43 lines
1.6 KiB
Diff
43 lines
1.6 KiB
Diff
From 100839b64390d7010bfa28552fd9381ef4366496 Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Fri, 26 Jun 2020 09:48:17 +0200
|
|
Subject: [PATCH] PAM: do not treat error for cache-only lookups as fatal
|
|
|
|
The original fatal error came from a time where at this place in the
|
|
code the response form the backend was checked and an error was clearly
|
|
fatal.
|
|
|
|
Now we only check if the entry is in the cache and valid. An error would
|
|
mean that the backend is called to lookup or refresh the entry. So the
|
|
backend can change the state of the cache and make upcoming cache
|
|
lookups successful. So it makes sense to not only call the backend if
|
|
ENOENT is returned but for all kind of errors.
|
|
|
|
Resolves https://pagure.io/SSSD/sssd/issue/4098
|
|
|
|
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
|
|
---
|
|
src/responder/pam/pamsrv_cmd.c | 6 ++----
|
|
1 file changed, 2 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
|
|
index 1cd901f15..666131cb7 100644
|
|
--- a/src/responder/pam/pamsrv_cmd.c
|
|
+++ b/src/responder/pam/pamsrv_cmd.c
|
|
@@ -1941,10 +1941,8 @@ static void pam_check_user_search_next(struct tevent_req *req)
|
|
ret = cache_req_single_domain_recv(preq, req, &result);
|
|
talloc_zfree(req);
|
|
if (ret != EOK && ret != ENOENT) {
|
|
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
- "Fatal error, killing connection!\n");
|
|
- talloc_zfree(preq->cctx);
|
|
- return;
|
|
+ DEBUG(SSSDBG_OP_FAILURE, "Cache lookup failed, trying to get fresh "
|
|
+ "data from the backened.\n");
|
|
}
|
|
|
|
DEBUG(SSSDBG_TRACE_ALL, "PAM initgroups scheme [%s].\n",
|
|
--
|
|
2.21.3
|
|
|