From: Zdeněk Šustr <sustr4@cesnet.cz>
Date: Fri, 3 Aug 2012 09:18:32 +0000 (+0000)
Subject: Workaround for failing GSS connections (reload server creds on every connection).
X-Git-Tag: glite-lb-server_R_2_4_3_1~1
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=0247be58c86a92b1bd6935339df38ff1255696a8;p=jra1mw.git

Workaround for failing GSS connections (reload server creds on every connection).
---

diff --git a/org.glite.lb.server/src/bkserverd.c b/org.glite.lb.server/src/bkserverd.c
index bfa0191..916e39a 100644
--- a/org.glite.lb.server/src/bkserverd.c
+++ b/org.glite.lb.server/src/bkserverd.c
@@ -1025,7 +1025,7 @@ int bk_handle_connection(int conn, struct timeval *timeout, void *data)
 	int			npref, totpref;
 
 
-
+#if 0
 	switch ( edg_wll_gss_watch_creds(server_cert, &cert_mtime) ) {
 	case 0: break;
 	case 1:
@@ -1041,6 +1041,15 @@ int bk_handle_connection(int conn, struct timeval *timeout, void *data)
 		glite_common_log(LOG_CATEGORY_SECURITY, LOG_PRIORITY_ERROR, "[%d] edg_wll_gss_watch_creds failed, unable to access credentials", getpid());
 		break;
 	}
+#else
+		if ( !edg_wll_gss_acquire_cred_gsi(server_cert, server_key, &newcred, &gss_code) ) {
+			glite_common_log(LOG_CATEGORY_SECURITY, LOG_PRIORITY_INFO, "[%d] reloading credentials successful", getpid());
+			edg_wll_gss_release_cred(&mycred, NULL);
+			mycred = newcred;
+		} else { 
+			glite_common_log(LOG_CATEGORY_SECURITY, LOG_PRIORITY_WARN, "[%d] reloading credentials failed, using old ones", getpid());
+		}
+#endif
 
 	if ( edg_wll_InitContext(&ctx) )
 	{