summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
2c21cf6)
authorize on server, or check & encrypt rpc on client.
/* This is too coarse. We'll let mech determine it */
#define GSS_MAX_AUTH_PAYLOAD (128)
/* This is too coarse. We'll let mech determine it */
#define GSS_MAX_AUTH_PAYLOAD (128)
+/* FIXME we'd better make it expire sooner than it really is, since
+ * there's chance it might get expire between the last check and
+ * encrypt rpc. but the time between check & encrypt is not so certain.
+ */
+static inline
+unsigned long gss_roundup_expire_time(__u64 expiry)
+{
+ unsigned long cur = get_seconds();
+
+ if (expiry >= cur + obd_timeout)
+ return (unsigned long) expiry - obd_timeout;
+ return (unsigned long) expiry;
+}
+
/* gss_mech_switch.c */
int init_kerberos_module(void);
void cleanup_kerberos_module(void);
/* gss_mech_switch.c */
int init_kerberos_module(void);
void cleanup_kerberos_module(void);
CERROR("unable to get expire time\n");
ctx_expiry = 1; /* make it expired now */
}
CERROR("unable to get expire time\n");
ctx_expiry = 1; /* make it expired now */
}
- cred->pc_expire = (unsigned long) ctx_expiry;
+ cred->pc_expire = gss_roundup_expire_time(ctx_expiry);
write_lock(&gss_ctx_lock);
old = gcred->gc_ctx;
write_lock(&gss_ctx_lock);
old = gcred->gc_ctx;
kgss_mech_put(gm);
goto out;
}
kgss_mech_put(gm);
goto out;
}
- expiry = (time_t) ((__u32) ctx_expiry);
+ expiry = (time_t) gss_roundup_expire_time(ctx_expiry);