From a36495767d9b35436b47361a9787a379980bf8cc Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Sat, 17 Nov 2012 19:53:42 +0100
Subject: LDAP: Expire even non authenticated connections

The connections request was terminated before setting the expiry timeout
in case no authentication was set.

https://fedorahosted.org/sssd/ticket/1649
---
 src/providers/ldap/sdap_async_connection.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 79ad3b8e4..ff9924843 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -1599,22 +1599,25 @@ static void sdap_cli_auth_step(struct tevent_req *req)
     const char *user_dn = dp_opt_get_string(state->opts->basic,
                                             SDAP_DEFAULT_BIND_DN);
 
-    if (!state->do_auth ||
-        (sasl_mech == NULL && user_dn == NULL)) {
-        DEBUG(SSSDBG_TRACE_LIBS,
-              ("No authentication requested or SASL auth forced off\n"));
-        tevent_req_done(req);
-        return;
-    }
-
     /* Set the LDAP expiration time
      * If SASL has already set it, use the sooner of the two
      */
     now = time(NULL);
     expire_timeout = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_TIMEOUT);
+    DEBUG(SSSDBG_CONF_SETTINGS, ("expire timeout is %d\n", expire_timeout));
     if (!state->sh->expire_time
             || (state->sh->expire_time > (now + expire_timeout))) {
         state->sh->expire_time = now + expire_timeout;
+        DEBUG(SSSDBG_TRACE_LIBS,
+              ("the connection will expire at %d\n", state->sh->expire_time));
+    }
+
+    if (!state->do_auth ||
+        (sasl_mech == NULL && user_dn == NULL)) {
+        DEBUG(SSSDBG_TRACE_LIBS,
+              ("No authentication requested or SASL auth forced off\n"));
+        tevent_req_done(req);
+        return;
     }
 
     subreq = sdap_auth_send(state,
-- 
cgit