From 66c727e0e7b34d19cdb8dbdc0a0fae15d9d5ff25 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Mon, 11 May 2009 09:08:31 -0400
Subject: Move actual password caching into sysdb

Convert auth modules to do the caching themselves
---
 server/db/sysdb.h     |  1 -
 server/db/sysdb_ops.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 49 insertions(+), 2 deletions(-)

(limited to 'server/db')

diff --git a/server/db/sysdb.h b/server/db/sysdb.h
index 336c96000..916f8e21e 100644
--- a/server/db/sysdb.h
+++ b/server/db/sysdb.h
@@ -269,7 +269,6 @@ int sysdb_delete_group_by_gid(struct sysdb_req *sysreq,
                               sysdb_callback_t fn, void *pvt);
 
 int sysdb_set_user_attr(struct sysdb_req *sysreq,
-                        struct sysdb_ctx *ctx,
                         struct sss_domain_info *domain,
                         const char *name,
                         struct sysdb_attrs *attributes,
diff --git a/server/db/sysdb_ops.c b/server/db/sysdb_ops.c
index 041e10b7a..769d5f610 100644
--- a/server/db/sysdb_ops.c
+++ b/server/db/sysdb_ops.c
@@ -21,6 +21,7 @@
 
 #include "util/util.h"
 #include "db/sysdb_private.h"
+#include "util/nss_sha512crypt.h"
 #include <time.h>
 
 struct sysdb_cb_ctx {
@@ -456,12 +457,12 @@ int sysdb_delete_group_by_gid(struct sysdb_req *sysreq,
 }
 
 int sysdb_set_user_attr(struct sysdb_req *sysreq,
-                        struct sysdb_ctx *ctx,
                         struct sss_domain_info *domain,
                         const char *name,
                         struct sysdb_attrs *attrs,
                         sysdb_callback_t fn, void *pvt)
 {
+    struct sysdb_ctx *ctx;
     struct sysdb_cb_ctx *cbctx;
     struct ldb_message *msg;
     struct ldb_request *req;
@@ -474,6 +475,8 @@ int sysdb_set_user_attr(struct sysdb_req *sysreq,
 
     if (attrs->num == 0) return EINVAL;
 
+    ctx = sysdb_req_get_ctx(sysreq);
+
     cbctx = talloc_zero(sysreq, struct sysdb_cb_ctx);
     if (!cbctx) return ENOMEM;
 
@@ -1832,3 +1835,48 @@ int sysdb_legacy_remove_group_member(struct sysdb_req *sysreq,
     return EOK;
 }
 
+int sysdb_set_cached_password(struct sysdb_req *sysreq,
+                              struct sss_domain_info *domain,
+                              const char *user,
+                              const char *password,
+                              sysdb_callback_t fn, void *pvt)
+{
+    struct sysdb_ctx *ctx;
+    struct sysdb_attrs *attrs;
+    char *hash = NULL;
+    char *salt;
+    int ret;
+
+    ctx = sysdb_req_get_ctx(sysreq);
+    if (!ctx) return EFAULT;
+
+    ret = s3crypt_gen_salt(sysreq, &salt);
+    if (ret) {
+        DEBUG(4, ("Failed to generate random salt.\n"));
+        return ret;
+    }
+
+    ret = s3crypt_sha512(sysreq, password, salt, &hash);
+    if (ret) {
+        DEBUG(4, ("Failed to create password hash.\n"));
+        return ret;
+    }
+
+    attrs = sysdb_new_attrs(sysreq);
+    if (!attrs) {
+        return ENOMEM;
+    }
+
+    ret = sysdb_attrs_add_string(attrs, SYSDB_CACHEDPWD, hash);
+    if (ret) return ret;
+
+    /* FIXME: should we use a different attribute for chache passwords ?? */
+    ret = sysdb_attrs_add_long(attrs, "lastCachedPasswordChange",
+                               (long)time(NULL));
+    if (ret) return ret;
+
+    ret = sysdb_set_user_attr(sysreq, domain, user, attrs, fn, pvt);
+    if (ret) return ret;
+
+    return EOK;
+}
-- 
cgit