The Samba-Bugzilla – Attachment 11051 Details for
Bug 11267
Winbindd does not reuse ldap connections if the connection is signed or sealed
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am cherry-pick from master for 4.2.next, 4.1.next.
0001-libads-record-service-ticket-endtime-for-sealed-ldap.patch (text/plain), 2.49 KB, created by
Jeremy Allison
on 2015-05-13 16:39:40 UTC
(
hide
)
Description:
git-am cherry-pick from master for 4.2.next, 4.1.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2015-05-13 16:39:40 UTC
Size:
2.49 KB
patch
obsolete
>From 86fdc58219342187920891cd12755a47ff891a4e Mon Sep 17 00:00:00 2001 >From: Uri Simchoni <urisimchoni@gmail.com> >Date: Sat, 9 May 2015 22:59:17 +0300 >Subject: [PATCH] libads: record service ticket endtime for sealed ldap > connections >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >When a ticket is obtained for binding a signed/sealed ldap connection, >its liftime should be recorded in the ads struct, in order to enable >reuse of the connection. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11267 > >Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Ralph Böhme <rb@sernet.de> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Wed May 13 04:32:16 CEST 2015 on sn-devel-104 > >(cherry picked from commit 40eac8e4d8bc85f2329b8ed6c5ba96a141dc20a3) >--- > source3/libads/sasl.c | 23 +++++++++++++++++++++++ > 1 file changed, 23 insertions(+) > >diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c >index 1450ff1..901e5bd 100644 >--- a/source3/libads/sasl.c >+++ b/source3/libads/sasl.c >@@ -458,6 +458,8 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t > DATA_BLOB unwrapped; > DATA_BLOB wrapped; > struct berval cred, *scred = NULL; >+ uint32_t context_validity = 0; >+ time_t context_endtime = 0; > > status = ads_init_gssapi_cred(ads, &gss_cred); > if (!ADS_ERR_OK(status)) { >@@ -652,6 +654,26 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t > goto failed; > } > >+ gss_rc = >+ gss_context_time(&minor_status, context_handle, &context_validity); >+ if (gss_rc == GSS_S_COMPLETE) { >+ if (context_validity != 0) { >+ context_endtime = time(NULL) + context_validity; >+ DEBUG(10, ("context (service ticket) valid for " >+ "%u seconds\n", >+ context_validity)); >+ } else { >+ DEBUG(10, ("context (service ticket) expired\n")); >+ } >+ } else { >+ DEBUG(1, ("gss_context_time failed (%d,%u) -" >+ " this will be a one-time context\n", >+ gss_rc, minor_status)); >+ if (gss_rc == GSS_S_CONTEXT_EXPIRED) { >+ DEBUG(10, ("context (service ticket) expired\n")); >+ } >+ } >+ > if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) { > uint32 max_msg_size = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED; > >@@ -677,6 +699,7 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t > context_handle = GSS_C_NO_CONTEXT; > } > >+ ads->auth.tgs_expire = context_endtime; > status = ADS_SUCCESS; > > failed: >-- >2.2.0.rc0.207.ga3a616c >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11051">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 11267
:
11039
|
11041
|
11048
| 11051