r4256: Add a patch from kllin@it.su.se: New Parameter 'afs token lifetime' tells the

AFS client when to throw away a token.

Thanks,

Volker

diff --git a/source/lib/afs.c b/source/lib/afs.c
index d3921ab9be7a994b7ae9cbe5a7c312b7cbb79089..5ff027ee01d50f98d563d08b80d68377ecc879b2 100644 (file)
--- a/source/lib/afs.c
+++ b/source/lib/afs.c
@@ -139,7 +139,11 @@ static BOOL afs_createtoken(const char *username, const char *cell,
        SIVAL(p, 0, now);
        ct->BeginTimestamp = now;
 
-       ct->EndTimestamp = now + (255*60*5);
+       if(lp_afs_token_lifetime() == 0)
+               ct->EndTimestamp = NEVERDATE;
+       else
+               ct->EndTimestamp = now + lp_afs_token_lifetime();
+
        if (((ct->EndTimestamp - ct->BeginTimestamp) & 1) == 1) {
                ct->BeginTimestamp += 1; /* Lifetime must be even */
        }

diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index d8aef215b84a1f4d3c113073e99631480bf94b91..c745da063aec6d2d47ae50fa35b35e0cf600631c 100644 (file)
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -127,6 +127,7 @@ typedef struct
        char *szSocketOptions;
        char *szRealm;
        char *szAfsUsernameMap;
+       int iAfsTokenLifetime;
        char *szUsernameMap;
        char *szLogonScript;
        char *szLogonPath;
@@ -1125,6 +1126,7 @@ static struct parm_struct parm_table[] = {
        {"socket address", P_STRING, P_GLOBAL, &Globals.szSocketAddress, NULL, NULL, FLAG_ADVANCED}, 
        {"homedir map", P_STRING, P_GLOBAL, &Globals.szNISHomeMapName, NULL, NULL, FLAG_ADVANCED}, 
        {"afs username map", P_STRING, P_GLOBAL, &Globals.szAfsUsernameMap, NULL, NULL, FLAG_ADVANCED}, 
+       {"afs token lifetime", P_INTEGER, P_GLOBAL, &Globals.iAfsTokenLifetime, NULL, NULL, FLAG_ADVANCED},
        {"time offset", P_INTEGER, P_GLOBAL, &extra_time_offset, NULL, NULL, FLAG_ADVANCED}, 
        {"NIS homedir", P_BOOL, P_GLOBAL, &Globals.bNISHomeMap, NULL, NULL, FLAG_ADVANCED}, 
        {"-valid", P_BOOL, P_LOCAL, &sDefault.valid, NULL, NULL, FLAG_HIDE}, 
@@ -1474,6 +1476,11 @@ static void init_globals(void)
        Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
        Globals.ldap_timeout = LDAP_CONNECT_DEFAULT_TIMEOUT;
 
+       /* This is what we tell the afs client. in reality we set the token 
+        * to never expire, though, when this runs out the afs client will 
+        * forget the token. Set to 0 to get NEVERDATE.*/
+       Globals.iAfsTokenLifetime = 604800;
+
 /* these parameters are set to defaults that are more appropriate
    for the increasing samba install base:
 
@@ -1647,6 +1654,7 @@ FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer)
 FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder)
 FN_GLOBAL_STRING(lp_realm, &Globals.szRealm)
 FN_GLOBAL_CONST_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap)
+FN_GLOBAL_INTEGER(lp_afs_token_lifetime, &Globals.iAfsTokenLifetime)
 FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
 FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript)
 FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath)