[Freeipa-devel] [PATCH] ipasam SASL bind callback fixes
Sumit Bose
sbose at redhat.com
Wed Jul 4 18:22:11 UTC 2012
On Wed, Jul 04, 2012 at 08:57:44PM +0300, Alexander Bokovoy wrote:
> Hi,
>
> when chasing what looked like ccache corruption with Sumit, I've found
> yet another issue: use of local stack variable in long-time living code.
>
> This local stack use was absent in the original patch version and was
> proposed by Sumit on one of reviews. It worked for us by luck, it should
> not have.
>
> Hence, the patch that fixes the issue by moving service principal to a
> longer term storage (ipasam private struct).
>
> In order to avoid ccache corruption we also need to move back to
> in-memory ccache. When multiple LSASD and smbd processes try to auth
> against LDAP in ipasam, they may write to the same ccache (common
> ccache) when another process reads from it. This is not what we need.
>
> And writing to a persistent on-disk ccache is not needed anyway, as
> smbldap connections re-authenticate themselves (smbldap connections
> expire in few minutes).
>
> The patch also removes kerberos operations that are not needed when
> using memory ccache.
>
> --
> / Alexander Bokovoy
This patch works for me and I have no objections using the in-memory
ccache, so ACK from my side, but please wait for Simo's answer before
pushing.
Simo, you were in favour of using the default cache, do you
agree as well?
Before pushing please fix:
ipa_sam.c:3164:8: warning: unused variable 'ccache_name' [-Wunused-variable]
bye,
Sumit
More information about the Freeipa-devel
mailing list