Bug 2301 - fake kaserver doesn't call VIOCUNLOG
fake kaserver doesn't call VIOCUNLOG
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: File Services
3.0.9
All All
: P3 normal
: none
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-03 01:54 UTC by Klas Lindfors
Modified: 2005-06-15 04:18 UTC (History)
1 user (show)

See Also:


Attachments
adds afs_unlog() to afs.c and calls it from close_cnum() (916 bytes, patch)
2005-02-03 01:56 UTC, Klas Lindfors
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Klas Lindfors 2005-02-03 01:54:55 UTC
the fake kaserver code doesn't call VIOCUNLOG to invalidate the tokens when
closing the connection. The risks for this actually making any difference
increases with my patch in bug #2151 that longens the token lifetimes.
Comment 1 Klas Lindfors 2005-02-03 01:56:26 UTC
Created attachment 940 [details]
adds afs_unlog() to afs.c and calls it from close_cnum()
Comment 2 Love 2005-06-14 03:51:17 UTC
Volker, I would like to see this patch commited, if you think its
the wrong place to do it, please propose a better place.

Having token hanging around it the kernel until the
gc hits is not a good idea.
Comment 3 Volker Lendecke 2005-06-15 04:18:03 UTC
I'm not entirely certain this is the right place to do it. In fact, I'm not sure
that the afs_login is correctly placed in the tconX call. The AFS token is a
user-based credential, and this would be better placed inside the session setup
that does the user authentication. Then the unlog should be in the smbunlog
call, but only if this is the last user session with this user id. A client
could issue several session setups for the same user, we would need to refcount
those.

That's the reason why I did not apply that patch yet.

Comments?

Volker