summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-04-27 18:21:25 -0400
committerSimo Sorce <ssorce@redhat.com>2009-04-27 18:21:25 -0400
commitc4f46b40e2f55abd9ae2296fd68daa88bd60e32f (patch)
treea6bd391cb5354a69aa99808959bce7870215914a
parent0dcef2cbb6e53999b9fe053d49e09bb27c6f4f15 (diff)
downloadsssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.tar.gz
sssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.tar.bz2
sssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.zip
Use different attribute for cached passwords
This fixes a bug with legacy backends where the cached password would be cleared on a user update. Using a different attribute we make sure a userPassword coming from the remote backend does not interfere with a cachedPassword (and vice versa).
-rw-r--r--server/db/sysdb.h2
-rw-r--r--server/responder/pam/pamsrv_cache.c6
2 files changed, 5 insertions, 3 deletions
diff --git a/server/db/sysdb.h b/server/db/sysdb.h
index df49bc7b..7bfe1fd7 100644
--- a/server/db/sysdb.h
+++ b/server/db/sysdb.h
@@ -63,6 +63,8 @@
#define SYSDB_LAST_UPDATE "lastUpdate"
+#define SYSDB_CACHEDPWD "cachedPassword"
+
#define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
#define SYSDB_UC "objectclass="SYSDB_USER_CLASS
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
index 10f41996..154c7d1b 100644
--- a/server/responder/pam/pamsrv_cache.c
+++ b/server/responder/pam/pamsrv_cache.c
@@ -149,7 +149,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
goto done;
}
- ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_PWD, comphash);
+ ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash);
if (ret) goto done;
/* FIXME: should we use a different attribute for chache passwords ?? */
@@ -219,7 +219,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status,
goto done;
}
- userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
+ userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CACHEDPWD, NULL);
if (userhash == NULL || *userhash == '\0') {
DEBUG(4, ("Cached credentials not available.\n"));
ret = PAM_AUTHINFO_UNAVAIL;
@@ -253,7 +253,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
int ret;
static const char *attrs[] = {SYSDB_NAME,
- SYSDB_PWD,
+ SYSDB_CACHEDPWD,
SYSDB_DISABLED,
SYSDB_LAST_LOGIN,
"lastPasswordChange",