From: Zdeněk Salvet <salvet@ics.muni.cz>
Date: Wed, 22 Aug 2007 13:58:29 +0000 (+0000)
Subject: Make edg_wll_gss_watch_creds() useful again (workaround the Globus
X-Git-Tag: glite-security-gsoap-plugin_R_1_5_0_1~4
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=4b7d1c7f90a5cc1ddbdc6c736f886cefa55fb2e3;p=jra1mw.git

Make edg_wll_gss_watch_creds() useful again (workaround the Globus
bug concerning CRL caching) by requesting credential reload each 60
seconds. Interface remains unchanged.
---

diff --git a/org.glite.security.gsoap-plugin/src/glite_gss.c b/org.glite.security.gsoap-plugin/src/glite_gss.c
index d158ff3..b3b4198 100644
--- a/org.glite.security.gsoap-plugin/src/glite_gss.c
+++ b/org.glite.security.gsoap-plugin/src/glite_gss.c
@@ -944,24 +944,32 @@ edg_wll_gss_write_full(edg_wll_GssConnection *connection, const void *buf,
    return edg_wll_gss_write(connection, buf, bufsize, timeout, gss_code);
 }
 
-/* XXX: I'm afraid the contents of stuct stat is somewhat OS dependent */
+/* Request credential reload each 60 seconds in order to work around
+ * Globus bug (not reloading expired CRLs)
+ */
+#define GSS_CRED_WATCH_LIMIT	60
 int
-edg_wll_gss_watch_creds(const char *proxy_file, time_t *proxy_mtime)
+edg_wll_gss_watch_creds(const char *proxy_file, time_t *last_time)
 {
 	struct stat	pstat;
-	int	reload = 0;
+	time_t	now;
+
+	now = time(NULL);
+
+	if ( now >= (*last_time+GSS_CRED_WATCH_LIMIT) ) {
+		*last_time = now;
+		return 1;
+	}
 
 	if (!proxy_file) return 0;
 	if (stat(proxy_file,&pstat)) return -1;
 
-	if (!*proxy_mtime) *proxy_mtime = pstat.st_mtime;
-
-	if (*proxy_mtime != pstat.st_mtime) {
-		*proxy_mtime = pstat.st_mtime;
-		reload = 1;
+	if ( pstat.st_mtime >= *last_time ) {
+		*last_time = now + 1;
+		return 1;
 	}
 
-	return reload;
+	return 0;
 }
 
 int