subject:"Re\: \[SSSD\] \[PATCH\] Improve handling of ccache files"

Re: [SSSD] [PATCH] Improve handling of ccache files

2009-11-20 Thread Sumit Bose

On Thu, Nov 19, 2009 at 02:31:36PM +0100, Sumit Bose wrote:
 Hi,
 
 this patch improves the handling of ccache files. It addresses two
 issues already discussed on the list.
 
 When randomized ccache file are used (or the client process id is used
 in the name of the ccache file) each authentication of the user created
 a new ccache file. This patch saves the name of the ccache in sysdb and
 reuses the saved file name if the user has running processes on the
 system. So a single user only has one active ccache file.
 
 If the authentication happens when the system is offline the kerberos
 related environment variables were not sent to the client. If a later
 authentication happens online the old session still cannot see the
 ccache file with the valid credentials. This patch send the environment
 variables bach to the client even when offline.
 
 bye,
 Sumit

Stephen found a compilation issue. The attached version should fix it.

bye,
Sumit
From d3e45ae1df2bea9b63e5c94900bc3b82affe01f9 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 9 Nov 2009 21:54:06 +0100
Subject: [PATCH] Improve handling of ccache files

- save current ccache file to sysdb
- use the saved ccache file if the user has running processes
- create an empty ccache if offline
- return enviroment variables if offline
---
 server/Makefile.am |   30 ++-
 server/db/sysdb.h  |1 +
 server/providers/krb5/krb5_auth.c  |  546 +---
 server/providers/krb5/krb5_auth.h  |3 +-
 server/providers/krb5/krb5_child.c |  250 ++---
 server/tests/find_uid-tests.c  |  124 
 server/util/find_uid.c |  297 
 server/util/find_uid.h |   36 +++
 8 files changed, 1081 insertions(+), 206 deletions(-)
 create mode 100644 server/tests/find_uid-tests.c
 create mode 100644 server/util/find_uid.c
 create mode 100644 server/util/find_uid.h

diff --git a/server/Makefile.am b/server/Makefile.am
index 196486a..b792836 100644
--- a/server/Makefile.am
+++ b/server/Makefile.am
@@ -68,10 +68,11 @@ if HAVE_CHECK
 resolv-tests \
 krb5-utils-tests \
 check_and_open-tests \
-   ipa_timerules-tests \
+ipa_timerules-tests \
 files-tests \
 refcount-tests \
-fail_over-tests
+fail_over-tests \
+find_uid-tests
 endif
 
 check_PROGRAMS = \
@@ -132,7 +133,7 @@ INI_CFG_LIBS = \
 DHASH_CFLAGS = \
 -I$(srcdir)/../common/dhash
 DHASH_LIBS = \
--L$(builddir)/../common/dhash/.libs/ \
+-L$(builddir)/../common/dhash/ \
 -ldhash
 
 AM_CPPFLAGS = -Wall \
@@ -266,6 +267,7 @@ dist_noinst_HEADERS = \
 util/sss_ldap.h \
 util/sss_krb5.h \
 util/refcount.h \
+util/find_uid.h \
 config.h \
 monitor/monitor.h \
 monitor/monitor_interfaces.h \
@@ -518,6 +520,20 @@ ipa_timerules_tests_LDADD = \
 $(TALLOC_LIBS) \
 $(CHECK_LIBS)
 
+find_uid_tests_SOURCES = \
+tests/find_uid-tests.c \
+util/find_uid.c \
+$(SSSD_DEBUG_OBJ)
+find_uid_tests_CFLAGS = \
+$(AM_CFLAGS) \
+$(TALLOC_CFLAGS) \
+$(DHASH_CFLAGS) \
+$(CHECK_CFLAGS)
+find_uid_tests_LDADD = \
+$(TALLOC_LIBS) \
+$(DHASH_LIBS) \
+$(CHECK_LIBS)
+
 endif
 
 stress_tests_SOURCES = \
@@ -564,6 +580,7 @@ libsss_proxy_la_LDFLAGS = \
 -module
 
 libsss_krb5_la_SOURCES = \
+util/find_uid.c \
 providers/krb5/krb5_utils.c \
 providers/krb5/krb5_become_user.c \
 providers/krb5/krb5_auth.c \
@@ -571,7 +588,9 @@ libsss_krb5_la_SOURCES = \
 providers/krb5/krb5_init.c
 libsss_krb5_la_CFLAGS = \
 $(AM_CFLAGS) \
-$(KRB5_CFLAGS)
+$(DHASH_CFLAGS)
+libsss_krb5_la_LIBADD = \
+$(DHASH_LIBS)
 libsss_krb5_la_LDFLAGS = \
 -version-info 1:0:0 \
 -module
@@ -593,6 +612,7 @@ libsss_ipa_la_SOURCES = \
 providers/ldap/sdap.c \
 util/sss_ldap.c \
 util/sss_krb5.c \
+util/find_uid.c \
 providers/krb5/krb5_utils.c \
 providers/krb5/krb5_become_user.c \
 providers/krb5/krb5_common.c \
@@ -600,9 +620,11 @@ libsss_ipa_la_SOURCES = \
 libsss_ipa_la_CFLAGS = \
 $(AM_CFLAGS) \
 $(LDAP_CFLAGS) \
+$(DHASH_CFLAGS) \
 $(KRB5_CFLAGS)
 libsss_ipa_la_LIBADD = \
 $(OPENLDAP_LIBS) \
+$(DHASH_LIBS) \
 $(KRB5_LIBS)
 libsss_ipa_la_LDFLAGS = \
 -version-info 1:0:0 \
diff --git a/server/db/sysdb.h b/server/db/sysdb.h
index a329985..f94b43f 100644
--- a/server/db/sysdb.h
+++ b/server/db/sysdb.h
@@ -72,6 +72,7 @@
 
 #define SYSDB_UUID uniqueID
 #define SYSDB_UPN userPrincipalName
+#define SYSDB_CCACHE_FILE ccacheFile
 
 #define SYSDB_ORIG_DN originalDN
 #define SYSDB_ORIG_MODSTAMP originalModifyTimestamp
diff --git a/server/providers/krb5/krb5_auth.c 
b/server/providers/krb5/krb5_auth.c
index d3e05e1..8068bce 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -29,10 +29,12 @@
 #include sys/wait.h
 #include fcntl.h
 #include pwd.h
+#include sys/stat.h

Re: [SSSD] [PATCH] Improve handling of ccache files

2009-11-20 Thread Stephen Gallagher

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/20/2009 08:41 AM, Sumit Bose wrote:
 On Thu, Nov 19, 2009 at 02:31:36PM +0100, Sumit Bose wrote:
 Hi,

 this patch improves the handling of ccache files. It addresses two
 issues already discussed on the list.

 When randomized ccache file are used (or the client process id is used
 in the name of the ccache file) each authentication of the user created
 a new ccache file. This patch saves the name of the ccache in sysdb and
 reuses the saved file name if the user has running processes on the
 system. So a single user only has one active ccache file.

 If the authentication happens when the system is offline the kerberos
 related environment variables were not sent to the client. If a later
 authentication happens online the old session still cannot see the
 ccache file with the valid credentials. This patch send the environment
 variables bach to the client even when offline.

 bye,
 Sumit
 
 Stephen found a compilation issue. The attached version should fix it.
 
 bye,
 Sumit
 
 
 
 ___
 sssd-devel mailing list
 sssd-devel@lists.fedorahosted.org
 https://fedorahosted.org/mailman/listinfo/sssd-devel

Ack.

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAksGrekACgkQeiVVYja6o6NXOACbB6ZZ65oMByh4mgSbe0ua2/1g
XkAAn3eAgXgamf1fora7CyZHS/+Ohz38
=LnZF
-END PGP SIGNATURE-
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Re: [SSSD] [PATCH] Improve handling of ccache files

2009-11-20 Thread Stephen Gallagher

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/20/2009 09:55 AM, Stephen Gallagher wrote:
 On 11/20/2009 08:41 AM, Sumit Bose wrote:
 On Thu, Nov 19, 2009 at 02:31:36PM +0100, Sumit Bose wrote:
 Hi,

 this patch improves the handling of ccache files. It addresses two
 issues already discussed on the list.

 When randomized ccache file are used (or the client process id is used
 in the name of the ccache file) each authentication of the user created
 a new ccache file. This patch saves the name of the ccache in sysdb and
 reuses the saved file name if the user has running processes on the
 system. So a single user only has one active ccache file.

 If the authentication happens when the system is offline the kerberos
 related environment variables were not sent to the client. If a later
 authentication happens online the old session still cannot see the
 ccache file with the valid credentials. This patch send the environment
 variables bach to the client even when offline.

 bye,
 Sumit
 
 Stephen found a compilation issue. The attached version should fix it.
 
 bye,
 Sumit
 
 
 
 ___
 sssd-devel mailing list
 sssd-devel@lists.fedorahosted.org
 https://fedorahosted.org/mailman/listinfo/sssd-devel
 
 Ack.
 

Pushed to master.
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAksGwjAACgkQeiVVYja6o6PVJQCfc30vaNFkBmZGmO827lMzTmEi
GQAAoIaYThvp5XpCYp+TUOReq3+5ZDgj
=nFGE
-END PGP SIGNATURE-
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Re: [SSSD] [PATCH] Improve handling of ccache files

Re: [SSSD] [PATCH] Improve handling of ccache files

Re: [SSSD] [PATCH] Improve handling of ccache files

3 matches

Site Navigation

Mail list logo

Footer information