[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ITS #7161, ppolicy pwdFailureTime resolution should be better than 1 second
I haven't seen any response to this updated patch I submitted last week;
is this now something that would be considered for integration, or are
there any other changes you'd like to see first?
Thanks...
On Fri, May 30, 2014 at 05:09:18PM -0700, Paul B. Henson wrote:
> On Fri, May 23, 2014 at 08:51:02PM -0700, Howard Chu wrote:
>
> > You need to actually use microseconds, since the time-increment is
> > only unique on the local server and will not guarantee uniqueness in a
> > replication scenario.
>
> Attached is an updated patch for this ITS which uses microseconds rather
> than the time-increment, maintains the semantics of "now" being when the
> code is called rather than when the operation began, and copies the
> first timestamp to create a second with microseconds rather than
> redundantly calling slapd_timestamp.
>
> Let me know if there's anything else that needs to be fixed or changed.
>
> Thanks...
>
> From 4db8660f6616a70a67feba1e07ee6f866014b1d2 Mon Sep 17 00:00:00 2001
> From: "Paul B. Henson" <henson@acm.org>
> Date: Fri, 30 May 2014 16:47:34 -0700
> Subject: [PATCH] ITS#7161 ppolicy pwdFailureTime resolution should be better
> than 1 second
>
> ---
> servers/slapd/overlays/ppolicy.c | 20 ++++++++++++++++----
> 1 file changed, 16 insertions(+), 4 deletions(-)
>
> diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
> index 83aa099..f8b7335 100644
> --- a/servers/slapd/overlays/ppolicy.c
> +++ b/servers/slapd/overlays/ppolicy.c
> @@ -911,8 +911,11 @@ ppolicy_bind_response( Operation *op, SlapReply *rs )
> int ngut = -1, warn = -1, age, rc;
> Attribute *a;
> time_t now, pwtime = (time_t)-1;
> + struct lutil_tm now_tm;
> + struct lutil_timet now_usec;
> char nowstr[ LDAP_LUTIL_GENTIME_BUFSIZE ];
> - struct berval timestamp;
> + char nowstr_usec[ LDAP_LUTIL_GENTIME_BUFSIZE+8 ];
> + struct berval timestamp, timestamp_usec;
> BackendInfo *bi = op->o_bd->bd_info;
> Entry *e;
>
> @@ -929,11 +932,20 @@ ppolicy_bind_response( Operation *op, SlapReply *rs )
> return SLAP_CB_CONTINUE;
> }
>
> - now = slap_get_time(); /* stored for later consideration */
> + ldap_pvt_gettime(&now_tm); /* stored for later consideration */
> + lutil_tm2time(&now_tm, &now_usec);
> + now = now_usec.tt_sec;
> timestamp.bv_val = nowstr;
> timestamp.bv_len = sizeof(nowstr);
> slap_timestamp( &now, ×tamp );
>
> + /* Separate timestamp for pwdFailureTime with microsecond granularity */
> + strcpy(nowstr_usec, nowstr);
> + timestamp_usec.bv_val = nowstr_usec;
> + timestamp_usec.bv_len = timestamp.bv_len;
> + snprintf( timestamp_usec.bv_val + timestamp_usec.bv_len-1, sizeof(".123456Z"), ".%06dZ", now_usec.tt_usec );
> + timestamp_usec.bv_len += STRLENOF(".123456");
> +
> if ( rs->sr_err == LDAP_INVALID_CREDENTIALS ) {
> int i = 0, fc = 0;
>
> @@ -946,8 +958,8 @@ ppolicy_bind_response( Operation *op, SlapReply *rs )
> m->sml_values = ch_calloc( sizeof(struct berval), 2 );
> m->sml_nvalues = ch_calloc( sizeof(struct berval), 2 );
>
> - ber_dupbv( &m->sml_values[0], ×tamp );
> - ber_dupbv( &m->sml_nvalues[0], ×tamp );
> + ber_dupbv( &m->sml_values[0], ×tamp_usec );
> + ber_dupbv( &m->sml_nvalues[0], ×tamp_usec );
> m->sml_next = mod;
> mod = m;
>
> --
> 1.8.3.2
>