diff options
| author | Jim McDonough <jmcd@samba.org> | 2004-03-24 17:32:55 +0000 |
|---|---|---|
| committer | Jim McDonough <jmcd@samba.org> | 2004-03-24 17:32:55 +0000 |
| commit | 9a8e30d04b1cfc53e8c8949a56d4f1cf5aa26501 (patch) | |
| tree | e483ee3c5a38bfd45503d3bd18c0b25904949edc /source3/libads | |
| parent | 7d7b6190b0d07441ded54f096e7f95f51dc31024 (diff) | |
| download | samba-9a8e30d04b1cfc53e8c8949a56d4f1cf5aa26501.tar.gz samba-9a8e30d04b1cfc53e8c8949a56d4f1cf5aa26501.tar.bz2 samba-9a8e30d04b1cfc53e8c8949a56d4f1cf5aa26501.zip | |
Fix bugzilla # 1208
Winbind tickets expired. We now check the expiration time, and acquire
new tickets. We couln't rely on renewing them, because if we didn't get
a request before they expired, we wouldn't have renewed them. Also, there
is a one-week limit in MS on renewal life, so new tickets would have been
needed after a week anyway. Default is 10 hours, so we should only be
acquiring them that often, unless the configuration on the DC is changed (and
the minimum is 1 hour).
(This used to be commit c2436c433afaab4006554a86307f76b6689d6929)
Diffstat (limited to 'source3/libads')
| -rw-r--r-- | source3/libads/kerberos.c | 39 | ||||
| -rw-r--r-- | source3/libads/krb5_setpw.c | 2 |
2 files changed, 38 insertions, 3 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index bef2febaef..70f6f3386c 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -54,7 +54,7 @@ kerb_prompter(krb5_context ctx, void *data, simulate a kinit, putting the tgt in the default cache location remus@snapserver.com */ -int kerberos_kinit_password(const char *principal, const char *password, int time_offset) +int kerberos_kinit_password(const char *principal, const char *password, int time_offset, time_t *expire_time) { krb5_context ctx; krb5_error_code code = 0; @@ -102,6 +102,9 @@ int kerberos_kinit_password(const char *principal, const char *password, int tim return code; } + if (expire_time) + *expire_time = (time_t) my_creds.times.endtime; + krb5_cc_close(ctx, cc); krb5_free_cred_contents(ctx, &my_creds); krb5_free_principal(ctx, me); @@ -126,7 +129,7 @@ int ads_kinit_password(ADS_STRUCT *ads) return KRB5_LIBOS_CANTREADPWD; } - ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset); + ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset, &ads->auth.expire); if (ret) { DEBUG(0,("kerberos_kinit_password %s failed: %s\n", @@ -136,5 +139,37 @@ int ads_kinit_password(ADS_STRUCT *ads) return ret; } +int ads_kdestroy(const char *cc_name) +{ + krb5_error_code code; + krb5_context ctx; + krb5_ccache cc; + + if ((code = krb5_init_context (&ctx))) { + DEBUG(3, ("ads_kdestroy: kdb5_init_context rc=%d\n", code)); + return code; + } + + if (!cc_name) { + if ((code = krb5_cc_default(ctx, &cc))) { + krb5_free_context(ctx); + return code; + } + } else { + if ((code = krb5_cc_resolve(ctx, cc_name, &cc))) { + DEBUG(3, ("ads_kdestroy: krb5_cc_resolve rc=%d\n", + code)); + krb5_free_context(ctx); + return code; + } + } + + if ((code = krb5_cc_destroy (ctx, cc))) { + DEBUG(3, ("ads_kdestroy: krb5_cc_destroy rc=%d\n", code)); + } + + krb5_free_context (ctx); + return code; +} #endif diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 9cf15221a8..16d3df83e9 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -642,7 +642,7 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server, { int ret; - if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset))) { + if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) { DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret))); return ADS_ERROR_KRB5(ret); } |