The Samba-Bugzilla – Attachment 12009 Details for
Bug 11852
winbindd does not reuse sealed ldap connections (regression)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.4.next, 4.3.next, 4.2.next
ldap_session_time.patch (text/plain), 1.89 KB, created by
Uri Simchoni
on 2016-04-19 17:26:12 UTC
(
hide
)
Description:
git-am fix for 4.4.next, 4.3.next, 4.2.next
Filename:
MIME Type:
Creator:
Uri Simchoni
Created:
2016-04-19 17:26:12 UTC
Size:
1.89 KB
patch
obsolete
>From f600edcc07f2d73e4d213413b5be3e3c5ee53ef3 Mon Sep 17 00:00:00 2001 >From: Uri Simchoni <uri@samba.org> >Date: Mon, 18 Apr 2016 23:08:38 +0300 >Subject: [PATCH] libads: record session expiry for spnego sasl binds > >With the move to gensec-based spnego, record the session expiry >in tgs_expire, so that libads users such as winbindd can use this info >to determine how long to keep the connection. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11852 > >Signed-off-by: Uri Simchoni <uri@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Uri Simchoni <uri@samba.org> >Autobuild-Date(master): Tue Apr 19 16:53:57 CEST 2016 on sn-devel-144 > >(cherry picked from commit 34482eb7cc3d74c8de510309332e8ab176d0f3c0) >--- > source3/libads/sasl.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > >diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c >index 22aa9cf..b8d4527 100644 >--- a/source3/libads/sasl.c >+++ b/source3/libads/sasl.c >@@ -134,6 +134,7 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads, > struct auth_generic_state *auth_generic_state; > bool use_spnego_principal = lp_client_use_spnego_principal(); > const char *sasl_list[] = { sasl, NULL }; >+ NTTIME end_nt_time; > > nt_status = auth_generic_client_prepare(NULL, &auth_generic_state); > if (!NT_STATUS_IS_OK(nt_status)) { >@@ -307,6 +308,14 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads, > } > } > >+ ads->auth.tgs_expire = LONG_MAX; >+ end_nt_time = gensec_expire_time(auth_generic_state->gensec_security); >+ if (end_nt_time != GENSEC_EXPIRE_TIME_INFINITY) { >+ struct timeval tv; >+ nttime_to_timeval(&tv, end_nt_time); >+ ads->auth.tgs_expire = tv.tv_sec; >+ } >+ > if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) { > size_t max_wrapped = gensec_max_wrapped_size(auth_generic_state->gensec_security); > ads->ldap.out.max_unwrapped = gensec_max_input_size(auth_generic_state->gensec_security); >-- >2.5.5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12009">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
uri
:
review?
(
abartlet
)
jra
:
review+
Actions:
View
Attachments on
bug 11852
: 12009