From 9cf8b08727803ba0563fd31b82b5575642a33a17 Mon Sep 17 00:00:00 2001 From: Uri Simchoni Date: Sat, 9 May 2015 22:38:34 +0300 Subject: [PATCH] libads: record service ticket endtime for sealed ldap connections When a ticket is obtained for binding a signed/sealed ldap connection, its liftime should be recorded in the ads struct, in order to enable reuse of the connection. Signed-off-by: Uri Simchoni --- source3/libads/sasl.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index ce3740f..14afbc3 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -458,6 +458,8 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t DATA_BLOB unwrapped; DATA_BLOB wrapped; struct berval cred, *scred = NULL; + uint32_t context_validity; + time_t context_endtime = 0; status = ads_init_gssapi_cred(ads, &gss_cred); if (!ADS_ERR_OK(status)) { @@ -652,6 +654,18 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t goto failed; } + gss_rc = + gss_context_time(&minor_status, context_handle, &context_validity); + if (gss_rc == 0) { + context_endtime = time(NULL) + context_validity; + DEBUG(10, ("context (service ticket) valid for %u seconds\n", + context_validity)); + } else { + DEBUG(1, ("gss_context_time failed (%d,%u) -" + " this will be a one-time context\n", + gss_rc, minor_status)); + } + if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) { uint32_t max_msg_size = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED; @@ -677,6 +691,7 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t context_handle = GSS_C_NO_CONTEXT; } + ads->auth.tgs_expire = context_endtime; status = ADS_SUCCESS; failed: -- 1.9.1