From ed80a7f8ff76089bdcfae7007dbdef42d05e2cc8 Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Tue, 1 Nov 2011 10:19:04 -0400 Subject: Support to request canonicalization in LDAP/IPA provider https://fedorahosted.org/sssd/ticket/957 --- src/providers/ldap/sdap_async_connection.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'src/providers/ldap/sdap_async_connection.c') diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index c69b9bce..076e7ee3 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -784,6 +784,7 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, const char *keytab, const char *principal, const char *realm, + bool canonicalize, int lifetime) { struct tevent_req *req; @@ -821,6 +822,18 @@ struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, } } + if (canonicalize) { + ret = setenv("KRB5_CANONICALIZE", "true", 1); + } else { + ret = setenv("KRB5_CANONICALIZE", "false", 1); + } + if (ret == -1) { + DEBUG(2, ("Failed to set KRB5_CANONICALIZE to %s\n", + ((canonicalize)?"true":"false"))); + talloc_free(req); + return NULL; + } + subreq = sdap_kinit_next_kdc(req); if (!subreq) { talloc_free(req); @@ -1400,6 +1413,8 @@ static void sdap_cli_kinit_step(struct tevent_req *req) dp_opt_get_string(state->opts->basic, SDAP_SASL_AUTHID), realm, + dp_opt_get_bool(state->opts->basic, + SDAP_KRB5_CANONICALIZE), dp_opt_get_int(state->opts->basic, SDAP_KRB5_TICKET_LIFETIME)); if (!subreq) { -- cgit