diff options
author | Volker Lendecke <vlendec@samba.org> | 2004-12-17 11:42:10 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:40 -0500 |
commit | c96872d3ab895ccf122f077a54104542cb3f772b (patch) | |
tree | 42fc058fb76430f012f46a200411ec476247eb21 /source3 | |
parent | 35657ac39e27d6b8268430015c2750a3c8c1ce1e (diff) | |
download | samba-c96872d3ab895ccf122f077a54104542cb3f772b.tar.gz samba-c96872d3ab895ccf122f077a54104542cb3f772b.tar.bz2 samba-c96872d3ab895ccf122f077a54104542cb3f772b.zip |
r4256: Add a patch from kllin@it.su.se: New Parameter 'afs token lifetime' tells the
AFS client when to throw away a token.
Thanks,
Volker
(This used to be commit 836a8277b2281bcdb6eab8339b05bec61b49eb74)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/lib/afs.c | 6 | ||||
-rw-r--r-- | source3/param/loadparm.c | 8 |
2 files changed, 13 insertions, 1 deletions
diff --git a/source3/lib/afs.c b/source3/lib/afs.c index d3921ab9be..5ff027ee01 100644 --- a/source3/lib/afs.c +++ b/source3/lib/afs.c @@ -139,7 +139,11 @@ static BOOL afs_createtoken(const char *username, const char *cell, SIVAL(p, 0, now); ct->BeginTimestamp = now; - ct->EndTimestamp = now + (255*60*5); + if(lp_afs_token_lifetime() == 0) + ct->EndTimestamp = NEVERDATE; + else + ct->EndTimestamp = now + lp_afs_token_lifetime(); + if (((ct->EndTimestamp - ct->BeginTimestamp) & 1) == 1) { ct->BeginTimestamp += 1; /* Lifetime must be even */ } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index d8aef215b8..c745da063a 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -127,6 +127,7 @@ typedef struct char *szSocketOptions; char *szRealm; char *szAfsUsernameMap; + int iAfsTokenLifetime; char *szUsernameMap; char *szLogonScript; char *szLogonPath; @@ -1125,6 +1126,7 @@ static struct parm_struct parm_table[] = { {"socket address", P_STRING, P_GLOBAL, &Globals.szSocketAddress, NULL, NULL, FLAG_ADVANCED}, {"homedir map", P_STRING, P_GLOBAL, &Globals.szNISHomeMapName, NULL, NULL, FLAG_ADVANCED}, {"afs username map", P_STRING, P_GLOBAL, &Globals.szAfsUsernameMap, NULL, NULL, FLAG_ADVANCED}, + {"afs token lifetime", P_INTEGER, P_GLOBAL, &Globals.iAfsTokenLifetime, NULL, NULL, FLAG_ADVANCED}, {"time offset", P_INTEGER, P_GLOBAL, &extra_time_offset, NULL, NULL, FLAG_ADVANCED}, {"NIS homedir", P_BOOL, P_GLOBAL, &Globals.bNISHomeMap, NULL, NULL, FLAG_ADVANCED}, {"-valid", P_BOOL, P_LOCAL, &sDefault.valid, NULL, NULL, FLAG_HIDE}, @@ -1474,6 +1476,11 @@ static void init_globals(void) Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */ Globals.ldap_timeout = LDAP_CONNECT_DEFAULT_TIMEOUT; + /* This is what we tell the afs client. in reality we set the token + * to never expire, though, when this runs out the afs client will + * forget the token. Set to 0 to get NEVERDATE.*/ + Globals.iAfsTokenLifetime = 604800; + /* these parameters are set to defaults that are more appropriate for the increasing samba install base: @@ -1647,6 +1654,7 @@ FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer) FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder) FN_GLOBAL_STRING(lp_realm, &Globals.szRealm) FN_GLOBAL_CONST_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap) +FN_GLOBAL_INTEGER(lp_afs_token_lifetime, &Globals.iAfsTokenLifetime) FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap) FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript) FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath) |