diff options
Diffstat (limited to 'src/providers/krb5')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 18 | ||||
-rw-r--r-- | src/providers/krb5/krb5_init_shared.c | 16 | ||||
-rw-r--r-- | src/providers/krb5/krb5_opts.h | 2 |
3 files changed, 30 insertions, 6 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 6c0f429f..00025bfc 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -827,6 +827,9 @@ static void krb5_auth_done(struct tevent_req *subreq) struct krb5_child_response *res; const char *store_ccname; struct fo_server *search_srv; + krb5_deltat renew_interval_delta; + char *renew_interval_str; + time_t renew_interval_time = 0; ret = handle_child_recv(subreq, pd, &buf, &len); talloc_zfree(subreq); @@ -1072,9 +1075,18 @@ static void krb5_auth_done(struct tevent_req *subreq) DEBUG(1, ("krb5_save_ccname failed.\n")); goto done; } - - if (res->msg_status == ERR_OK && - (dp_opt_get_int(kr->krb5_ctx->opts, KRB5_RENEW_INTERVAL) > 0) && + renew_interval_str = dp_opt_get_string(kr->krb5_ctx->opts, + KRB5_RENEW_INTERVAL); + if (renew_interval_str != NULL) { + ret = krb5_string_to_deltat(renew_interval_str, &renew_interval_delta); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Reading krb5_renew_interval failed.\n")); + renew_interval_delta = 0; + } + renew_interval_time = renew_interval_delta; + } + if (res->msg_status == ERR_OK && renew_interval_time > 0 && (pd->cmd == SSS_PAM_AUTHENTICATE || pd->cmd == SSS_CMD_RENEW || pd->cmd == SSS_PAM_CHAUTHTOK) && diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c index 0dac5fa6..c9eec2f8 100644 --- a/src/providers/krb5/krb5_init_shared.c +++ b/src/providers/krb5/krb5_init_shared.c @@ -30,7 +30,9 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, { errno_t ret; FILE *debug_filep; - time_t renew_intv; + time_t renew_intv = 0; + krb5_deltat renew_interval_delta; + char *renew_interval_str; if (dp_opt_get_bool(krb5_auth_ctx->opts, KRB5_STORE_PASSWORD_IF_OFFLINE)) { ret = init_delayed_online_authentication(krb5_auth_ctx, bectx, @@ -40,8 +42,18 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, goto done; } } + renew_interval_str = dp_opt_get_string(krb5_auth_ctx->opts, + KRB5_RENEW_INTERVAL); + if (renew_interval_str != NULL) { + ret = krb5_string_to_deltat(renew_interval_str, &renew_interval_delta); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Reading krb5_renew_interval failed.\n")); + renew_interval_delta = 0; + } + renew_intv = renew_interval_delta; + } - renew_intv = dp_opt_get_int(krb5_auth_ctx->opts, KRB5_RENEW_INTERVAL); if (renew_intv > 0) { ret = init_renew_tgt(krb5_auth_ctx, bectx, bectx->ev, renew_intv); if (ret != EOK) { diff --git a/src/providers/krb5/krb5_opts.h b/src/providers/krb5/krb5_opts.h index f29fbaaf..8ac29532 100644 --- a/src/providers/krb5/krb5_opts.h +++ b/src/providers/krb5/krb5_opts.h @@ -39,7 +39,7 @@ struct dp_option default_krb5_opts[] = { { "krb5_store_password_if_offline", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_renewable_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "krb5_renew_interval", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER }, + { "krb5_renew_interval", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, |