- Add patches to fix password caching
This commit is contained in:
parent
e28b3dea2b
commit
4e5c172095
@ -0,0 +1,34 @@
|
||||
From 11d01e05e08a9acf11af9aea96910b4795627082 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Tue, 28 Apr 2009 10:20:55 +0200
|
||||
Subject: [PATCH] Use different attribute for cached passwords change time
|
||||
|
||||
---
|
||||
server/responder/pam/pamsrv_cache.c | 4 ++--
|
||||
1 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
|
||||
index 5e492a5..302f70c 100644
|
||||
--- a/server/responder/pam/pamsrv_cache.c
|
||||
+++ b/server/responder/pam/pamsrv_cache.c
|
||||
@@ -153,7 +153,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
|
||||
if (ret) goto done;
|
||||
|
||||
/* FIXME: should we use a different attribute for chache passwords ?? */
|
||||
- ret = sysdb_attrs_add_long(ctx->attrs, "lastPasswordChange",
|
||||
+ ret = sysdb_attrs_add_long(ctx->attrs, "lastCachedPasswordChange",
|
||||
(long)time(NULL));
|
||||
if (ret) goto done;
|
||||
|
||||
@@ -256,7 +256,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
|
||||
SYSDB_CACHEDPWD,
|
||||
SYSDB_DISABLED,
|
||||
SYSDB_LAST_LOGIN,
|
||||
- "lastPasswordChange",
|
||||
+ "lastCachedPasswordChange",
|
||||
"accountExpires",
|
||||
"failedLoginAttempts",
|
||||
"lastFailedLogin",
|
||||
--
|
||||
1.6.0.6
|
||||
|
61
0001-Use-different-attribute-for-cached-passwords.patch
Normal file
61
0001-Use-different-attribute-for-cached-passwords.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From c4f46b40e2f55abd9ae2296fd68daa88bd60e32f Mon Sep 17 00:00:00 2001
|
||||
From: Simo Sorce <ssorce@redhat.com>
|
||||
Date: Mon, 27 Apr 2009 18:21:25 -0400
|
||||
Subject: [PATCH] Use different attribute for cached passwords
|
||||
|
||||
This fixes a bug with legacy backends where the cached password would be cleared
|
||||
on a user update.
|
||||
Using a different attribute we make sure a userPassword coming from the remote
|
||||
backend does not interfere with a cachedPassword (and vice versa).
|
||||
---
|
||||
server/db/sysdb.h | 2 ++
|
||||
server/responder/pam/pamsrv_cache.c | 6 +++---
|
||||
2 files changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/server/db/sysdb.h b/server/db/sysdb.h
|
||||
index df49bc7..7bfe1fd 100644
|
||||
--- a/server/db/sysdb.h
|
||||
+++ b/server/db/sysdb.h
|
||||
@@ -63,6 +63,8 @@
|
||||
|
||||
#define SYSDB_LAST_UPDATE "lastUpdate"
|
||||
|
||||
+#define SYSDB_CACHEDPWD "cachedPassword"
|
||||
+
|
||||
#define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
|
||||
|
||||
#define SYSDB_UC "objectclass="SYSDB_USER_CLASS
|
||||
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
|
||||
index 10f4199..154c7d1 100644
|
||||
--- a/server/responder/pam/pamsrv_cache.c
|
||||
+++ b/server/responder/pam/pamsrv_cache.c
|
||||
@@ -149,7 +149,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
|
||||
goto done;
|
||||
}
|
||||
|
||||
- ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_PWD, comphash);
|
||||
+ ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash);
|
||||
if (ret) goto done;
|
||||
|
||||
/* FIXME: should we use a different attribute for chache passwords ?? */
|
||||
@@ -219,7 +219,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status,
|
||||
goto done;
|
||||
}
|
||||
|
||||
- userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
|
||||
+ userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CACHEDPWD, NULL);
|
||||
if (userhash == NULL || *userhash == '\0') {
|
||||
DEBUG(4, ("Cached credentials not available.\n"));
|
||||
ret = PAM_AUTHINFO_UNAVAIL;
|
||||
@@ -253,7 +253,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
|
||||
int ret;
|
||||
|
||||
static const char *attrs[] = {SYSDB_NAME,
|
||||
- SYSDB_PWD,
|
||||
+ SYSDB_CACHEDPWD,
|
||||
SYSDB_DISABLED,
|
||||
SYSDB_LAST_LOGIN,
|
||||
"lastPasswordChange",
|
||||
--
|
||||
1.6.0.6
|
||||
|
@ -1,6 +1,6 @@
|
||||
Name: sssd
|
||||
Version: 0.3.3
|
||||
Release: 0%{?dist}
|
||||
Release: 1%{?dist}
|
||||
Group: Applications/System
|
||||
Summary: System Security Services Daemon
|
||||
|
||||
@ -13,6 +13,8 @@ Source1: sssd.conf.default
|
||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
|
||||
### Patches ###
|
||||
Patch1: 0001-Use-different-attribute-for-cached-passwords.patch
|
||||
Patch2: 0001-Use-different-attribute-for-cached-passwords-change.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
@ -51,6 +53,8 @@ services for projects like FreeIPA.
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%patch1 -p 1 -b .pwd-attr
|
||||
%patch2 -p 1 -b .pwd-cache-attr
|
||||
|
||||
%build
|
||||
|
||||
@ -139,6 +143,9 @@ if [ $1 -ge 1 ] ; then
|
||||
fi
|
||||
|
||||
%changelog
|
||||
* Tue Apr 28 2009 Simo Sorce <ssorce@redhat.com> - 0.3.3-1
|
||||
- Add patches to fix password caching
|
||||
|
||||
* Mon Apr 27 2009 Simo Sorce <ssorce@redhat.com> - 0.3.3-0
|
||||
- Version 0.3.3
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user