Use different attribute for cached passwords

This fixes a bug with legacy backends where the cached password would be cleared on a user update. Using a different attribute we make sure a userPassword coming from the remote backend does not interfere with a cachedPassword (and vice versa).
author: Simo Sorce <ssorce@redhat.com> 2009-04-27 18:21:25 -0400
committer: Simo Sorce <ssorce@redhat.com> 2009-04-27 18:21:25 -0400
commit: c4f46b40e2f55abd9ae2296fd68daa88bd60e32f (patch)
tree: a6bd391cb5354a69aa99808959bce7870215914a /server
parent: 0dcef2cbb6e53999b9fe053d49e09bb27c6f4f15 (diff)
download: sssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.tar.gz
sssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.tar.bz2
sssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.zip
2 files changed, 5 insertions, 3 deletions
diff --git a/server/db/sysdb.h b/server/db/sysdb.h
index df49bc7b..7bfe1fd7 100644
--- a/server/db/sysdb.h
+++ b/server/db/sysdb.h
@@ -63,6 +63,8 @@
 
 #define SYSDB_LAST_UPDATE "lastUpdate"
 
+#define SYSDB_CACHEDPWD "cachedPassword"
+
 #define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
 
 #define SYSDB_UC "objectclass="SYSDB_USER_CLASS
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
index 10f41996..154c7d1b 100644
--- a/server/responder/pam/pamsrv_cache.c
+++ b/server/responder/pam/pamsrv_cache.c
@@ -149,7 +149,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
         goto done;
     }
 
-    ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_PWD, comphash);
+    ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash);
     if (ret) goto done;
 
     /* FIXME: should we use a different attribute for chache passwords ?? */
@@ -219,7 +219,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status,
         goto done;
     }
 
-    userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
+    userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CACHEDPWD, NULL);
     if (userhash == NULL || *userhash == '\0') {
         DEBUG(4, ("Cached credentials not available.\n"));
         ret = PAM_AUTHINFO_UNAVAIL;
@@ -253,7 +253,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
     int ret;
 
     static const char *attrs[] = {SYSDB_NAME,
-                                  SYSDB_PWD,
+                                  SYSDB_CACHEDPWD,
                                   SYSDB_DISABLED,
                                   SYSDB_LAST_LOGIN,
                                   "lastPasswordChange",
author	Simo Sorce <ssorce@redhat.com>	2009-04-27 18:21:25 -0400
committer	Simo Sorce <ssorce@redhat.com>	2009-04-27 18:21:25 -0400
commit	c4f46b40e2f55abd9ae2296fd68daa88bd60e32f (patch)
tree	a6bd391cb5354a69aa99808959bce7870215914a /server
parent	0dcef2cbb6e53999b9fe053d49e09bb27c6f4f15 (diff)
download	sssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.tar.gz sssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.tar.bz2 sssd-c4f46b40e2f55abd9ae2296fd68daa88bd60e32f.zip