From fd92f2270544489149c4dae2aed513e506813c04 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 24 Mar 2015 15:35:01 +0100 Subject: [PATCH 25/30] sysdb: add sysdb_cache_password_ex() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Lukáš Slebodník (cherry picked from commit 55b7fdd837a780ab0f71cbfaa2403f4626993922) --- src/db/sysdb.h | 9 +++++++++ src/db/sysdb_ops.c | 25 ++++++++++++++++++++--- src/tests/sysdb-tests.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 3 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index a1b6f207399555c85c14c8decf89edc498deb871..63d6d3cdc0baf49dff86a1aa62f61a4eacee7465 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -24,6 +24,7 @@ #include "util/util.h" #include "confdb/confdb.h" +#include "sss_client/sss_cli.h" #include #define CACHE_SYSDB_FILE "cache_%s.ldb" @@ -105,6 +106,8 @@ #define SYSDB_SERVERHOSTNAME "serverHostname" #define SYSDB_CACHEDPWD "cachedPassword" +#define SYSDB_CACHEDPWD_TYPE "cachedPasswordType" +#define SYSDB_CACHEDPWD_FA2_LEN "cachedPasswordSecondFactorLen" #define SYSDB_UUID "uniqueID" #define SYSDB_SID "objectSID" @@ -888,6 +891,12 @@ int sysdb_cache_password(struct sss_domain_info *domain, const char *username, const char *password); +int sysdb_cache_password_ex(struct sss_domain_info *domain, + const char *username, + const char *password, + enum sss_authtok_type authtok_type, + size_t second_factor_size); + errno_t check_failed_login_attempts(struct confdb_ctx *cdb, struct ldb_message *ldb_msg, uint32_t *failed_login_attempts, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index ea786d59158eb8a82952c7e457ea83286abbf2c4..083d2778c97fe4d6149e4fc030885c482c511105 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2226,9 +2226,11 @@ int sysdb_remove_group_member(struct sss_domain_info *domain, /* =Password-Caching====================================================== */ -int sysdb_cache_password(struct sss_domain_info *domain, - const char *username, - const char *password) +int sysdb_cache_password_ex(struct sss_domain_info *domain, + const char *username, + const char *password, + enum sss_authtok_type authtok_type, + size_t second_factor_len) { TALLOC_CTX *tmp_ctx; struct sysdb_attrs *attrs; @@ -2261,6 +2263,15 @@ int sysdb_cache_password(struct sss_domain_info *domain, ret = sysdb_attrs_add_string(attrs, SYSDB_CACHEDPWD, hash); if (ret) goto fail; + ret = sysdb_attrs_add_long(attrs, SYSDB_CACHEDPWD_TYPE, authtok_type); + if (ret) goto fail; + + if (authtok_type == SSS_AUTHTOK_TYPE_2FA && second_factor_len > 0) { + ret = sysdb_attrs_add_long(attrs, SYSDB_CACHEDPWD_FA2_LEN, + second_factor_len); + if (ret) goto fail; + } + /* FIXME: should we use a different attribute for chache passwords ?? */ ret = sysdb_attrs_add_long(attrs, "lastCachedPasswordChange", (long)time(NULL)); @@ -2285,6 +2296,14 @@ fail: return ret; } +int sysdb_cache_password(struct sss_domain_info *domain, + const char *username, + const char *password) +{ + return sysdb_cache_password_ex(domain, username, password, + SSS_AUTHTOK_TYPE_PASSWORD, 0); +} + /* =Custom Search================== */ int sysdb_search_custom(TALLOC_CTX *mem_ctx, diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index 450a9d1d693135c296f3433d905d1aba115548b8..3d5e97afbfaa5441281ef193d072122204db0514 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -1808,6 +1808,57 @@ START_TEST (test_sysdb_cache_password) } END_TEST +START_TEST (test_sysdb_cache_password_ex) +{ + struct sysdb_test_ctx *test_ctx; + struct test_data *data; + int ret; + struct ldb_result *res; + const char *attrs[] = { SYSDB_CACHEDPWD_TYPE, SYSDB_CACHEDPWD_FA2_LEN, + NULL }; + int val; + + /* Setup */ + ret = setup_sysdb_tests(&test_ctx); + fail_unless(ret == EOK, "Could not set up the test"); + + data = talloc_zero(test_ctx, struct test_data); + data->ctx = test_ctx; + data->ev = test_ctx->ev; + data->username = talloc_asprintf(data, "testuser%d", _i); + + ret = sysdb_get_user_attr(test_ctx, test_ctx->domain, data->username, + attrs, &res); + fail_unless(ret == EOK, "sysdb_get_user_attr request failed [%d].", ret); + + val = ldb_msg_find_attr_as_int(res->msgs[0], SYSDB_CACHEDPWD_TYPE, 0); + fail_unless(val == SSS_AUTHTOK_TYPE_PASSWORD, + "Unexptected authtok type, found [%d], expected [%d].", + val, SSS_AUTHTOK_TYPE_PASSWORD); + + ret = sysdb_cache_password_ex(test_ctx->domain, data->username, + data->username, SSS_AUTHTOK_TYPE_2FA, 12); + + fail_unless(ret == EOK, "sysdb_cache_password request failed [%d].", ret); + + ret = sysdb_get_user_attr(test_ctx, test_ctx->domain, data->username, + attrs, &res); + fail_unless(ret == EOK, "sysdb_get_user_attr request failed [%d].", ret); + + val = ldb_msg_find_attr_as_int(res->msgs[0], SYSDB_CACHEDPWD_TYPE, 0); + fail_unless(val == SSS_AUTHTOK_TYPE_2FA, + "Unexptected authtok type, found [%d], expected [%d].", + val, SSS_AUTHTOK_TYPE_2FA); + + val = ldb_msg_find_attr_as_int(res->msgs[0], SYSDB_CACHEDPWD_FA2_LEN, 0); + fail_unless(val == 12, + "Unexptected second factor lenght, found [%d], expected [%d].", + val, 12); + + talloc_free(test_ctx); +} +END_TEST + static void cached_authentication_without_expiration(const char *username, const char *password, int expected_result) @@ -6256,6 +6307,8 @@ Suite *create_sysdb_suite(void) 27010, 27011); tcase_add_loop_test(tc_sysdb, test_sysdb_cached_authentication, 27010, 27011); + tcase_add_loop_test(tc_sysdb, test_sysdb_cache_password_ex, 27010, 27011); + /* ASQ search test */ tcase_add_loop_test(tc_sysdb, test_sysdb_prepare_asq_test_user, 28011, 28020); tcase_add_test(tc_sysdb, test_sysdb_asq_search); -- 2.4.3