diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-30 19:40:46 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-07-06 15:23:44 +0200 |
commit | 01ec08efd0e166ac6f390f8627c6d08dcc63ccc4 (patch) | |
tree | 5a95a8a7b36db9baaf18fad0ca0c22eb7a2cc32d /src/providers/krb5/krb5_auth.c | |
parent | eca74a9559ce1b0f123c14906ad8394fc303f468 (diff) | |
download | sssd-01ec08efd0e166ac6f390f8627c6d08dcc63ccc4.tar.gz sssd-01ec08efd0e166ac6f390f8627c6d08dcc63ccc4.tar.xz sssd-01ec08efd0e166ac6f390f8627c6d08dcc63ccc4.zip |
KRB5: Add and use krb5_auth_queue_send to queue requests by default
Resolves:
https://fedorahosted.org/sssd/ticket/2701
Previously, only the krb5 provides used to queue requests, which
resulted in concurrent authentication requests stepping on one another.
This patch queues requests by default.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers/krb5/krb5_auth.c')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 28 |
1 files changed, 2 insertions, 26 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 8c851442b..8886456c0 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -1139,7 +1139,6 @@ void krb5_pam_handler(struct be_req *be_req) struct pam_data *pd; struct krb5_ctx *krb5_ctx; int dp_err = DP_ERR_FATAL; - int ret; pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); pd->pam_status = PAM_SYSTEM_ERR; @@ -1155,22 +1154,7 @@ void krb5_pam_handler(struct be_req *be_req) case SSS_CMD_RENEW: case SSS_PAM_CHAUTHTOK_PRELIM: case SSS_PAM_CHAUTHTOK: - ret = add_to_wait_queue(be_req, pd, krb5_ctx); - if (ret == EOK) { - DEBUG(SSSDBG_TRACE_LIBS, - "Request successfully added to wait queue " - "of user [%s].\n", pd->user); - return; - } else if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_LIBS, "Wait queue of user [%s] is empty, " - "running request immediately.\n", pd->user); - } else { - DEBUG(SSSDBG_TRACE_LIBS, - "Failed to add request to wait queue of user [%s], " - "running request immediately.\n", pd->user); - } - - req = krb5_auth_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); + req = krb5_auth_queue_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n"); goto done; @@ -1215,11 +1199,10 @@ void krb5_pam_handler_auth_done(struct tevent_req *req) int pam_status; int dp_err; struct pam_data *pd; - struct krb5_ctx *krb5_ctx; pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); - ret = krb5_auth_recv(req, &pam_status, &dp_err); + ret = krb5_auth_queue_recv(req, &pam_status, &dp_err); talloc_zfree(req); if (ret) { pd->pam_status = PAM_SYSTEM_ERR; @@ -1228,13 +1211,6 @@ void krb5_pam_handler_auth_done(struct tevent_req *req) pd->pam_status = pam_status; } - krb5_ctx = get_krb5_ctx(be_req); - if (krb5_ctx != NULL) { - check_wait_queue(krb5_ctx, pd->user); - } else { - DEBUG(SSSDBG_CRIT_FAILURE, "Kerberos context not available.\n"); - } - be_req_terminate(be_req, dp_err, pd->pam_status, NULL); } |