diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2014-02-24 14:19:13 -0500 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-06-19 14:50:32 +0200 |
commit | 8b2f4443dcf61e1edf59ef0812ed05e1fa93f8fc (patch) | |
tree | e6d5491f12c10a2ccdbcd517ee16b0468dc9a1a9 /daemons/ipa-kdb/ipa_kdb.h | |
parent | 49e83256b4f3ebe05c9e9fab5a55c6d502faf491 (diff) | |
download | freeipa-8b2f4443dcf61e1edf59ef0812ed05e1fa93f8fc.tar.gz freeipa-8b2f4443dcf61e1edf59ef0812ed05e1fa93f8fc.tar.xz freeipa-8b2f4443dcf61e1edf59ef0812ed05e1fa93f8fc.zip |
Periodically refresh global ipa-kdb configuration
Before this patch, ipa-kdb would load global configuration on startup and
never update it. This means that if global configuration is changed, the
KDC never receives the new configuration until it is restarted.
This patch enables caching of the global configuration with a timeout of
60 seconds.
https://fedorahosted.org/freeipa/ticket/4153
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb.h')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb.h | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index 6c036e3b6..b92107bab 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -87,6 +87,14 @@ enum ipadb_user_auth { IPADB_USER_AUTH_OTP = 1 << 3, }; +struct ipadb_global_config { + time_t last_update; + bool disable_last_success; + bool disable_lockout; + char **authz_data; + enum ipadb_user_auth user_auth; +}; + struct ipadb_context { char *uri; char *base; @@ -99,10 +107,9 @@ struct ipadb_context { krb5_key_salt_tuple *supp_encs; int n_supp_encs; struct ipadb_mspac *mspac; - bool disable_last_success; - bool disable_lockout; - char **authz_data; - enum ipadb_user_auth user_auth; + + /* Don't access this directly, use ipadb_get_global_config(). */ + struct ipadb_global_config config; }; #define IPA_E_DATA_MAGIC 0x0eda7a @@ -277,3 +284,5 @@ void ipadb_audit_as_req(krb5_context kcontext, /* AUTH METHODS */ void ipadb_parse_user_auth(LDAP *lcontext, LDAPMessage *le, enum ipadb_user_auth *user_auth); +const struct ipadb_global_config * +ipadb_get_global_config(struct ipadb_context *ipactx); |