diff options
author | Günther Deschner <gd@samba.org> | 2007-02-08 17:02:39 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:17:50 -0500 |
commit | 69cee2a3ec4f39aab83a8cbf55307df182bf3065 (patch) | |
tree | 9fa3b999223e30149041cbd17665f19f18abdb1c /source3/include | |
parent | e6ce37679f121672802ea69e21d16ea360364389 (diff) | |
download | samba-69cee2a3ec4f39aab83a8cbf55307df182bf3065.tar.gz samba-69cee2a3ec4f39aab83a8cbf55307df182bf3065.tar.bz2 samba-69cee2a3ec4f39aab83a8cbf55307df182bf3065.zip |
r21240: Fix longstanding Bug #4009.
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
Diffstat (limited to 'source3/include')
-rw-r--r-- | source3/include/ads.h | 3 | ||||
-rw-r--r-- | source3/include/includes.h | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/source3/include/ads.h b/source3/include/ads.h index d97ae1531f..29df0d2f35 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -42,7 +42,8 @@ typedef struct { char *kdc_server; unsigned flags; int time_offset; - time_t expire; + time_t tgt_expire; + time_t tgs_expire; time_t renewable; } auth; diff --git a/source3/include/includes.h b/source3/include/includes.h index 8aaaba9799..3864faddb9 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -1165,7 +1165,7 @@ BOOL smb_krb5_principal_compare_any_realm(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2); int cli_krb5_get_ticket(const char *principal, time_t time_offset, - DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname); + DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname, time_t *tgs_expire); PAC_LOGON_INFO *get_logon_info_from_pac(PAC_DATA *pac_data); krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *new_start_time); krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code); |