diff options
author | Simo Sorce <ssorce@redhat.com> | 2009-05-11 09:08:31 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2009-05-18 15:27:48 -0400 |
commit | 66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25 (patch) | |
tree | 35caa2b93baa413e516c1834626a14e36c811017 /server/responder/pam/pamsrv_cache.c | |
parent | 3594dff371450e4530bf26f3bc4b2ea195270bcd (diff) | |
download | sssd-66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25.tar.gz sssd-66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25.tar.bz2 sssd-66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25.zip |
Move actual password caching into sysdb
Convert auth modules to do the caching themselves
Diffstat (limited to 'server/responder/pam/pamsrv_cache.c')
-rw-r--r-- | server/responder/pam/pamsrv_cache.c | 112 |
1 files changed, 1 insertions, 111 deletions
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c index ed18f6a1..d1c34e5f 100644 --- a/server/responder/pam/pamsrv_cache.c +++ b/server/responder/pam/pamsrv_cache.c @@ -53,120 +53,10 @@ static int authtok2str(const void *mem_ctx, struct set_attrs_ctx { struct pam_auth_req *preq; - struct sysdb_attrs *attrs; struct sysdb_req *sysreq; + char *password; }; -static void pc_set_user_attr_callback(void *pvt, - int ldb_status, - struct ldb_result *res) -{ - struct set_attrs_ctx *ctx; - int error; - - ctx = talloc_get_type(pvt, struct set_attrs_ctx); - error = sysdb_error_to_errno(ldb_status); - - sysdb_transaction_done(ctx->sysreq, error); - - if (ldb_status != LDB_SUCCESS) { - DEBUG(2, ("Failed to cache credentials for user [%s] (%d)!\n", - ctx->preq->pd->user, error, strerror(error))); - } - - ctx->preq->callback(ctx->preq); -} - -static void pc_set_user_attr_req(struct sysdb_req *req, void *pvt) -{ - struct set_attrs_ctx *ctx; - int ret; - - DEBUG(4, ("entering pc_set_user_attr_req\n")); - - ctx = talloc_get_type(pvt, struct set_attrs_ctx); - - ctx->sysreq = req; - - ret = sysdb_set_user_attr(req, ctx->preq->cctx->rctx->sysdb, - ctx->preq->domain, - ctx->preq->pd->user, - ctx->attrs, - pc_set_user_attr_callback, ctx); - if (ret != EOK) { - sysdb_transaction_done(ctx->sysreq, ret); - } - - if (ret != EOK) { - DEBUG(2, ("Failed to cache credentials for user [%s] (%d)!\n", - ctx->preq->pd->user, ret, strerror(ret))); - ctx->preq->callback(ctx->preq); - } -} - -int pam_cache_credentials(struct pam_auth_req *preq) -{ - struct set_attrs_ctx *ctx; - struct pam_data *pd; - char *password = NULL; - char *comphash = NULL; - char *salt; - int i, ret; - - pd = preq->pd; - - ret = authtok2str(preq, pd->authtok, pd->authtok_size, &password); - if (ret) { - DEBUG(4, ("Invalid auth token.\n")); - ret = EINVAL; - goto done; - } - - ret = s3crypt_gen_salt(preq, &salt); - if (ret) { - DEBUG(4, ("Failed to generate random salt.\n")); - goto done; - } - - ret = s3crypt_sha512(preq, password, salt, &comphash); - if (ret) { - DEBUG(4, ("Failed to create password hash.\n")); - goto done; - } - - ctx = talloc_zero(preq, struct set_attrs_ctx); - if (!ctx) { - ret = ENOMEM; - goto done; - } - ctx->preq = preq; - - ctx->attrs = sysdb_new_attrs(ctx); - if (!ctx->attrs) { - ret = ENOMEM; - goto done; - } - - ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash); - if (ret) goto done; - - /* FIXME: should we use a different attribute for chache passwords ?? */ - ret = sysdb_attrs_add_long(ctx->attrs, "lastCachedPasswordChange", - (long)time(NULL)); - if (ret) goto done; - - ret = sysdb_transaction(ctx, preq->cctx->rctx->sysdb, - pc_set_user_attr_req, ctx); - -done: - if (password) for (i = 0; password[i]; i++) password[i] = 0; - if (ret != EOK) { - DEBUG(2, ("Failed to cache credentials for user [%s] (%d)!\n", - pd->user, ret, strerror(ret))); - } - return ret; -} - static void pam_cache_auth_return(struct pam_auth_req *preq, int error) { preq->pd->pam_status = error; |