summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/db/sysdb.h1
-rw-r--r--src/db/sysdb_ops.c7
-rw-r--r--src/providers/krb5/krb5_auth.c6
-rw-r--r--src/responder/pam/pamsrv_cmd.c2
-rw-r--r--src/tests/sysdb-tests.c12
5 files changed, 19 insertions, 9 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 707e1478..687818dc 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -707,6 +707,7 @@ errno_t check_failed_login_attempts(struct confdb_ctx *cdb,
uint32_t *failed_login_attempts,
time_t *delayed_until);
int sysdb_cache_auth(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name,
const char *password,
struct confdb_ctx *cdb,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 3da1d74b..6ff10d7d 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2784,6 +2784,7 @@ done:
}
int sysdb_cache_auth(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name,
const char *password,
struct confdb_ctx *cdb,
@@ -2824,7 +2825,7 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb,
return EINVAL;
}
- if (!sysdb->domain->cache_credentials) {
+ if (!domain->cache_credentials) {
DEBUG(3, ("Cached credentials not available.\n"));
return EINVAL;
}
@@ -2841,7 +2842,7 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb,
return ret;
}
- ret = sysdb_search_user_by_name(tmp_ctx, sysdb, sysdb->domain,
+ ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain,
name, attrs, &ldb_msg);
if (ret != EOK) {
DEBUG(1, ("sysdb_search_user_by_name failed [%d][%s].\n",
@@ -2955,7 +2956,7 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb,
}
}
- ret = sysdb_set_user_attr(sysdb, sysdb->domain,
+ ret = sysdb_set_user_attr(sysdb, domain,
name, update_attrs, LDB_FLAG_MOD_REPLACE);
if (ret) {
DEBUG(1, ("Failed to update Login attempt information!\n"));
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index b4955687..2271df0d 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -277,6 +277,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd,
static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
struct confdb_ctx *cdb,
struct pam_data *pd, uid_t uid,
int *pam_status, int *dp_err)
@@ -292,7 +293,8 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx,
return;
}
- ret = sysdb_cache_auth(sysdb, pd->user, password, cdb, true, NULL, NULL);
+ ret = sysdb_cache_auth(sysdb, domain, pd->user,
+ password, cdb, true, NULL, NULL);
if (ret != EOK) {
DEBUG(1, ("Offline authentication failed\n"));
*pam_status = cached_login_pam_status(ret);
@@ -770,6 +772,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq)
KRB5_STORE_PASSWORD_IF_OFFLINE)) {
krb5_auth_cache_creds(state->kr->krb5_ctx,
state->be_ctx->sysdb,
+ state->be_ctx->domain,
state->be_ctx->cdb,
kr->pd, kr->uid,
&state->pam_status, &state->dp_err);
@@ -1079,6 +1082,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
KRB5_STORE_PASSWORD_IF_OFFLINE)) {
krb5_auth_cache_creds(state->kr->krb5_ctx,
state->be_ctx->sysdb,
+ state->be_ctx->domain,
state->be_ctx->cdb,
state->pd, state->kr->uid,
&state->pam_status, &state->dp_err);
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 6fe216db..62d160c2 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -778,7 +778,7 @@ static void pam_reply(struct pam_auth_req *preq)
goto done;
}
- ret = sysdb_cache_auth(preq->domain->sysdb,
+ ret = sysdb_cache_auth(preq->domain->sysdb, preq->domain,
pd->user, password,
pctx->rctx->cdb, false,
&exp_date, &delay_until);
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index dace3509..a6a2b1d7 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -1590,8 +1590,10 @@ static void cached_authentication_without_expiration(const char *username,
return;
}
- ret = sysdb_cache_auth(test_ctx->sysdb, data->username, password,
- test_ctx->confdb, false, &expire_date, &delayed_until);
+ ret = sysdb_cache_auth(test_ctx->sysdb,
+ test_ctx->domain, data->username,
+ password, test_ctx->confdb, false,
+ &expire_date, &delayed_until);
fail_unless(ret == expected_result, "sysdb_cache_auth request does not "
"return expected result [%d].",
@@ -1649,8 +1651,10 @@ static void cached_authentication_with_expiration(const char *username,
data->username, data->attrs, SYSDB_MOD_REP);
fail_unless(ret == EOK, "Could not modify user %s", data->username);
- ret = sysdb_cache_auth(test_ctx->sysdb, data->username, password,
- test_ctx->confdb, false, &expire_date, &delayed_until);
+ ret = sysdb_cache_auth(test_ctx->sysdb,
+ data->ctx->domain, data->username,
+ password, test_ctx->confdb, false,
+ &expire_date, &delayed_until);
fail_unless(ret == expected_result,
"sysdb_cache_auth request does not return expected "