svn commit: samba r22061 - in branches: SAMBA_3_0/source/nsswitch
SAMBA_3_0_25/source/nsswitch
jerry at samba.org
jerry at samba.org
Tue Apr 3 18:32:26 GMT 2007
Author: jerry
Date: 2007-04-03 18:32:25 +0000 (Tue, 03 Apr 2007)
New Revision: 22061
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22061
Log:
Fix the krb5 user ticket refresh event timeout in winbindd
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c
branches/SAMBA_3_0_25/source/nsswitch/winbindd_cred_cache.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c 2007-04-03 17:10:52 UTC (rev 22060)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c 2007-04-03 18:32:25 UTC (rev 22061)
@@ -27,10 +27,20 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
+/* uncomment this to to fast debugging on the krb5 ticket renewal event */
+#ifdef DEBUG_KRB5_TKT_RENEWAL
+#undef DEBUG_KRB5_TKT_RENEWAL
+#endif
+
#define MAX_CCACHES 100
static struct WINBINDD_CCACHE_ENTRY *ccache_list;
+/* The Krb5 ticket refresh handler should be scheduled
+ at one-half of the period from now till the tkt
+ expiration */
+#define KRB5_EVENT_REFRESH_TIME(x) ((x) - (((x) - time(NULL))/2))
+
/****************************************************************
Find an entry by name.
****************************************************************/
@@ -115,7 +125,13 @@
"for: %s in ccache: %s\n",
entry->principal_name, entry->ccname));
- new_start = entry->refresh_time;
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
+ new_start = time(NULL) + 30;
+#else
+ /* The tkt should be refreshed at one-half the period
+ from now to the expiration time */
+ new_start = KRB5_EVENT_REFRESH_TIME(entry->refresh_time);
+#endif
goto done;
}
@@ -126,6 +142,12 @@
entry->principal_name,
entry->service,
&new_start);
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
+ new_start = time(NULL) + 30;
+#else
+ new_start = KRB5_EVENT_REFRESH_TIME(new_start);
+#endif
+
gain_root_privilege();
if (ret) {
@@ -168,7 +190,6 @@
talloc_get_type_abort(private_data, struct WINBINDD_CCACHE_ENTRY);
#ifdef HAVE_KRB5
int ret;
- time_t new_start;
struct timeval t;
struct WINBINDD_MEMORY_CREDS *cred_ptr = entry->cred_ptr;
struct winbindd_domain *domain = NULL;
@@ -215,9 +236,6 @@
DEBUG(10,("krb5_ticket_gain_handler: successful kinit for: %s in ccache: %s\n",
entry->principal_name, entry->ccname));
- /* Renew at 1/2 the expiration time */
- new_start = entry->refresh_time / 2;
-
goto got_ticket;
}
@@ -233,11 +251,11 @@
got_ticket:
-#if 0 /* TESTING */
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
t = timeval_set(time(NULL) + 30, 0);
#else
- t = timeval_set(new_start, 0);
-#endif /* TESTING */
+ t = timeval_set(KRB5_EVENT_REFRESH_TIME(entry->refresh_time), 0);
+#endif
entry->event = event_add_timed(winbind_event_context(), entry,
t,
@@ -372,7 +390,11 @@
} else {
/* Renew at 1/2 the ticket expiration time */
entry->event = event_add_timed(winbind_event_context(), entry,
- timeval_set((ticket_end - 1)/2, 0),
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
+ timeval_set(time(NULL)+30, 0),
+#else
+ timeval_set(KRB5_EVENT_REFRESH_TIME(ticket_end), 0),
+#endif
"krb5_ticket_refresh_handler",
krb5_ticket_refresh_handler,
entry);
@@ -494,6 +516,7 @@
memcredp->len += strlen(pass)+1;
}
+
#if defined(LINUX)
/* aligning the memory on on x86_64 and compiling
with gcc 4.1 using -O2 causes a segv in the
Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_cred_cache.c
===================================================================
--- branches/SAMBA_3_0_25/source/nsswitch/winbindd_cred_cache.c 2007-04-03 17:10:52 UTC (rev 22060)
+++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_cred_cache.c 2007-04-03 18:32:25 UTC (rev 22061)
@@ -27,10 +27,20 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
+/* uncomment this to to fast debugging on the krb5 ticket renewal event */
+#ifdef DEBUG_KRB5_TKT_RENEWAL
+#undef DEBUG_KRB5_TKT_RENEWAL
+#endif
+
#define MAX_CCACHES 100
static struct WINBINDD_CCACHE_ENTRY *ccache_list;
+/* The Krb5 ticket refresh handler should be scheduled
+ at one-half of the period from now till the tkt
+ expiration */
+#define KRB5_EVENT_REFRESH_TIME(x) ((x) - (((x) - time(NULL))/2))
+
/****************************************************************
Find an entry by name.
****************************************************************/
@@ -115,7 +125,13 @@
"for: %s in ccache: %s\n",
entry->principal_name, entry->ccname));
- new_start = entry->refresh_time;
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
+ new_start = time(NULL) + 30;
+#else
+ /* The tkt should be refreshed at one-half the period
+ from now to the expiration time */
+ new_start = KRB5_EVENT_REFRESH_TIME(entry->refresh_time);
+#endif
goto done;
}
@@ -126,6 +142,12 @@
entry->principal_name,
entry->service,
&new_start);
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
+ new_start = time(NULL) + 30;
+#else
+ new_start = KRB5_EVENT_REFRESH_TIME(new_start);
+#endif
+
gain_root_privilege();
if (ret) {
@@ -168,7 +190,6 @@
talloc_get_type_abort(private_data, struct WINBINDD_CCACHE_ENTRY);
#ifdef HAVE_KRB5
int ret;
- time_t new_start;
struct timeval t;
struct WINBINDD_MEMORY_CREDS *cred_ptr = entry->cred_ptr;
struct winbindd_domain *domain = NULL;
@@ -215,9 +236,6 @@
DEBUG(10,("krb5_ticket_gain_handler: successful kinit for: %s in ccache: %s\n",
entry->principal_name, entry->ccname));
- /* Renew at 1/2 the expiration time */
- new_start = entry->refresh_time / 2;
-
goto got_ticket;
}
@@ -233,11 +251,11 @@
got_ticket:
-#if 0 /* TESTING */
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
t = timeval_set(time(NULL) + 30, 0);
#else
- t = timeval_set(new_start, 0);
-#endif /* TESTING */
+ t = timeval_set(KRB5_EVENT_REFRESH_TIME(entry->refresh_time), 0);
+#endif
entry->event = event_add_timed(winbind_event_context(), entry,
t,
@@ -372,7 +390,11 @@
} else {
/* Renew at 1/2 the ticket expiration time */
entry->event = event_add_timed(winbind_event_context(), entry,
- timeval_set((ticket_end - 1)/2, 0),
+#if defined(DEBUG_KRB5_TKT_RENEWAL)
+ timeval_set(time(NULL)+30, 0),
+#else
+ timeval_set(KRB5_EVENT_REFRESH_TIME(ticket_end), 0),
+#endif
"krb5_ticket_refresh_handler",
krb5_ticket_refresh_handler,
entry);
@@ -494,6 +516,7 @@
memcredp->len += strlen(pass)+1;
}
+
#if defined(LINUX)
/* aligning the memory on on x86_64 and compiling
with gcc 4.1 using -O2 causes a segv in the
More information about the samba-cvs
mailing list