Bug 2301 - fake kaserver doesn't call VIOCUNLOG
Summary: fake kaserver doesn't call VIOCUNLOG
Status: NEW
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.9
Hardware: All All
: P3 normal
Target Milestone: none
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-02-03 01:54 UTC by Klas Lindfors
Modified: 2005-06-15 04:18 UTC (History)
1 user (show)

See Also:

Attachments
adds afs_unlog() to afs.c and calls it from close_cnum() (916 bytes, patch)
2005-02-03 01:56 UTC, Klas Lindfors 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Klas Lindfors 2005-02-03 01:54:55 UTC 
the fake kaserver code doesn't call VIOCUNLOG to invalidate the tokens when
closing the connection. The risks for this actually making any difference
increases with my patch in bug #2151 that longens the token lifetimes.
Comment 1 Klas Lindfors 2005-02-03 01:56:26 UTC 
Created attachment 940 [details]
adds afs_unlog() to afs.c and calls it from close_cnum()
Comment 2 Love 2005-06-14 03:51:17 UTC 
Volker, I would like to see this patch commited, if you think its
the wrong place to do it, please propose a better place.

Having token hanging around it the kernel until the
gc hits is not a good idea.
Comment 3 Volker Lendecke 2005-06-15 04:18:03 UTC 
I'm not entirely certain this is the right place to do it. In fact, I'm not sure
that the afs_login is correctly placed in the tconX call. The AFS token is a
user-based credential, and this would be better placed inside the session setup
that does the user authentication. Then the unlog should be in the smbunlog
call, but only if this is the last user session with this user id. A client
could issue several session setups for the same user, we would need to refcount
those.

That's the reason why I did not apply that patch yet.

Comments?

Volker