diff options
-rw-r--r-- | src/db/sysdb.h | 1 | ||||
-rw-r--r-- | src/db/sysdb_ops.c | 3 | ||||
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 8 | ||||
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 1 | ||||
-rw-r--r-- | src/providers/proxy/proxy_auth.c | 1 | ||||
-rw-r--r-- | src/tests/sysdb-tests.c | 2 | ||||
-rw-r--r-- | src/tools/sss_seed.c | 2 |
7 files changed, 12 insertions, 6 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 1edf447f..707e1478 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -698,6 +698,7 @@ errno_t sysdb_update_members(struct sysdb_ctx *sysdb, * in this case a transaction will be automatically started and the * function will be completely wrapped in it's own sysdb transaction */ int sysdb_cache_password(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *username, const char *password); diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index b8682608..3da1d74b 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1945,6 +1945,7 @@ int sysdb_remove_group_member(struct sysdb_ctx *sysdb, /* =Password-Caching====================================================== */ int sysdb_cache_password(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *username, const char *password) { @@ -1988,7 +1989,7 @@ int sysdb_cache_password(struct sysdb_ctx *sysdb, if (ret) goto fail; - ret = sysdb_set_user_attr(sysdb, sysdb->domain, + ret = sysdb_set_user_attr(sysdb, domain, username, attrs, SYSDB_MOD_REP); if (ret) { goto fail; diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 00f5c339..b4955687 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -380,7 +380,9 @@ static errno_t krb5_auth_prepare_ccache_file(struct krb5child_req *kr, return EOK; } -static void krb5_auth_store_creds(struct sysdb_ctx *sysdb, struct pam_data *pd) +static void krb5_auth_store_creds(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + struct pam_data *pd) { const char *password = NULL; int ret = EOK; @@ -417,7 +419,7 @@ static void krb5_auth_store_creds(struct sysdb_ctx *sysdb, struct pam_data *pd) return; } - ret = sysdb_cache_password(sysdb, pd->user, password); + ret = sysdb_cache_password(sysdb, domain, pd->user, password); if (ret) { DEBUG(2, ("Failed to cache password, offline auth may not work." " (%d)[%s]!?\n", ret, strerror(ret))); @@ -1090,7 +1092,7 @@ static void krb5_auth_done(struct tevent_req *subreq) } if (state->be_ctx->domain->cache_credentials == TRUE) { - krb5_auth_store_creds(state->sysdb, pd); + krb5_auth_store_creds(state->sysdb, state->domain, pd); } state->pam_status = PAM_SUCCESS; diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index cffdf088..aa07fbb8 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -1157,6 +1157,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) ret = sss_authtok_get_password(&state->pd->authtok, &password, NULL); if (ret == EOK) { ret = sysdb_cache_password(state->breq->be_ctx->sysdb, + state->breq->be_ctx->domain, state->pd->user, password); } diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c index 3430f38b..d4167c1f 100644 --- a/src/providers/proxy/proxy_auth.c +++ b/src/providers/proxy/proxy_auth.c @@ -758,6 +758,7 @@ static void proxy_child_done(struct tevent_req *req) } ret = sysdb_cache_password(client_ctx->be_req->be_ctx->sysdb, + client_ctx->be_req->be_ctx->domain, pd->user, password); /* password caching failures are not fatal errors */ diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index e63aa77a..dace3509 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -1551,7 +1551,7 @@ START_TEST (test_sysdb_cache_password) data->ev = test_ctx->ev; data->username = talloc_asprintf(data, "testuser%d", _i); - ret = sysdb_cache_password(test_ctx->sysdb, + ret = sysdb_cache_password(test_ctx->sysdb, test_ctx->domain, data->username, data->username); fail_unless(ret == EOK, "sysdb_cache_password request failed [%d].", ret); diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c index 5e4504e0..846a4472 100644 --- a/src/tools/sss_seed.c +++ b/src/tools/sss_seed.c @@ -752,7 +752,7 @@ static int seed_cache_user(struct seed_ctx *sctx) } } - ret = sysdb_cache_password(sctx->sysdb, sctx->uctx->name, + ret = sysdb_cache_password(sctx->sysdb, sctx->domain, sctx->uctx->name, sctx->uctx->password); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to cache password. (%d)[%s]\n", |