diff options
-rw-r--r-- | src/db/sysdb.h | 1 | ||||
-rw-r--r-- | src/db/sysdb_ops.c | 7 | ||||
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 6 | ||||
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 2 | ||||
-rw-r--r-- | src/tests/sysdb-tests.c | 12 |
5 files changed, 19 insertions, 9 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 707e1478..687818dc 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -707,6 +707,7 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb, uint32_t *failed_login_attempts, time_t *delayed_until); int sysdb_cache_auth(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name, const char *password, struct confdb_ctx *cdb, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 3da1d74b..6ff10d7d 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2784,6 +2784,7 @@ done: } int sysdb_cache_auth(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name, const char *password, struct confdb_ctx *cdb, @@ -2824,7 +2825,7 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb, return EINVAL; } - if (!sysdb->domain->cache_credentials) { + if (!domain->cache_credentials) { DEBUG(3, ("Cached credentials not available.\n")); return EINVAL; } @@ -2841,7 +2842,7 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb, return ret; } - ret = sysdb_search_user_by_name(tmp_ctx, sysdb, sysdb->domain, + ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, name, attrs, &ldb_msg); if (ret != EOK) { DEBUG(1, ("sysdb_search_user_by_name failed [%d][%s].\n", @@ -2955,7 +2956,7 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb, } } - ret = sysdb_set_user_attr(sysdb, sysdb->domain, + ret = sysdb_set_user_attr(sysdb, domain, name, update_attrs, LDB_FLAG_MOD_REPLACE); if (ret) { DEBUG(1, ("Failed to update Login attempt information!\n")); diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index b4955687..2271df0d 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -277,6 +277,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd, static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct confdb_ctx *cdb, struct pam_data *pd, uid_t uid, int *pam_status, int *dp_err) @@ -292,7 +293,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, return; } - ret = sysdb_cache_auth(sysdb, pd->user, password, cdb, true, NULL, NULL); + ret = sysdb_cache_auth(sysdb, domain, pd->user, + password, cdb, true, NULL, NULL); if (ret != EOK) { DEBUG(1, ("Offline authentication failed\n")); *pam_status = cached_login_pam_status(ret); @@ -770,6 +772,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) KRB5_STORE_PASSWORD_IF_OFFLINE)) { krb5_auth_cache_creds(state->kr->krb5_ctx, state->be_ctx->sysdb, + state->be_ctx->domain, state->be_ctx->cdb, kr->pd, kr->uid, &state->pam_status, &state->dp_err); @@ -1079,6 +1082,7 @@ static void krb5_auth_done(struct tevent_req *subreq) KRB5_STORE_PASSWORD_IF_OFFLINE)) { krb5_auth_cache_creds(state->kr->krb5_ctx, state->be_ctx->sysdb, + state->be_ctx->domain, state->be_ctx->cdb, state->pd, state->kr->uid, &state->pam_status, &state->dp_err); diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 6fe216db..62d160c2 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -778,7 +778,7 @@ static void pam_reply(struct pam_auth_req *preq) goto done; } - ret = sysdb_cache_auth(preq->domain->sysdb, + ret = sysdb_cache_auth(preq->domain->sysdb, preq->domain, pd->user, password, pctx->rctx->cdb, false, &exp_date, &delay_until); diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index dace3509..a6a2b1d7 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -1590,8 +1590,10 @@ static void cached_authentication_without_expiration(const char *username, return; } - ret = sysdb_cache_auth(test_ctx->sysdb, data->username, password, - test_ctx->confdb, false, &expire_date, &delayed_until); + ret = sysdb_cache_auth(test_ctx->sysdb, + test_ctx->domain, data->username, + password, test_ctx->confdb, false, + &expire_date, &delayed_until); fail_unless(ret == expected_result, "sysdb_cache_auth request does not " "return expected result [%d].", @@ -1649,8 +1651,10 @@ static void cached_authentication_with_expiration(const char *username, data->username, data->attrs, SYSDB_MOD_REP); fail_unless(ret == EOK, "Could not modify user %s", data->username); - ret = sysdb_cache_auth(test_ctx->sysdb, data->username, password, - test_ctx->confdb, false, &expire_date, &delayed_until); + ret = sysdb_cache_auth(test_ctx->sysdb, + data->ctx->domain, data->username, + password, test_ctx->confdb, false, + &expire_date, &delayed_until); fail_unless(ret == expected_result, "sysdb_cache_auth request does not return expected " |