diff options
-rw-r--r-- | src/providers/ldap/ldap_id.c | 42 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 9 |
2 files changed, 42 insertions, 9 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 63098a82e..1a44de852 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -977,6 +977,40 @@ static int groups_by_user_retry(struct tevent_req *req); static void groups_by_user_connect_done(struct tevent_req *subreq); static void groups_by_user_done(struct tevent_req *subreq); +static errno_t set_initgroups_expire_attribute(struct sss_domain_info *domain, + const char *name) +{ + errno_t ret; + time_t cache_timeout; + struct sysdb_attrs *attrs; + + attrs = sysdb_new_attrs(NULL); + if (attrs == NULL) { + return ENOMEM; + } + + cache_timeout = domain->user_timeout + ? time(NULL) + domain->user_timeout + : 0; + + ret = sysdb_attrs_add_time_t(attrs, SYSDB_INITGR_EXPIRE, cache_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Could not set up attrs\n"); + goto done; + } + + ret = sysdb_set_user_attr(domain, name, attrs, SYSDB_MOD_REP); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to set initgroups expire attribute\n"); + goto done; + } + +done: + talloc_zfree(attrs); + return ret; +} + static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, @@ -1121,6 +1155,14 @@ static void groups_by_user_done(struct tevent_req *subreq) } } + ret = set_initgroups_expire_attribute(state->ctx->be->domain, + state->name); + if (ret != EOK) { + state->dp_error = DP_ERR_FATAL; + tevent_req_error(req, ret); + return; + } + state->dp_error = DP_ERR_OK; tevent_req_done(req); } diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 82b4df479..89e5ae558 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -467,15 +467,6 @@ int sdap_save_user(TALLOC_CTX *memctx, cache_timeout = dom->user_timeout; - if (is_initgr) { - ret = sysdb_attrs_add_time_t(user_attrs, SYSDB_INITGR_EXPIRE, - (cache_timeout ? - (time(NULL) + cache_timeout) : 0)); - if (ret) { - goto done; - } - } - ret = sdap_save_all_names(user_name, attrs, dom, user_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save user names\n"); |