diff --git a/README b/README index c02b4b6..3128bf8 100644 --- a/README +++ b/README @@ -1,6 +1,6 @@ This is the README file for the library pam_client. -Library pam_client designed to wait client daemon before -LDAP authorization. +Library pam_client designed to wait for client daemon before +LDAP authorization and to wait for LDAP service. Installation ---------- diff --git a/pam_client.c b/pam_client.c index e7f1b39..eb1ead4 100644 --- a/pam_client.c +++ b/pam_client.c @@ -31,6 +31,7 @@ #define PAM_SM_AUTH #define MAX_V 30 #define WAITTIME 30 +#define WAITTIMELDAP 60 typedef struct pam_config { @@ -205,10 +206,11 @@ static int _check_ldap (int retry_count) { int result; + int timelimit = 3; struct berval userpw; struct berval *servcred; char buf[BUFSIZ]; - LDAP *ld; + LDAP *ld=NULL; pam_config_t * config= NULL; if(_read_config(NULL,&config) != PAM_SUCCESS) { if(config) @@ -219,7 +221,9 @@ _check_ldap (int retry_count) snprintf(buf,BUFSIZ,"ldap://%s:%d",config->host,config->port); if(ldap_initialize(&ld,buf) == LDAP_SUCCESS && ldap_set_option(ld,LDAP_OPT_PROTOCOL_VERSION, - &config->version) == LDAP_SUCCESS ) { + &config->version) == LDAP_SUCCESS && + ldap_set_option(ld,LDAP_OPT_TIMELIMIT, + &timelimit) == LDAP_SUCCESS) { userpw.bv_val = config->bindpw; userpw.bv_len = (userpw.bv_val != 0) ? strlen (userpw.bv_val) : 0; for(;retry_count;retry_count--) { @@ -234,6 +238,8 @@ _check_ldap (int retry_count) sleep(1); } } + if(ld != NULL) + ldap_unbind(ld); _release_config(&config); return result; } @@ -258,7 +264,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags for(i=0;i