From 6d5741d03b44dbd811ec9e8a8b7f4dac250547f5 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Mon, 12 Aug 2013 15:20:41 -0500 Subject: [PATCH] kinit cmd: back-off more slowly and warn Also refactor AFS klog code so we do it only once on renew. --- kuser/kinit.c | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/kuser/kinit.c b/kuser/kinit.c index 5d956abc4..d81845855 100644 --- a/kuser/kinit.c +++ b/kuser/kinit.c @@ -272,7 +272,7 @@ copy_configs(krb5_context context, return 0; } -static int +static krb5_error_code renew_validate(krb5_context context, int renew, int validate, @@ -377,12 +377,6 @@ renew_validate(krb5_context context, } tempccache = NULL; -#ifndef NO_AFS - /* only do this if it's a general renew-my-tgt request */ - if (server == NULL && do_afslog && k_hasafs()) - krb5_afslog(context, cache, NULL, NULL); -#endif - out: if (tempccache) krb5_cc_close(context, tempccache); @@ -829,30 +823,39 @@ struct renew_ctx { static time_t renew_func(void *ptr) { + krb5_error_code ret; struct renew_ctx *ctx = ptr; time_t expire; time_t renew_expire; static time_t exp_delay = 1; + /* + * NOTE: We count on the ccache implementation to notice changes to the + * actual ccache filesystem/whatever objects. There should be no ccache + * types for which this is not the case, but it might not hurt to + * re-krb5_cc_resolve() after each successful renew_validate()/ + * get_new_tickets() call. + */ + expire = ticket_lifetime(ctx->context, ctx->ccache, ctx->principal, server_str, &renew_expire); if (renew_expire > expire) { - renew_validate(ctx->context, 1, validate_flag, ctx->ccache, + ret = renew_validate(ctx->context, 1, validate_flag, ctx->ccache, server_str, ctx->ticket_life); expire = ticket_lifetime(ctx->context, ctx->ccache, ctx->principal, server_str, &renew_expire); } if (expire < ctx->ticket_life / 2) { - get_new_tickets(ctx->context, ctx->principal, + ret = get_new_tickets(ctx->context, ctx->principal, ctx->ccache, ctx->ticket_life, 0); expire = ticket_lifetime(ctx->context, ctx->ccache, ctx->principal, server_str, &renew_expire); } #ifndef NO_AFS - if (do_afslog && k_hasafs()) + if (ret == 0 && server_str == NULL && do_afslog && k_hasafs()) krb5_afslog(ctx->context, ctx->ccache, NULL, NULL); #endif @@ -865,8 +868,16 @@ renew_func(void *ptr) */ if (expire < 1) { + /* + * We can't ask to keep spamming stderr but not syslog, so we warn + * only once. + */ + if (exp_delay == 1) { + krb5_warnx(ctx->context, N_("NOTICE: Could not renew/refresh " + "tickets", "")); + } if (exp_delay < 7200) - exp_delay *= 2; + exp_delay += exp_delay / 2 + 1; return exp_delay; } exp_delay = 1; @@ -1224,6 +1235,12 @@ main(int argc, char **argv) if (renew_flag || validate_flag) { ret = renew_validate(context, renew_flag, validate_flag, ccache, server_str, ticket_life); + +#ifndef NO_AFS + if (ret == 0 && server_str == NULL && do_afslog && k_hasafs()) + krb5_afslog(context, ccache, NULL, NULL); +#endif + exit(ret != 0); } @@ -1232,9 +1249,10 @@ main(int argc, char **argv) exit(1); #ifndef NO_AFS - if (do_afslog && k_hasafs()) + if (ret == 0 && server_str == NULL && do_afslog && k_hasafs()) krb5_afslog(context, ccache, NULL, NULL); #endif + if (argc > 1) { struct renew_ctx ctx; time_t timeout; -- 2.11.4.GIT