summaryrefslogtreecommitdiff
path: root/server/db
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-01-28 17:19:03 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-02-02 14:41:41 -0500
commit5136873b1fd56e34172e5fb325ac2b5508c85f31 (patch)
treeaa43b4f705d1c3593f76c80ae0d028f09186df9c /server/db
parent7ea48433b3bab77813b11c60e1ea82cb9793dc33 (diff)
downloadsssd-5136873b1fd56e34172e5fb325ac2b5508c85f31.tar.gz
sssd-5136873b1fd56e34172e5fb325ac2b5508c85f31.tar.bz2
sssd-5136873b1fd56e34172e5fb325ac2b5508c85f31.zip
Warn the user if authentication happens offline
Diffstat (limited to 'server/db')
-rw-r--r--server/db/sysdb.h2
-rw-r--r--server/db/sysdb_ops.c20
2 files changed, 16 insertions, 6 deletions
diff --git a/server/db/sysdb.h b/server/db/sysdb.h
index 9b77edfa..a6d9e69e 100644
--- a/server/db/sysdb.h
+++ b/server/db/sysdb.h
@@ -557,7 +557,7 @@ struct tevent_req *sysdb_cache_auth_send(TALLOC_CTX *mem_ctx,
const uint8_t *authtok,
size_t authtok_size,
struct confdb_ctx *cdb);
-int sysdb_cache_auth_recv(struct tevent_req *req);
+int sysdb_cache_auth_recv(struct tevent_req *req, time_t *expire_date);
struct tevent_req *sysdb_store_custom_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
diff --git a/server/db/sysdb_ops.c b/server/db/sysdb_ops.c
index c1d996d5..8dd81b3c 100644
--- a/server/db/sysdb_ops.c
+++ b/server/db/sysdb_ops.c
@@ -4648,6 +4648,7 @@ struct sysdb_cache_auth_state {
struct sysdb_attrs *update_attrs;
bool authentication_successful;
struct sysdb_handle *handle;
+ time_t expire_date;
};
errno_t check_failed_login_attempts(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb,
@@ -4766,6 +4767,7 @@ struct tevent_req *sysdb_cache_auth_send(TALLOC_CTX *mem_ctx,
state->update_attrs = NULL;
state->authentication_successful = false;
state->handle = NULL;
+ state->expire_date = -1;
subreq = sysdb_search_user_by_name_send(state, ev, sysdb, NULL, domain,
name, attrs);
@@ -4821,10 +4823,16 @@ static void sysdb_cache_auth_get_attrs_done(struct tevent_req *subreq)
DEBUG(9, ("Offline credentials expiration is [%d] days.\n",
cred_expiration));
- if (cred_expiration && lastLogin + (cred_expiration * 86400) < time(NULL)) {
- DEBUG(4, ("Cached user entry is too old.\n"));
- ret = EACCES;
- goto done;
+ if (cred_expiration) {
+ state->expire_date = lastLogin + (cred_expiration * 86400);
+ if (state->expire_date < time(NULL)) {
+ DEBUG(4, ("Cached user entry is too old.\n"));
+ state->expire_date = 0;
+ ret = EACCES;
+ goto done;
+ }
+ } else {
+ state->expire_date = 0;
}
ret = check_failed_login_attempts(state, state->cdb, ldb_msg,
@@ -5026,9 +5034,11 @@ static void sysdb_cache_auth_done(struct tevent_req *subreq)
return;
}
-int sysdb_cache_auth_recv(struct tevent_req *req) {
+int sysdb_cache_auth_recv(struct tevent_req *req, time_t *expire_date) {
struct sysdb_cache_auth_state *state = tevent_req_data(req,
struct sysdb_cache_auth_state);
+ *expire_date = state->expire_date;
+
TEVENT_REQ_RETURN_ON_ERROR(req);
return (state->authentication_successful ? EOK : EINVAL);