From 9a8e30d04b1cfc53e8c8949a56d4f1cf5aa26501 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Wed, 24 Mar 2004 17:32:55 +0000 Subject: Fix bugzilla # 1208 Winbind tickets expired. We now check the expiration time, and acquire new tickets. We couln't rely on renewing them, because if we didn't get a request before they expired, we wouldn't have renewed them. Also, there is a one-week limit in MS on renewal life, so new tickets would have been needed after a week anyway. Default is 10 hours, so we should only be acquiring them that often, unless the configuration on the DC is changed (and the minimum is 1 hour). (This used to be commit c2436c433afaab4006554a86307f76b6689d6929) --- source3/libads/kerberos.c | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) (limited to 'source3/libads/kerberos.c') diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index bef2febaef..70f6f3386c 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -54,7 +54,7 @@ kerb_prompter(krb5_context ctx, void *data, simulate a kinit, putting the tgt in the default cache location remus@snapserver.com */ -int kerberos_kinit_password(const char *principal, const char *password, int time_offset) +int kerberos_kinit_password(const char *principal, const char *password, int time_offset, time_t *expire_time) { krb5_context ctx; krb5_error_code code = 0; @@ -102,6 +102,9 @@ int kerberos_kinit_password(const char *principal, const char *password, int tim return code; } + if (expire_time) + *expire_time = (time_t) my_creds.times.endtime; + krb5_cc_close(ctx, cc); krb5_free_cred_contents(ctx, &my_creds); krb5_free_principal(ctx, me); @@ -126,7 +129,7 @@ int ads_kinit_password(ADS_STRUCT *ads) return KRB5_LIBOS_CANTREADPWD; } - ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset); + ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset, &ads->auth.expire); if (ret) { DEBUG(0,("kerberos_kinit_password %s failed: %s\n", @@ -136,5 +139,37 @@ int ads_kinit_password(ADS_STRUCT *ads) return ret; } +int ads_kdestroy(const char *cc_name) +{ + krb5_error_code code; + krb5_context ctx; + krb5_ccache cc; + + if ((code = krb5_init_context (&ctx))) { + DEBUG(3, ("ads_kdestroy: kdb5_init_context rc=%d\n", code)); + return code; + } + + if (!cc_name) { + if ((code = krb5_cc_default(ctx, &cc))) { + krb5_free_context(ctx); + return code; + } + } else { + if ((code = krb5_cc_resolve(ctx, cc_name, &cc))) { + DEBUG(3, ("ads_kdestroy: krb5_cc_resolve rc=%d\n", + code)); + krb5_free_context(ctx); + return code; + } + } + + if ((code = krb5_cc_destroy (ctx, cc))) { + DEBUG(3, ("ads_kdestroy: krb5_cc_destroy rc=%d\n", code)); + } + + krb5_free_context (ctx); + return code; +} #endif -- cgit