OSF DCE Application Development Guide--Introduction and Style Guide
Security
3.3.6.3 The server_renew_identity Routine
The server_renew_identity( ) routine makes sure that the server’s credentials are valid.
/******
*
* server_renew_identity -- Make sure that credentials are still valid, and
* renew them if they are not.
*
*
* This routine is called (with the current credentials) whenever a task
* is about to be attempted that requires valid credentials. For an ex-
* ample, see the cleanup code in "main()" above. A valid credential will
* nevertheless be considered invalid if it will expire within time_left
* seconds. This gives a margin of time between the validity check that
* occurs here and the actual use of the credential.
*
* Called from main() (but can be called from elsewhere).
*
******/
void server_renew_identity(
unsigned_char_p_t prin_name, /* Server’s principal name. */
sec_login_handle_t login_context, /* Server’s login context. */
unsigned_char_p_t keytab, /* Local key file. */
unsigned32 time_left, /* Amount of "margin" -- see above. */
unsigned32 *status) /* To return status. */
{
signed32 expiration;
time_t current_time;
sec_passwd_rec_t *keydata;
sec_login_auth_src_t auth_src;
boolean32 reset_pwd;
*status = error_status_ok;
/* Get the lifetime for the server’s Ticket-Granting-Ticket (TGT). */
/* Note that sec_login_get_expiration() returns a nonzero */
/* status for an uncertified login context. This is not */
/* an error. Hence the special error checking... */
sec_login_get_expiration(login_context,
&expiration,
status);
/* Get current time... */
time(¤t_time);
/* Now, if the expiration time is sooner than the desired "time */
/* left"... */
if (expiration < (current_time + time_left))
{
/* Refresh the server’s authenticated identity... */
sec_login_refresh_identity(login_context,
124246 Tandem Computers Incorporated 3− 13