[PATCH] make use of "gensec_gssapi:requested_life_time" in s3/gse

Jeremy Allison jra at samba.org
Fri Mar 16 00:01:46 UTC 2018


On Thu, Mar 15, 2018 at 09:42:08AM +0100, Ralph Böhme via samba-technical wrote:
> Hi!
> 
> Attached is a simple patch to make use of use
> "gensec_gssapi:requested_life_time" in source3/gse similar to what is already in
> source3.
> 
> Please review&push if ok.

LGTM. RB+ and pushed.

Jeremy.

> -- 
> Ralph Boehme, Samba Team       https://samba.org/
> Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
> GPG Key Fingerprint:           FAE2 C608 8A24 2520 51C5
>                                59E4 AA1E 9B71 2639 9E46

> From e4b4258a2ef90640391c52822d5725824854fedc Mon Sep 17 00:00:00 2001
> From: Ralph Boehme <slow at samba.org>
> Date: Wed, 7 Mar 2018 12:52:15 +0100
> Subject: [PATCH] s3: gse: use "gensec_gssapi:requested_life_time"
> 
> Signed-off-by: Ralph Boehme <slow at samba.org>
> ---
>  source3/librpc/crypto/gse.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
> index 5cb664710ef..70e29c27923 100644
> --- a/source3/librpc/crypto/gse.c
> +++ b/source3/librpc/crypto/gse.c
> @@ -352,6 +352,12 @@ static NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx,
>  	char *server_principal = NULL;
>  	char *server_realm = NULL;
>  	bool fallback = false;
> +	OM_uint32 time_req = 0;
> +
> +	time_req = gensec_setting_int(gensec_security->settings,
> +				      "gensec_gssapi",
> +				      "requested_life_time",
> +				      time_req);
>  
>  	in_data.value = token_in->data;
>  	in_data.length = token_in->length;
> @@ -419,7 +425,7 @@ static NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx,
>  					       gse_ctx->server_name,
>  					       &gse_ctx->gss_mech,
>  					       gse_ctx->gss_want_flags,
> -					       0,
> +					       time_req,
>  					       GSS_C_NO_CHANNEL_BINDINGS,
>  					       &in_data,
>  					       NULL,
> @@ -476,7 +482,7 @@ static NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx,
>  					gse_ctx->server_name,
>  					&gse_ctx->gss_mech,
>  					gse_ctx->gss_want_flags,
> -					0, GSS_C_NO_CHANNEL_BINDINGS,
> +					time_req, GSS_C_NO_CHANNEL_BINDINGS,
>  					&in_data, NULL, &out_data,
>  					&gse_ctx->gss_got_flags, &time_rec);
>  	goto init_sec_context_done;
> -- 
> 2.13.6
> 




More information about the samba-technical mailing list