diff options
Diffstat (limited to 'source3/libads')
| -rw-r--r-- | source3/libads/kerberos.c | 6 | ||||
| -rw-r--r-- | source3/libads/ldap_utils.c | 4 | ||||
| -rw-r--r-- | source3/libads/sasl.c | 8 |
3 files changed, 13 insertions, 5 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 92461bd9c1..8e8297b07e 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -110,6 +110,10 @@ int kerberos_kinit_password_ext(const char *principal, krb5_get_init_creds_opt_set_renew_life(opt, renewable_time); krb5_get_init_creds_opt_set_forwardable(opt, True); +#if 0 + /* insane testing */ + krb5_get_init_creds_opt_set_tkt_life(opt, 60); +#endif #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST if (request_pac) { @@ -216,7 +220,7 @@ int ads_kinit_password(ADS_STRUCT *ads) } ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset, - &ads->auth.expire, NULL, NULL, False, False, ads->auth.renewable); + &ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable); if (ret) { DEBUG(0,("kerberos_kinit_password %s failed: %s\n", diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c index af9e9af2b8..1da51b3c5c 100644 --- a/source3/libads/ldap_utils.c +++ b/source3/libads/ldap_utils.c @@ -110,10 +110,10 @@ static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind } SAFE_FREE(bp); - if (!ADS_ERR_OK(status)) + if (!ADS_ERR_OK(status)) { DEBUG(1,("ads reopen failed after error %s\n", ads_errstr(status))); - + } return status; } diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 7d1fd0d1a8..61fd54da1d 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -147,7 +147,8 @@ static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *princip DATA_BLOB session_key = data_blob(NULL, 0); int rc; - rc = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, &blob, &session_key, 0); + rc = spnego_gen_negTokenTarg(principal, ads->auth.time_offset, &blob, &session_key, 0, + &ads->auth.tgs_expire); if (rc) { return ADS_ERROR_KRB5(rc); @@ -218,7 +219,7 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) #endif free(OIDs[i]); } - DEBUG(3,("ads_sasl_spnego_bind: got server principal name =%s\n", principal)); + DEBUG(3,("ads_sasl_spnego_bind: got server principal name = %s\n", principal)); #ifdef HAVE_KRB5 if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) && @@ -229,6 +230,9 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) return status; } + DEBUG(10,("ads_sasl_spnego_krb5_bind failed with: %s, " + "calling kinit\n", ads_errstr(status))); + status = ADS_ERROR_KRB5(ads_kinit_password(ads)); if (ADS_ERR_OK(status)) { |