diff options
| author | Simo Sorce <ssorce@redhat.com> | 2009-05-11 09:08:31 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2009-05-18 15:27:48 -0400 |
| commit | 66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25 (patch) | |
| tree | 35caa2b93baa413e516c1834626a14e36c811017 /server/db | |
| parent | 3594dff371450e4530bf26f3bc4b2ea195270bcd (diff) | |
| download | sssd-66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25.tar.gz sssd-66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25.tar.xz sssd-66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25.zip | |
Move actual password caching into sysdb
Convert auth modules to do the caching themselves
Diffstat (limited to 'server/db')
| -rw-r--r-- | server/db/sysdb.h | 1 | ||||
| -rw-r--r-- | server/db/sysdb_ops.c | 50 |
2 files changed, 49 insertions, 2 deletions
diff --git a/server/db/sysdb.h b/server/db/sysdb.h index 336c96000..916f8e21e 100644 --- a/server/db/sysdb.h +++ b/server/db/sysdb.h @@ -269,7 +269,6 @@ int sysdb_delete_group_by_gid(struct sysdb_req *sysreq, sysdb_callback_t fn, void *pvt); int sysdb_set_user_attr(struct sysdb_req *sysreq, - struct sysdb_ctx *ctx, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attributes, diff --git a/server/db/sysdb_ops.c b/server/db/sysdb_ops.c index 041e10b7a..769d5f610 100644 --- a/server/db/sysdb_ops.c +++ b/server/db/sysdb_ops.c @@ -21,6 +21,7 @@ #include "util/util.h" #include "db/sysdb_private.h" +#include "util/nss_sha512crypt.h" #include <time.h> struct sysdb_cb_ctx { @@ -456,12 +457,12 @@ int sysdb_delete_group_by_gid(struct sysdb_req *sysreq, } int sysdb_set_user_attr(struct sysdb_req *sysreq, - struct sysdb_ctx *ctx, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, sysdb_callback_t fn, void *pvt) { + struct sysdb_ctx *ctx; struct sysdb_cb_ctx *cbctx; struct ldb_message *msg; struct ldb_request *req; @@ -474,6 +475,8 @@ int sysdb_set_user_attr(struct sysdb_req *sysreq, if (attrs->num == 0) return EINVAL; + ctx = sysdb_req_get_ctx(sysreq); + cbctx = talloc_zero(sysreq, struct sysdb_cb_ctx); if (!cbctx) return ENOMEM; @@ -1832,3 +1835,48 @@ int sysdb_legacy_remove_group_member(struct sysdb_req *sysreq, return EOK; } +int sysdb_set_cached_password(struct sysdb_req *sysreq, + struct sss_domain_info *domain, + const char *user, + const char *password, + sysdb_callback_t fn, void *pvt) +{ + struct sysdb_ctx *ctx; + struct sysdb_attrs *attrs; + char *hash = NULL; + char *salt; + int ret; + + ctx = sysdb_req_get_ctx(sysreq); + if (!ctx) return EFAULT; + + ret = s3crypt_gen_salt(sysreq, &salt); + if (ret) { + DEBUG(4, ("Failed to generate random salt.\n")); + return ret; + } + + ret = s3crypt_sha512(sysreq, password, salt, &hash); + if (ret) { + DEBUG(4, ("Failed to create password hash.\n")); + return ret; + } + + attrs = sysdb_new_attrs(sysreq); + if (!attrs) { + return ENOMEM; + } + + ret = sysdb_attrs_add_string(attrs, SYSDB_CACHEDPWD, hash); + if (ret) return ret; + + /* FIXME: should we use a different attribute for chache passwords ?? */ + ret = sysdb_attrs_add_long(attrs, "lastCachedPasswordChange", + (long)time(NULL)); + if (ret) return ret; + + ret = sysdb_set_user_attr(sysreq, domain, user, attrs, fn, pvt); + if (ret) return ret; + + return EOK; +} |