diff options
author | Simo Sorce <ssorce@redhat.com> | 2009-04-27 18:21:25 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2009-04-27 18:21:25 -0400 |
commit | c4f46b40e2f55abd9ae2296fd68daa88bd60e32f (patch) | |
tree | a6bd391cb5354a69aa99808959bce7870215914a | |
parent | 0dcef2cbb6e53999b9fe053d49e09bb27c6f4f15 (diff) | |
download | sssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.tar.gz sssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.tar.bz2 sssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.zip |
Use different attribute for cached passwords
This fixes a bug with legacy backends where the cached password would be cleared
on a user update.
Using a different attribute we make sure a userPassword coming from the remote
backend does not interfere with a cachedPassword (and vice versa).
-rw-r--r-- | server/db/sysdb.h | 2 | ||||
-rw-r--r-- | server/responder/pam/pamsrv_cache.c | 6 |
2 files changed, 5 insertions, 3 deletions
diff --git a/server/db/sysdb.h b/server/db/sysdb.h index df49bc7b..7bfe1fd7 100644 --- a/server/db/sysdb.h +++ b/server/db/sysdb.h @@ -63,6 +63,8 @@ #define SYSDB_LAST_UPDATE "lastUpdate" +#define SYSDB_CACHEDPWD "cachedPassword" + #define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)" #define SYSDB_UC "objectclass="SYSDB_USER_CLASS diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c index 10f41996..154c7d1b 100644 --- a/server/responder/pam/pamsrv_cache.c +++ b/server/responder/pam/pamsrv_cache.c @@ -149,7 +149,7 @@ int pam_cache_credentials(struct pam_auth_req *preq) goto done; } - ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_PWD, comphash); + ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash); if (ret) goto done; /* FIXME: should we use a different attribute for chache passwords ?? */ @@ -219,7 +219,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status, goto done; } - userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL); + userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CACHEDPWD, NULL); if (userhash == NULL || *userhash == '\0') { DEBUG(4, ("Cached credentials not available.\n")); ret = PAM_AUTHINFO_UNAVAIL; @@ -253,7 +253,7 @@ int pam_cache_auth(struct pam_auth_req *preq) int ret; static const char *attrs[] = {SYSDB_NAME, - SYSDB_PWD, + SYSDB_CACHEDPWD, SYSDB_DISABLED, SYSDB_LAST_LOGIN, "lastPasswordChange", |