasis> days. </para> <para> + If there is no delimiter <emphasis>s</emphasis> is + assumed. + </para> + <para> Please note that it is not possible to mix units. If you want to set the renewable lifetime to one and a half hours please use '90m' instead of @@ -321,6 +325,10 @@ <emphasis>d</emphasis> days. </para> <para> + If there is no delimiter <emphasis>s</emphasis> is + assumed. + </para> + <para> Please note that it is not possible to mix units. If you want to set the lifetime to one and a half hours please use '90m' instead of '1h30m'. diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index cdc8437ff..43535c1ed 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -46,14 +46,65 @@ struct dp_option default_krb5_opts[] = { { "krb5_renew_interval", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER } }; +errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id, + const char *env_name) +{ + int ret; + char *str; + krb5_deltat lifetime; + bool free_str = false; + + str = dp_opt_get_string(opts, opt_id); + if (str == NULL || *str == '\0') { + DEBUG(5, ("No lifetime configured.\n")); + return EOK; + } + + if (isdigit(str[strlen(str)-1])) { + str = talloc_asprintf(opts, "%ss", str); + if (str == NULL) { + DEBUG(1, ("talloc_asprintf failed\n")); + return ENOMEM; + } + free_str = true; + + ret = dp_opt_set_string(opts, opt_id, str); + if (ret != EOK) { + DEBUG(1, ("dp_opt_set_string failed\n")); + goto done; + } + } + + ret = krb5_string_to_deltat(str, &lifetime); + if (ret != 0) { + DEBUG(1, ("Invalid value [%s] for a lifetime.\n", str)); + ret = EINVAL; + goto done; + } + + ret = setenv(env_name, str, 1); + if (ret != EOK) { + DEBUG(2, ("setenv [%s] failed.\n", env_name)); + goto done; + } + + ret = EOK; + +done: + if (free_str) { + talloc_free(str); + } + + return ret; +} + + errno_t check_and_export_options(struct dp_option *opts, struct sss_domain_info *dom) { int ret; const char *realm; const char *dummy; - char *str; - krb5_deltat lifetime; realm = dp_opt_get_cstring(opts, KRB5_REALM); if (realm == NULL) { @@ -71,42 +122,20 @@ errno_t check_and_export_options(struct dp_option *opts, SSSD_KRB5_REALM)); } - str = dp_opt_get_string(opts, KRB5_RENEWABLE_LIFETIME); - if (str == NULL) { - DEBUG(5, ("No renewable lifetime configured.\n")); - } else { - ret = krb5_string_to_deltat(str, &lifetime); - if (ret != 0) { - DEBUG(1, ("Invalid value [%s] for krb5_renewable_lifetime.\n", - str)); - return EINVAL; - } - - ret = setenv(SSSD_KRB5_RENEWABLE_LIFETIME, str, 1); - if (ret != EOK) { - DEBUG(2, ("setenv [%s] failed.\n", - SSSD_KRB5_RENEWABLE_LIFETIME)); - return ret; - } + ret = check_and_export_lifetime(opts, KRB5_RENEWABLE_LIFETIME, + SSSD_KRB5_RENEWABLE_LIFETIME); + if (ret != EOK) { + DEBUG(1, ("Failed to check value of krb5_renewable_lifetime. [%d][%s]\n", + ret, strerror(ret))); + return ret; } - str = dp_opt_get_string(opts, KRB5_LIFETIME); - if (str == NULL) { - DEBUG(5, ("No TGT lifetime configured.\n")); - } else { - ret = krb5_string_to_deltat(str, &lifetime); - if (ret != 0) { - DEBUG(1, ("Invalid value [%s] for krb5_lifetime.\n", - str)); - return EINVAL; - } - - ret = setenv(SSSD_KRB5_LIFETIME, str, 1); - if (ret != EOK) { - DEBUG(2, ("setenv [%s] failed.\n", - SSSD_KRB5_LIFETIME)); - return ret; - } + ret = check_and_export_lifetime(opts, KRB5_LIFETIME, + SSSD_KRB5_LIFETIME); + if (ret != EOK) { + DEBUG(1, ("Failed to check value of krb5_lifetime. [%d][%s]\n", + ret, strerror(ret))); + return ret; } dummy = dp_opt_get_cstring(opts, KRB5_KDC); |