diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-17 19:53:42 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-19 16:52:04 +0100 |
commit | a36495767d9b35436b47361a9787a379980bf8cc (patch) | |
tree | 96457f3e866da4ef23e50c4b30213ebb57bea86e /src | |
parent | d993dc0a566dbf79f808d0ec35c8e61806f34e40 (diff) | |
download | sssd-a36495767d9b35436b47361a9787a379980bf8cc.tar.gz sssd-a36495767d9b35436b47361a9787a379980bf8cc.tar.xz sssd-a36495767d9b35436b47361a9787a379980bf8cc.zip |
LDAP: Expire even non authenticated connections
The connections request was terminated before setting the expiry timeout
in case no authentication was set.
https://fedorahosted.org/sssd/ticket/1649
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 79ad3b8e4..ff9924843 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -1599,22 +1599,25 @@ static void sdap_cli_auth_step(struct tevent_req *req) const char *user_dn = dp_opt_get_string(state->opts->basic, SDAP_DEFAULT_BIND_DN); - if (!state->do_auth || - (sasl_mech == NULL && user_dn == NULL)) { - DEBUG(SSSDBG_TRACE_LIBS, - ("No authentication requested or SASL auth forced off\n")); - tevent_req_done(req); - return; - } - /* Set the LDAP expiration time * If SASL has already set it, use the sooner of the two */ now = time(NULL); expire_timeout = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_TIMEOUT); + DEBUG(SSSDBG_CONF_SETTINGS, ("expire timeout is %d\n", expire_timeout)); if (!state->sh->expire_time || (state->sh->expire_time > (now + expire_timeout))) { state->sh->expire_time = now + expire_timeout; + DEBUG(SSSDBG_TRACE_LIBS, + ("the connection will expire at %d\n", state->sh->expire_time)); + } + + if (!state->do_auth || + (sasl_mech == NULL && user_dn == NULL)) { + DEBUG(SSSDBG_TRACE_LIBS, + ("No authentication requested or SASL auth forced off\n")); + tevent_req_done(req); + return; } subreq = sdap_auth_send(state, |