The Samba-Bugzilla – Attachment 452 Details for
Bug 1208
winbind in ads-security fails to reconnect (Invalid credentials)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
saves expire time at ticket acquisition time, and checks before using cached connection in winbind
winbind.renew.patch (text/plain), 4.10 KB, created by
Jim McDonough
on 2004-03-23 13:16:16 UTC
(
hide
)
Description:
saves expire time at ticket acquisition time, and checks before using cached connection in winbind
Filename:
MIME Type:
Creator:
Jim McDonough
Created:
2004-03-23 13:16:16 UTC
Size:
4.10 KB
patch
obsolete
>Index: include/ads.h >=================================================================== >RCS file: /home/cvs/samba/source/include/ads.h,v >retrieving revision 1.12.2.14 >diff -u -r1.12.2.14 ads.h >--- include/ads.h 22 Mar 2004 22:49:40 -0000 1.12.2.14 >+++ include/ads.h 23 Mar 2004 20:28:08 -0000 >@@ -29,6 +29,7 @@ > char *kdc_server; > unsigned flags; > int time_offset; >+ time_t expire; > } auth; > > /* info derived from the servers config */ >Index: libads/kerberos.c >=================================================================== >RCS file: /home/cvs/samba/source/libads/kerberos.c,v >retrieving revision 1.12.2.5 >diff -u -r1.12.2.5 kerberos.c >--- libads/kerberos.c 24 Oct 2002 01:05:30 -0000 1.12.2.5 >+++ libads/kerberos.c 23 Mar 2004 20:28:08 -0000 >@@ -54,7 +54,7 @@ > simulate a kinit, putting the tgt in the default cache location > remus@snapserver.com > */ >-int kerberos_kinit_password(const char *principal, const char *password, int time_offset) >+int kerberos_kinit_password(const char *principal, const char *password, int time_offset, time_t *expire_time) > { > krb5_context ctx; > krb5_error_code code = 0; >@@ -102,6 +102,9 @@ > return code; > } > >+ if (expire_time) >+ *expire_time = (time_t) my_creds.times.endtime; >+ > krb5_cc_close(ctx, cc); > krb5_free_cred_contents(ctx, &my_creds); > krb5_free_principal(ctx, me); >@@ -126,7 +129,7 @@ > return KRB5_LIBOS_CANTREADPWD; > } > >- ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset); >+ ret = kerberos_kinit_password(s, ads->auth.password, ads->auth.time_offset, &ads->auth.expire); > > if (ret) { > DEBUG(0,("kerberos_kinit_password %s failed: %s\n", >Index: libads/krb5_setpw.c >=================================================================== >RCS file: /home/cvs/samba/source/libads/krb5_setpw.c,v >retrieving revision 1.7.2.14 >diff -u -r1.7.2.14 krb5_setpw.c >--- libads/krb5_setpw.c 19 Aug 2003 22:47:10 -0000 1.7.2.14 >+++ libads/krb5_setpw.c 23 Mar 2004 20:28:08 -0000 >@@ -642,7 +642,7 @@ > { > int ret; > >- if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset))) { >+ if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) { > DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret))); > return ADS_ERROR_KRB5(ret); > } >Index: libsmb/cliconnect.c >=================================================================== >RCS file: /home/cvs/samba/source/libsmb/cliconnect.c,v >retrieving revision 1.71.2.54 >diff -u -r1.71.2.54 cliconnect.c >--- libsmb/cliconnect.c 19 Mar 2004 16:22:47 -0000 1.71.2.54 >+++ libsmb/cliconnect.c 23 Mar 2004 20:28:09 -0000 >@@ -718,7 +718,7 @@ > int ret; > > use_in_memory_ccache(); >- ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */); >+ ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL); > > if (ret){ > DEBUG(0, ("Kinit failed: %s\n", error_message(ret))); >Index: nsswitch/winbindd_ads.c >=================================================================== >RCS file: /home/cvs/samba/source/nsswitch/winbindd_ads.c,v >retrieving revision 1.43.2.39 >diff -u -r1.43.2.39 winbindd_ads.c >--- nsswitch/winbindd_ads.c 22 Mar 2004 22:57:21 -0000 1.43.2.39 >+++ nsswitch/winbindd_ads.c 23 Mar 2004 20:28:10 -0000 >@@ -43,7 +43,7 @@ > ads = (ADS_STRUCT *)domain->private; > > /* check for a valid structure */ >- if ( ads->config.realm ) { >+ if ( ads->config.realm && (ads->auth.expire > time(NULL))) { > return ads; > } > else { >Index: utils/ntlm_auth.c >=================================================================== >RCS file: /home/cvs/samba/source/utils/ntlm_auth.c,v >retrieving revision 1.6.2.43 >diff -u -r1.6.2.43 ntlm_auth.c >--- utils/ntlm_auth.c 11 Mar 2004 22:48:24 -0000 1.6.2.43 >+++ utils/ntlm_auth.c 23 Mar 2004 20:28:11 -0000 >@@ -1111,7 +1111,8 @@ > > pstr_sprintf(user, "%s@%s", opt_username, opt_domain); > >- if ((retval = kerberos_kinit_password(user, opt_password, 0))) { >+ if ((retval = kerberos_kinit_password(user, opt_password, >+ 0, NULL))) { > DEBUG(10, ("Requesting TGT failed: %s\n", error_message(retval))); > x_fprintf(x_stdout, "NA\n"); > return True;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 1208
: 452 |
457
|
465
|
466
|
467
|
484