summaryrefslogtreecommitdiff
path: root/src/db
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-04-19 11:59:09 +0200
committerStephen Gallagher <sgallagh@redhat.com>2010-05-26 15:14:40 -0400
commit02e38eae1b9cb5df2036a707dafd86f6047c17de (patch)
tree970b10c1df9bfe101a3d84ec1ff87dedd5364186 /src/db
parent06c03627c81a5252420931383a68eb67ba551667 (diff)
downloadsssd-02e38eae1b9cb5df2036a707dafd86f6047c17de.tar.gz
sssd-02e38eae1b9cb5df2036a707dafd86f6047c17de.tar.bz2
sssd-02e38eae1b9cb5df2036a707dafd86f6047c17de.zip
Add support for delayed kinit if offline
If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
Diffstat (limited to 'src/db')
-rw-r--r--src/db/sysdb.h1
-rw-r--r--src/db/sysdb_ops.c14
2 files changed, 13 insertions, 2 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 5b6f2189..23560ecd 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -471,6 +471,7 @@ int sysdb_cache_auth(TALLOC_CTX *mem_ctx,
const uint8_t *authtok,
size_t authtok_size,
struct confdb_ctx *cdb,
+ bool just_check,
time_t *_expire_date,
time_t *_delayed_until);
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 00b74c6a..7f454311 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -1988,6 +1988,7 @@ int sysdb_cache_auth(TALLOC_CTX *mem_ctx,
const uint8_t *authtok,
size_t authtok_size,
struct confdb_ctx *cdb,
+ bool just_check,
time_t *_expire_date,
time_t *_delayed_until)
{
@@ -2120,6 +2121,11 @@ int sysdb_cache_auth(TALLOC_CTX *mem_ctx,
DEBUG(4, ("Hashes do match!\n"));
authentication_successful = true;
+ if (just_check) {
+ ret = EOK;
+ goto done;
+ }
+
ret = sysdb_attrs_add_time_t(update_attrs,
SYSDB_LAST_LOGIN, time(NULL));
if (ret != EOK) {
@@ -2168,8 +2174,12 @@ int sysdb_cache_auth(TALLOC_CTX *mem_ctx,
}
done:
- *_expire_date = expire_date;
- *_delayed_until = delayed_until;
+ if (_expire_date != NULL) {
+ *_expire_date = expire_date;
+ }
+ if (_delayed_until != NULL) {
+ *_delayed_until = delayed_until;
+ }
if (password) for (i = 0; password[i]; i++) password[i] = 0;
if (ret) {
ldb_transaction_cancel(sysdb->ldb);