From b86041a3760faa9273f1df879e8bfa38fbbb84aa Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Fri, 21 Mar 2014 12:14:11 +0100

Subject: [PATCH 115/117] krb5-child: extract lifetime settings into

 set_lifetime_options()

Additionally the lifetime option flags are unset if there are no

explicit settings to make sure the defaults from krb5.conf are used even

if other values were set manually in between.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

---

 src/providers/krb5/krb5_child.c | 89 +++++++++++++++++++++++++----------------

 1 file changed, 55 insertions(+), 34 deletions(-)

diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c

index 7f07efc161d0242e64bd67e13dec9a3faa9f2e30..7ea111e108e189c6839feec0f1108175c0291605 100644

--- a/src/providers/krb5/krb5_child.c

+++ b/src/providers/krb5/krb5_child.c

@@ -65,6 +65,57 @@ struct krb5_req {

 static krb5_context krb5_error_ctx;

 #define KRB5_CHILD_DEBUG(level, error) KRB5_DEBUG(level, krb5_error_ctx, error)

+static krb5_error_code set_lifetime_options(krb5_get_init_creds_opt *options)

+{

+    char *lifetime_str;

+    krb5_error_code kerr;

+    krb5_deltat lifetime;

+

+    lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME);

+    if (lifetime_str == NULL) {

+        DEBUG(SSSDBG_CONF_SETTINGS, ("Cannot read [%s] from environment.\n",

+              SSSD_KRB5_RENEWABLE_LIFETIME));

+

+        /* Unset option flag to make sure defaults from krb5.conf are used. */

+        options->flags &= ~(KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE);

+    } else {

+        kerr = krb5_string_to_deltat(lifetime_str, &lifetime);

+        if (kerr != 0) {

+            DEBUG(SSSDBG_CRIT_FAILURE,

+                  ("krb5_string_to_deltat failed for [%s].\n",

+                      lifetime_str));

+            KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);

+            return kerr;

+        }

+        DEBUG(SSSDBG_CONF_SETTINGS, ("%s is set to [%s]\n",

+              SSSD_KRB5_RENEWABLE_LIFETIME, lifetime_str));

+        krb5_get_init_creds_opt_set_renew_life(options, lifetime);

+    }

+

+    lifetime_str = getenv(SSSD_KRB5_LIFETIME);

+    if (lifetime_str == NULL) {

+        DEBUG(SSSDBG_CONF_SETTINGS, ("Cannot read [%s] from environment.\n",

+              SSSD_KRB5_LIFETIME));

+

+        /* Unset option flag to make sure defaults from krb5.conf are used. */

+        options->flags &= ~(KRB5_GET_INIT_CREDS_OPT_TKT_LIFE);

+    } else {

+        kerr = krb5_string_to_deltat(lifetime_str, &lifetime);

+        if (kerr != 0) {

+            DEBUG(SSSDBG_CRIT_FAILURE,

+                  ("krb5_string_to_deltat failed for [%s].\n",

+                      lifetime_str));

+            KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);

+            return kerr;

+        }

+        DEBUG(SSSDBG_CONF_SETTINGS,

+              ("%s is set to [%s]\n", SSSD_KRB5_LIFETIME, lifetime_str));

+        krb5_get_init_creds_opt_set_tkt_life(options, lifetime);

+    }

+

+    return 0;

+}

+

 static void set_changepw_options(krb5_context ctx,

                                  krb5_get_init_creds_opt *options)

 {

@@ -1744,9 +1795,7 @@ static int k5c_setup_fast(struct krb5_req *kr, bool demand)

 static int k5c_setup(struct krb5_req *kr, uint32_t offline)

 {

     krb5_error_code kerr;

-    char *lifetime_str;

     char *use_fast_str;

-    krb5_deltat lifetime;

     int parse_flags;

     kr->realm = getenv(SSSD_KRB5_REALM);

@@ -1825,38 +1874,10 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline)

     krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0);

 #endif

-    lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME);

-    if (lifetime_str == NULL) {

-        DEBUG(SSSDBG_CONF_SETTINGS, ("Cannot read [%s] from environment.\n",

-              SSSD_KRB5_RENEWABLE_LIFETIME));

-    } else {

-        kerr = krb5_string_to_deltat(lifetime_str, &lifetime);

-        if (kerr != 0) {

-            DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n",

-                      lifetime_str));

-            KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);

-            return kerr;

-        }

-        DEBUG(SSSDBG_CONF_SETTINGS, ("%s is set to [%s]\n",

-              SSSD_KRB5_RENEWABLE_LIFETIME, lifetime_str));

-        krb5_get_init_creds_opt_set_renew_life(kr->options, lifetime);

-    }

-

-    lifetime_str = getenv(SSSD_KRB5_LIFETIME);

-    if (lifetime_str == NULL) {

-        DEBUG(SSSDBG_CONF_SETTINGS, ("Cannot read [%s] from environment.\n",

-              SSSD_KRB5_LIFETIME));

-    } else {

-        kerr = krb5_string_to_deltat(lifetime_str, &lifetime);

-        if (kerr != 0) {

-            DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n",

-                      lifetime_str));

-            KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);

-            return kerr;

-        }

-        DEBUG(SSSDBG_CONF_SETTINGS,

-              ("%s is set to [%s]\n", SSSD_KRB5_LIFETIME, lifetime_str));

-        krb5_get_init_creds_opt_set_tkt_life(kr->options, lifetime);

+    kerr = set_lifetime_options(kr->options);

+    if (kerr != 0) {

+        DEBUG(SSSDBG_OP_FAILURE, ("set_lifetime_options failed.\n"));

+        return kerr;

     }

     if (!offline) {

-- 

1.8.5.3