summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_access.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ipa/ipa_access.c')
-rw-r--r--src/providers/ipa/ipa_access.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 18cf31043..2a6588ebf 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -114,6 +114,7 @@ void ipa_access_handler(struct be_req *be_req)
ipa_access_ctx = talloc_get_type(
be_req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
struct ipa_access_ctx);
+ hbac_ctx->access_ctx = ipa_access_ctx;
hbac_ctx->sdap_ctx = ipa_access_ctx->sdap_ctx;
hbac_ctx->ipa_options = ipa_access_ctx->ipa_options;
hbac_ctx->tr_ctx = ipa_access_ctx->tr_ctx;
@@ -145,10 +146,22 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx)
struct tevent_req *subreq;
int ret;
bool offline;
+ time_t now, refresh_interval;
+ struct ipa_access_ctx *access_ctx = hbac_ctx->access_ctx;
offline = be_is_offline(hbac_ctx->be_req->be_ctx);
DEBUG(9, ("Connection status is [%s].\n", offline ? "offline" : "online"));
+ refresh_interval = dp_opt_get_int(hbac_ctx->ipa_options,
+ IPA_HBAC_REFRESH);
+
+ now = time(NULL);
+ if (now < access_ctx->last_update + refresh_interval) {
+ /* Simulate offline mode and just go to the cache */
+ DEBUG(6, ("Performing cached HBAC evaluation\n"));
+ offline = true;
+ }
+
if (!offline) {
if (hbac_ctx->sdap_op == NULL) {
hbac_ctx->sdap_op = sdap_id_op_create(hbac_ctx,
@@ -505,6 +518,9 @@ static void hbac_sysdb_save(struct tevent_req *req)
*/
hbac_clear_rule_data(hbac_ctx);
+
+ access_ctx->last_update = time(NULL);
+
/* Now evaluate the request against the rules */
ipa_hbac_evaluate_rules(hbac_ctx);