summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2007-04-03 18:32:25 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:19:07 -0500
commit01c8809f76ecf814d30550d27b2e5355d19d8eed (patch)
tree41e57995ce321ef12a939427b622318785949d9f
parent9b807d4f87d80e542bf8209d4ea4b6c09a953470 (diff)
downloadsamba-01c8809f76ecf814d30550d27b2e5355d19d8eed.tar.gz
samba-01c8809f76ecf814d30550d27b2e5355d19d8eed.tar.bz2
samba-01c8809f76ecf814d30550d27b2e5355d19d8eed.zip
r22061: Fix the krb5 user ticket refresh event timeout in winbindd
(This used to be commit 4a99b89618948f5518b9c685d1cdcfaad69bfc80)
-rw-r--r--source3/nsswitch/winbindd_cred_cache.c41
1 files changed, 32 insertions, 9 deletions
diff --git a/source3/nsswitch/winbindd_cred_cache.c b/source3/nsswitch/winbindd_cred_cache.c
index f161587e7a..368090c390 100644
--- a/source3/nsswitch/winbindd_cred_cache.c
+++ b/source3/nsswitch/winbindd_cred_cache.c
@@ -27,10 +27,20 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
+/* uncomment this to to fast debugging on the krb5 ticket renewal event */
+#ifdef DEBUG_KRB5_TKT_RENEWAL
+#undef DEBUG_KRB5_TKT_RENEWAL
+#endif
+
#define MAX_CCACHES 100
static struct WINBINDD_CCACHE_ENTRY *ccache_list;
+/* The Krb5 ticket refresh handler should be scheduled
+ at one-half of the period from now till the tkt
+ expiration */
+#define KRB5_EVENT_REFRESH_TIME(x) ((x) - (((x) - time(NULL))/2))
+
/****************************************************************
Find an entry by name.
****************************************************************/
@@ -115,7 +125,13 @@ static void krb5_ticket_refresh_handler(struct event_context *event_ctx,
"for: %s in ccache: %s\n",
entry->principal_name, entry->ccname));
- new_start = entry->refresh_time;
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
+ new_start = time(NULL) + 30;
+#else
+ /* The tkt should be refreshed at one-half the period
+ from now to the expiration time */
+ new_start = KRB5_EVENT_REFRESH_TIME(entry->refresh_time);
+#endif
goto done;
}
@@ -126,6 +142,12 @@ static void krb5_ticket_refresh_handler(struct event_context *event_ctx,
entry->principal_name,
entry->service,
&new_start);
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
+ new_start = time(NULL) + 30;
+#else
+ new_start = KRB5_EVENT_REFRESH_TIME(new_start);
+#endif
+
gain_root_privilege();
if (ret) {
@@ -168,7 +190,6 @@ static void krb5_ticket_gain_handler(struct event_context *event_ctx,
talloc_get_type_abort(private_data, struct WINBINDD_CCACHE_ENTRY);
#ifdef HAVE_KRB5
int ret;
- time_t new_start;
struct timeval t;
struct WINBINDD_MEMORY_CREDS *cred_ptr = entry->cred_ptr;
struct winbindd_domain *domain = NULL;
@@ -215,9 +236,6 @@ static void krb5_ticket_gain_handler(struct event_context *event_ctx,
DEBUG(10,("krb5_ticket_gain_handler: successful kinit for: %s in ccache: %s\n",
entry->principal_name, entry->ccname));
- /* Renew at 1/2 the expiration time */
- new_start = entry->refresh_time / 2;
-
goto got_ticket;
}
@@ -233,11 +251,11 @@ static void krb5_ticket_gain_handler(struct event_context *event_ctx,
got_ticket:
-#if 0 /* TESTING */
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
t = timeval_set(time(NULL) + 30, 0);
#else
- t = timeval_set(new_start, 0);
-#endif /* TESTING */
+ t = timeval_set(KRB5_EVENT_REFRESH_TIME(entry->refresh_time), 0);
+#endif
entry->event = event_add_timed(winbind_event_context(), entry,
t,
@@ -372,7 +390,11 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
} else {
/* Renew at 1/2 the ticket expiration time */
entry->event = event_add_timed(winbind_event_context(), entry,
- timeval_set((ticket_end - 1)/2, 0),
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
+ timeval_set(time(NULL)+30, 0),
+#else
+ timeval_set(KRB5_EVENT_REFRESH_TIME(ticket_end), 0),
+#endif
"krb5_ticket_refresh_handler",
krb5_ticket_refresh_handler,
entry);
@@ -494,6 +516,7 @@ static NTSTATUS store_memory_creds(struct WINBINDD_MEMORY_CREDS *memcredp, const
memcredp->len += strlen(pass)+1;
}
+
#if defined(LINUX)
/* aligning the memory on on x86_64 and compiling
with gcc 4.1 using -O2 causes a segv in the