[PATCH] libads: record service ticket endtime for sealed ldap connections

Ralph Böhme rb at sernet.de
Tue May 12 14:55:13 MDT 2015


On Tue, May 12, 2015 at 11:57:18AM -0700, Jeremy Allison wrote:
> On Tue, May 12, 2015 at 08:41:33PM +0200, Ralph Böhme wrote:
> > 
> > shouldn't we use the proper defines per the doc instead of simply
> > checking 0? Haven't looked at what the rest of the codes does wrtt,
> > but this doesn't look right to me.
> > 
> > Cf <http://www.gnu.org/software/gss/manual/html_node/Context_002dLevel-Routines.html>
> > 
> > Return value:
> > 
> > GSS_S_COMPLETE: Successful completion.
> > GSS_S_CONTEXT_EXPIRED: The context has already expired.
> > GSS_S_NO_CONTEXT: The context_handle parameter did not identify a valid context
> > 
> > But to me that doesn't make it clear whethe an expired context should
> > be detected via GSS_S_COMPLETE && (context_validity == 0), or via
> > GSS_S_CONTEXT_EXPIRED.
> > 
> > Afaict an expired context will return GSS_S_CONTEXT_EXPIRED, not
> > GSS_S_COMPLETE (== 0?) and context_validity = 0. Go figure... ;)
> 
> OK - good points. How about the following. Uses defines
> and also detect an expired context whatever way it's
> reported. (FYI, I'm pretty sure GSS_S_COMPLETE == 0,
> but you're right in that we should use the constants :-).
> 
> Let me know if you're happy with this one !

I am! ;)
rb: me.

Cheerio!
-slow

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de,mailto:kontakt@sernet.de


More information about the samba-technical mailing list