diff options
| author | Simo Sorce <simo@redhat.com> | 2012-10-18 12:49:38 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2013-01-10 12:24:59 -0500 |
| commit | c83e409297711e6012a164cc929c758a3f38e9b9 (patch) | |
| tree | 42930e80d13d5bbe26e12891499677db0e26c8e6 /src/db | |
| parent | 4c2cf6607ddc82c5061d805c11e163de4bc1bd82 (diff) | |
| download | sssd-c83e409297711e6012a164cc929c758a3f38e9b9.tar.gz sssd-c83e409297711e6012a164cc929c758a3f38e9b9.tar.bz2 sssd-c83e409297711e6012a164cc929c758a3f38e9b9.zip | |
Code can only check for cached passwords
Make it clear to the API users that we can not take arbitrary auth tokens.
We can only take a password for now so simplify and clarify the interface.
Diffstat (limited to 'src/db')
| -rw-r--r-- | src/db/sysdb.h | 3 | ||||
| -rw-r--r-- | src/db/sysdb_ops.c | 12 |
2 files changed, 2 insertions, 13 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index b8aafdfa..378ce488 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -740,8 +740,7 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb, time_t *delayed_until); int sysdb_cache_auth(struct sysdb_ctx *sysdb, const char *name, - const uint8_t *authtok, - size_t authtok_size, + const char *password, struct confdb_ctx *cdb, bool just_check, time_t *_expire_date, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index e1201f44..b9cecad5 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2757,8 +2757,7 @@ done: int sysdb_cache_auth(struct sysdb_ctx *sysdb, const char *name, - const uint8_t *authtok, - size_t authtok_size, + const char *password, struct confdb_ctx *cdb, bool just_check, time_t *_expire_date, @@ -2773,7 +2772,6 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb, struct ldb_message *ldb_msg; const char *userhash; char *comphash; - char *password = NULL; uint64_t lastLogin = 0; int cred_expiration; uint32_t failed_login_attempts = 0; @@ -2859,13 +2857,6 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb, /* TODO: verify user account (disabled, expired ...) */ - password = talloc_strndup(tmp_ctx, (const char *)authtok, authtok_size); - if (password == NULL) { - DEBUG(1, ("talloc_strndup failed.\n")); - ret = ENOMEM; - goto done; - } - userhash = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_CACHEDPWD, NULL); if (userhash == NULL || *userhash == '\0') { DEBUG(4, ("Cached credentials not available.\n")); @@ -2949,7 +2940,6 @@ done: if (_delayed_until != NULL) { *_delayed_until = delayed_until; } - if (password) for (i = 0; password[i]; i++) password[i] = 0; if (ret) { ldb_transaction_cancel(sysdb->ldb); } else { |