diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2010-12-22 11:00:22 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-12-22 13:22:28 -0500 |
| commit | c71ff1e4615ec8560b90ca7d4827d99424ad0355 (patch) | |
| tree | 5f1ccd75d8e6dfcb9d5a3898ebc9368dabcca261 /src/responder/pam/pamsrv_cmd.c | |
| parent | 7da6ae5558059218d660d879057f6e39864c3493 (diff) | |
| download | sssd-c71ff1e4615ec8560b90ca7d4827d99424ad0355.tar.gz sssd-c71ff1e4615ec8560b90ca7d4827d99424ad0355.tar.xz sssd-c71ff1e4615ec8560b90ca7d4827d99424ad0355.zip | |
Update the ID cache for any PAM request
Also adds an option to limit how often we check the ID provider,
so that conversations with multiple PAM requests won't update the
cache multiple times.
https://fedorahosted.org/sssd/ticket/749
Diffstat (limited to 'src/responder/pam/pamsrv_cmd.c')
| -rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 48341aab4..6a8f1dbb5 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -790,14 +790,12 @@ static int pam_check_user_search(struct pam_auth_req *preq) /* make sure to update the preq if we changed domain */ preq->domain = dom; - /* TODO: check negative cache ? */ - - /* Always try to refresh the cache first on authentication */ - if (preq->check_provider && - (preq->pd->cmd == SSS_PAM_AUTHENTICATE || - preq->pd->cmd == SSS_PAM_SETCRED)) { - - /* call provider first */ + /* Refresh the user's cache entry on any PAM query + * We put a timeout in the client context so that we limit + * the number of updates within a reasonable timeout + */ + if (preq->check_provider && cctx->pam_timeout < time(NULL)) { + /* Call provider first */ break; } @@ -909,6 +907,8 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, { struct pam_auth_req *preq = talloc_get_type(ptr, struct pam_auth_req); int ret; + struct pam_ctx *pctx = + talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx); if (err_maj) { DEBUG(2, ("Unable to get information from Data Provider\n" @@ -916,6 +916,9 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } + /* Make sure we don't go to the ID provider too often */ + preq->cctx->pam_timeout = time(NULL) + pctx->id_timeout; + ret = pam_check_user_search(preq); if (ret == EOK) { pam_dom_forwarder(preq); |