diff options
| author | Sumit Bose <sbose@redhat.com> | 2010-04-19 11:59:09 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-26 15:14:40 -0400 |
| commit | 02e38eae1b9cb5df2036a707dafd86f6047c17de (patch) | |
| tree | 970b10c1df9bfe101a3d84ec1ff87dedd5364186 /src/db | |
| parent | 06c03627c81a5252420931383a68eb67ba551667 (diff) | |
| download | sssd-02e38eae1b9cb5df2036a707dafd86f6047c17de.tar.gz sssd-02e38eae1b9cb5df2036a707dafd86f6047c17de.tar.bz2 sssd-02e38eae1b9cb5df2036a707dafd86f6047c17de.zip | |
Add support for delayed kinit if offline
If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.
Diffstat (limited to 'src/db')
| -rw-r--r-- | src/db/sysdb.h | 1 | ||||
| -rw-r--r-- | src/db/sysdb_ops.c | 14 |
2 files changed, 13 insertions, 2 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 5b6f2189..23560ecd 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -471,6 +471,7 @@ int sysdb_cache_auth(TALLOC_CTX *mem_ctx, const uint8_t *authtok, size_t authtok_size, struct confdb_ctx *cdb, + bool just_check, time_t *_expire_date, time_t *_delayed_until); diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 00b74c6a..7f454311 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1988,6 +1988,7 @@ int sysdb_cache_auth(TALLOC_CTX *mem_ctx, const uint8_t *authtok, size_t authtok_size, struct confdb_ctx *cdb, + bool just_check, time_t *_expire_date, time_t *_delayed_until) { @@ -2120,6 +2121,11 @@ int sysdb_cache_auth(TALLOC_CTX *mem_ctx, DEBUG(4, ("Hashes do match!\n")); authentication_successful = true; + if (just_check) { + ret = EOK; + goto done; + } + ret = sysdb_attrs_add_time_t(update_attrs, SYSDB_LAST_LOGIN, time(NULL)); if (ret != EOK) { @@ -2168,8 +2174,12 @@ int sysdb_cache_auth(TALLOC_CTX *mem_ctx, } done: - *_expire_date = expire_date; - *_delayed_until = delayed_until; + if (_expire_date != NULL) { + *_expire_date = expire_date; + } + if (_delayed_until != NULL) { + *_delayed_until = delayed_until; + } if (password) for (i = 0; password[i]; i++) password[i] = 0; if (ret) { ldb_transaction_cancel(sysdb->ldb); |