mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
libads: record service ticket endtime for sealed ldap connections
When a ticket is obtained for binding a signed/sealed ldap connection, its liftime should be recorded in the ads struct, in order to enable reuse of the connection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11267 Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <rb@sernet.de> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed May 13 04:32:16 CEST 2015 on sn-devel-104
This commit is contained in:
parent
9efa61c863
commit
40eac8e4d8
@ -458,6 +458,8 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t
|
||||
DATA_BLOB unwrapped;
|
||||
DATA_BLOB wrapped;
|
||||
struct berval cred, *scred = NULL;
|
||||
uint32_t context_validity = 0;
|
||||
time_t context_endtime = 0;
|
||||
|
||||
status = ads_init_gssapi_cred(ads, &gss_cred);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
@ -652,6 +654,26 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t
|
||||
goto failed;
|
||||
}
|
||||
|
||||
gss_rc =
|
||||
gss_context_time(&minor_status, context_handle, &context_validity);
|
||||
if (gss_rc == GSS_S_COMPLETE) {
|
||||
if (context_validity != 0) {
|
||||
context_endtime = time(NULL) + context_validity;
|
||||
DEBUG(10, ("context (service ticket) valid for "
|
||||
"%u seconds\n",
|
||||
context_validity));
|
||||
} else {
|
||||
DEBUG(10, ("context (service ticket) expired\n"));
|
||||
}
|
||||
} else {
|
||||
DEBUG(1, ("gss_context_time failed (%d,%u) -"
|
||||
" this will be a one-time context\n",
|
||||
gss_rc, minor_status));
|
||||
if (gss_rc == GSS_S_CONTEXT_EXPIRED) {
|
||||
DEBUG(10, ("context (service ticket) expired\n"));
|
||||
}
|
||||
}
|
||||
|
||||
if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
|
||||
uint32_t max_msg_size = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED;
|
||||
|
||||
@ -677,6 +699,7 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t
|
||||
context_handle = GSS_C_NO_CONTEXT;
|
||||
}
|
||||
|
||||
ads->auth.tgs_expire = context_endtime;
|
||||
status = ADS_SUCCESS;
|
||||
|
||||
failed:
|
||||
|
Loading…
Reference in New Issue
Block a user