From 5136873b1fd56e34172e5fb325ac2b5508c85f31 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 28 Jan 2010 17:19:03 +0100
Subject: Warn the user if authentication happens offline

---
 server/db/sysdb.h     |  2 +-
 server/db/sysdb_ops.c | 20 +++++++++++++++-----
 2 files changed, 16 insertions(+), 6 deletions(-)

(limited to 'server/db')

diff --git a/server/db/sysdb.h b/server/db/sysdb.h
index 9b77edfa3..a6d9e69e4 100644
--- a/server/db/sysdb.h
+++ b/server/db/sysdb.h
@@ -557,7 +557,7 @@ struct tevent_req *sysdb_cache_auth_send(TALLOC_CTX *mem_ctx,
                                          const uint8_t *authtok,
                                          size_t authtok_size,
                                          struct confdb_ctx *cdb);
-int sysdb_cache_auth_recv(struct tevent_req *req);
+int sysdb_cache_auth_recv(struct tevent_req *req, time_t *expire_date);
 
 struct tevent_req *sysdb_store_custom_send(TALLOC_CTX *mem_ctx,
                                          struct tevent_context *ev,
diff --git a/server/db/sysdb_ops.c b/server/db/sysdb_ops.c
index c1d996d52..8dd81b3c0 100644
--- a/server/db/sysdb_ops.c
+++ b/server/db/sysdb_ops.c
@@ -4648,6 +4648,7 @@ struct sysdb_cache_auth_state {
     struct sysdb_attrs *update_attrs;
     bool authentication_successful;
     struct sysdb_handle *handle;
+    time_t expire_date;
 };
 
 errno_t check_failed_login_attempts(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb,
@@ -4766,6 +4767,7 @@ struct tevent_req *sysdb_cache_auth_send(TALLOC_CTX *mem_ctx,
     state->update_attrs = NULL;
     state->authentication_successful = false;
     state->handle = NULL;
+    state->expire_date = -1;
 
     subreq = sysdb_search_user_by_name_send(state, ev, sysdb, NULL, domain,
                                             name, attrs);
@@ -4821,10 +4823,16 @@ static void sysdb_cache_auth_get_attrs_done(struct tevent_req *subreq)
     DEBUG(9, ("Offline credentials expiration is [%d] days.\n",
               cred_expiration));
 
-    if (cred_expiration && lastLogin + (cred_expiration * 86400) < time(NULL)) {
-        DEBUG(4, ("Cached user entry is too old.\n"));
-        ret = EACCES;
-        goto done;
+    if (cred_expiration) {
+        state->expire_date = lastLogin + (cred_expiration * 86400);
+        if (state->expire_date < time(NULL)) {
+            DEBUG(4, ("Cached user entry is too old.\n"));
+            state->expire_date = 0;
+            ret = EACCES;
+            goto done;
+        }
+    } else {
+        state->expire_date = 0;
     }
 
     ret = check_failed_login_attempts(state, state->cdb, ldb_msg,
@@ -5026,9 +5034,11 @@ static void sysdb_cache_auth_done(struct tevent_req *subreq)
     return;
 }
 
-int sysdb_cache_auth_recv(struct tevent_req *req) {
+int sysdb_cache_auth_recv(struct tevent_req *req, time_t *expire_date) {
     struct sysdb_cache_auth_state *state = tevent_req_data(req,
                                                  struct sysdb_cache_auth_state);
+    *expire_date = state->expire_date;
+
     TEVENT_REQ_RETURN_ON_ERROR(req);
 
     return (state->authentication_successful ? EOK : EINVAL);
-- 
cgit