From d844aab866ae237844360cea70e2dccdc90c783d Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 20 Dec 2011 10:47:41 -0500
Subject: PAM: make initgroups timeout work across multiple clients

Instead of timing out the initgroups lookup on a per-cctx basis,
we will maintain a hash table of recently-seen users and use this
instead. This will allow SSSD to handle user's logging into
multiple services simultaneously more graciously, as well as
playing nicer with SSH (which makes calls to PAM both before and
after a fork).

https://fedorahosted.org/sssd/ticket/1063
---
 src/responder/pam/pamsrv.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/responder/pam/pamsrv.c')

diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 2933c79f0..be459b116 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -174,6 +174,15 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
+    /* Create table for initgroup lookups */
+    ret = sss_hash_create(pctx, 10, &pctx->id_table);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              ("Could not create initgroups hash table: [%s]",
+               strerror(ret)));
+        goto done;
+    }
+
     ret = EOK;
 
 done:
-- 
cgit