Handle credential expiration.

Request tmux to launch kinit in a new window if credentials expire.

diff --git a/opt/bin/ktmux_helper b/opt/bin/ktmux_helper
index e62b4a5..1ed6e46 100755 (executable)
--- a/opt/bin/ktmux_helper
+++ b/opt/bin/ktmux_helper
@@ -19,13 +19,17 @@ unless ($tmux_pid) {
 # Ensure there isn't already a helper running for this tmux.
 my $tmux_helper = &get_tmux_helper;
 exit 0 if $tmux_helper;
+$tmux_helper = $$;
 
 my $exitasap = 0;
 my $pid = 0;
+our $have_valid_credentials = undef;
 
 $SIG{INT} = \&cleanup;
 $SIG{QUIT} = \&cleanup;
 $SIG{TERM} = \&cleanup;
+$SIG{USR1} = \&want_credentials;
+$SIG{USR2} = \&got_credentials;
 
 LOOP: while (&ping_tmux) {
   $pid = fork;
@@ -39,11 +43,12 @@ LOOP: while (&ping_tmux) {
     }
 
     # tmux is dead so kill krenew.
-    kill 3, $pid;
+    kill QUIT, $pid;
     waitpid $pid, 0;
     exit 0;
   }
   else {
+    kill USR2, $tmux_helper unless &check_credentials;
     exec "krenew", "-K", "60";
     print "$PROG: Can't run krenew: $!\n";
     exit 111;
@@ -76,6 +81,30 @@ sub ping_tmux {
   return kill 0, $tmux_pid;
 }
 
+# Try to check existing Kerberos credentials.
+sub check_credentials {
+  system "klist", "-s";
+  return 1 if $? < 0;
+  return 0 unless $?;
+  kill USR1, $tmux_helper;
+  return 111;
+}
+
+# We were signalled by our child which noticed that our credentials expired.
+sub want_credentials {
+  # Do we already know?
+  return if defined $have_valid_credentials && $have_valid_credentials == 0;
+  $SIG{USR1} = IGNORE;
+  $have_valid_credentials = 0;
+  system "tmux", "new-window", "exec kinit";
+}
+
+# We were signalled by our child which noticed that our credentials are valid.
+sub got_credentials {
+  $have_valid_credentials = 1;
+  $SIG{USR1} = \&want_credentials;
+}
+
 sub cleanup {
   unless ($exitasap) {
     $exitasap = 1;