diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-17 19:53:42 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-18 18:10:18 +0100 |
commit | c96905018f6bb1c22a937bbcbea21cbd7e556743 (patch) | |
tree | a5a2b3c4a7a43f0bb424794f233033b46cbed84e /src/providers/ldap | |
parent | a7b3c030510277e16baf4cc0619c877a584b2eec (diff) | |
download | sssd-c96905018f6bb1c22a937bbcbea21cbd7e556743.tar.gz sssd-c96905018f6bb1c22a937bbcbea21cbd7e556743.tar.bz2 sssd-c96905018f6bb1c22a937bbcbea21cbd7e556743.zip |
LDAP: Expire even non authenticated connections
The connections request was terminated before setting the expiry timeout
in case no authentication was set.
https://fedorahosted.org/sssd/ticket/1649
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 79ad3b8e..ff992484 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -1599,22 +1599,25 @@ static void sdap_cli_auth_step(struct tevent_req *req) const char *user_dn = dp_opt_get_string(state->opts->basic, SDAP_DEFAULT_BIND_DN); - if (!state->do_auth || - (sasl_mech == NULL && user_dn == NULL)) { - DEBUG(SSSDBG_TRACE_LIBS, - ("No authentication requested or SASL auth forced off\n")); - tevent_req_done(req); - return; - } - /* Set the LDAP expiration time * If SASL has already set it, use the sooner of the two */ now = time(NULL); expire_timeout = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_TIMEOUT); + DEBUG(SSSDBG_CONF_SETTINGS, ("expire timeout is %d\n", expire_timeout)); if (!state->sh->expire_time || (state->sh->expire_time > (now + expire_timeout))) { state->sh->expire_time = now + expire_timeout; + DEBUG(SSSDBG_TRACE_LIBS, + ("the connection will expire at %d\n", state->sh->expire_time)); + } + + if (!state->do_auth || + (sasl_mech == NULL && user_dn == NULL)) { + DEBUG(SSSDBG_TRACE_LIBS, + ("No authentication requested or SASL auth forced off\n")); + tevent_req_done(req); + return; } subreq = sdap_auth_send(state, |