62 lines
2.3 KiB
Diff
62 lines
2.3 KiB
Diff
From c4f46b40e2f55abd9ae2296fd68daa88bd60e32f Mon Sep 17 00:00:00 2001
|
|
From: Simo Sorce <ssorce@redhat.com>
|
|
Date: Mon, 27 Apr 2009 18:21:25 -0400
|
|
Subject: [PATCH] Use different attribute for cached passwords
|
|
|
|
This fixes a bug with legacy backends where the cached password would be cleared
|
|
on a user update.
|
|
Using a different attribute we make sure a userPassword coming from the remote
|
|
backend does not interfere with a cachedPassword (and vice versa).
|
|
---
|
|
server/db/sysdb.h | 2 ++
|
|
server/responder/pam/pamsrv_cache.c | 6 +++---
|
|
2 files changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/server/db/sysdb.h b/server/db/sysdb.h
|
|
index df49bc7..7bfe1fd 100644
|
|
--- a/server/db/sysdb.h
|
|
+++ b/server/db/sysdb.h
|
|
@@ -63,6 +63,8 @@
|
|
|
|
#define SYSDB_LAST_UPDATE "lastUpdate"
|
|
|
|
+#define SYSDB_CACHEDPWD "cachedPassword"
|
|
+
|
|
#define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
|
|
|
|
#define SYSDB_UC "objectclass="SYSDB_USER_CLASS
|
|
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
|
|
index 10f4199..154c7d1 100644
|
|
--- a/server/responder/pam/pamsrv_cache.c
|
|
+++ b/server/responder/pam/pamsrv_cache.c
|
|
@@ -149,7 +149,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
|
|
goto done;
|
|
}
|
|
|
|
- ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_PWD, comphash);
|
|
+ ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash);
|
|
if (ret) goto done;
|
|
|
|
/* FIXME: should we use a different attribute for chache passwords ?? */
|
|
@@ -219,7 +219,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status,
|
|
goto done;
|
|
}
|
|
|
|
- userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
|
|
+ userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CACHEDPWD, NULL);
|
|
if (userhash == NULL || *userhash == '\0') {
|
|
DEBUG(4, ("Cached credentials not available.\n"));
|
|
ret = PAM_AUTHINFO_UNAVAIL;
|
|
@@ -253,7 +253,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
|
|
int ret;
|
|
|
|
static const char *attrs[] = {SYSDB_NAME,
|
|
- SYSDB_PWD,
|
|
+ SYSDB_CACHEDPWD,
|
|
SYSDB_DISABLED,
|
|
SYSDB_LAST_LOGIN,
|
|
"lastPasswordChange",
|
|
--
|
|
1.6.0.6
|
|
|