summaryrefslogtreecommitdiff
path: root/server/responder/pam/pamsrv_cache.c
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-05-11 09:08:31 -0400
committerSimo Sorce <ssorce@redhat.com>2009-05-18 15:27:48 -0400
commit66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25 (patch)
tree35caa2b93baa413e516c1834626a14e36c811017 /server/responder/pam/pamsrv_cache.c
parent3594dff371450e4530bf26f3bc4b2ea195270bcd (diff)
downloadsssd-66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25.tar.gz
sssd-66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25.tar.bz2
sssd-66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25.zip
Move actual password caching into sysdb
Convert auth modules to do the caching themselves
Diffstat (limited to 'server/responder/pam/pamsrv_cache.c')
-rw-r--r--server/responder/pam/pamsrv_cache.c112
1 files changed, 1 insertions, 111 deletions
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
index ed18f6a1..d1c34e5f 100644
--- a/server/responder/pam/pamsrv_cache.c
+++ b/server/responder/pam/pamsrv_cache.c
@@ -53,120 +53,10 @@ static int authtok2str(const void *mem_ctx,
struct set_attrs_ctx {
struct pam_auth_req *preq;
- struct sysdb_attrs *attrs;
struct sysdb_req *sysreq;
+ char *password;
};
-static void pc_set_user_attr_callback(void *pvt,
- int ldb_status,
- struct ldb_result *res)
-{
- struct set_attrs_ctx *ctx;
- int error;
-
- ctx = talloc_get_type(pvt, struct set_attrs_ctx);
- error = sysdb_error_to_errno(ldb_status);
-
- sysdb_transaction_done(ctx->sysreq, error);
-
- if (ldb_status != LDB_SUCCESS) {
- DEBUG(2, ("Failed to cache credentials for user [%s] (%d)!\n",
- ctx->preq->pd->user, error, strerror(error)));
- }
-
- ctx->preq->callback(ctx->preq);
-}
-
-static void pc_set_user_attr_req(struct sysdb_req *req, void *pvt)
-{
- struct set_attrs_ctx *ctx;
- int ret;
-
- DEBUG(4, ("entering pc_set_user_attr_req\n"));
-
- ctx = talloc_get_type(pvt, struct set_attrs_ctx);
-
- ctx->sysreq = req;
-
- ret = sysdb_set_user_attr(req, ctx->preq->cctx->rctx->sysdb,
- ctx->preq->domain,
- ctx->preq->pd->user,
- ctx->attrs,
- pc_set_user_attr_callback, ctx);
- if (ret != EOK) {
- sysdb_transaction_done(ctx->sysreq, ret);
- }
-
- if (ret != EOK) {
- DEBUG(2, ("Failed to cache credentials for user [%s] (%d)!\n",
- ctx->preq->pd->user, ret, strerror(ret)));
- ctx->preq->callback(ctx->preq);
- }
-}
-
-int pam_cache_credentials(struct pam_auth_req *preq)
-{
- struct set_attrs_ctx *ctx;
- struct pam_data *pd;
- char *password = NULL;
- char *comphash = NULL;
- char *salt;
- int i, ret;
-
- pd = preq->pd;
-
- ret = authtok2str(preq, pd->authtok, pd->authtok_size, &password);
- if (ret) {
- DEBUG(4, ("Invalid auth token.\n"));
- ret = EINVAL;
- goto done;
- }
-
- ret = s3crypt_gen_salt(preq, &salt);
- if (ret) {
- DEBUG(4, ("Failed to generate random salt.\n"));
- goto done;
- }
-
- ret = s3crypt_sha512(preq, password, salt, &comphash);
- if (ret) {
- DEBUG(4, ("Failed to create password hash.\n"));
- goto done;
- }
-
- ctx = talloc_zero(preq, struct set_attrs_ctx);
- if (!ctx) {
- ret = ENOMEM;
- goto done;
- }
- ctx->preq = preq;
-
- ctx->attrs = sysdb_new_attrs(ctx);
- if (!ctx->attrs) {
- ret = ENOMEM;
- goto done;
- }
-
- ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash);
- if (ret) goto done;
-
- /* FIXME: should we use a different attribute for chache passwords ?? */
- ret = sysdb_attrs_add_long(ctx->attrs, "lastCachedPasswordChange",
- (long)time(NULL));
- if (ret) goto done;
-
- ret = sysdb_transaction(ctx, preq->cctx->rctx->sysdb,
- pc_set_user_attr_req, ctx);
-
-done:
- if (password) for (i = 0; password[i]; i++) password[i] = 0;
- if (ret != EOK) {
- DEBUG(2, ("Failed to cache credentials for user [%s] (%d)!\n",
- pd->user, ret, strerror(ret)));
- }
- return ret;
-}
-
static void pam_cache_auth_return(struct pam_auth_req *preq, int error)
{
preq->pd->pam_status = error;