From c4f46b40e2f55abd9ae2296fd68daa88bd60e32f Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Mon, 27 Apr 2009 18:21:25 -0400
Subject: Use different attribute for cached passwords

This fixes a bug with legacy backends where the cached password would be cleared
on a user update.
Using a different attribute we make sure a userPassword coming from the remote
backend does not interfere with a cachedPassword (and vice versa).
---
 server/db/sysdb.h                   | 2 ++
 server/responder/pam/pamsrv_cache.c | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

(limited to 'server')

diff --git a/server/db/sysdb.h b/server/db/sysdb.h
index df49bc7bf..7bfe1fd74 100644
--- a/server/db/sysdb.h
+++ b/server/db/sysdb.h
@@ -63,6 +63,8 @@
 
 #define SYSDB_LAST_UPDATE "lastUpdate"
 
+#define SYSDB_CACHEDPWD "cachedPassword"
+
 #define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
 
 #define SYSDB_UC "objectclass="SYSDB_USER_CLASS
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
index 10f419967..154c7d1b4 100644
--- a/server/responder/pam/pamsrv_cache.c
+++ b/server/responder/pam/pamsrv_cache.c
@@ -149,7 +149,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
         goto done;
     }
 
-    ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_PWD, comphash);
+    ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash);
     if (ret) goto done;
 
     /* FIXME: should we use a different attribute for chache passwords ?? */
@@ -219,7 +219,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status,
         goto done;
     }
 
-    userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
+    userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CACHEDPWD, NULL);
     if (userhash == NULL || *userhash == '\0') {
         DEBUG(4, ("Cached credentials not available.\n"));
         ret = PAM_AUTHINFO_UNAVAIL;
@@ -253,7 +253,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
     int ret;
 
     static const char *attrs[] = {SYSDB_NAME,
-                                  SYSDB_PWD,
+                                  SYSDB_CACHEDPWD,
                                   SYSDB_DISABLED,
                                   SYSDB_LAST_LOGIN,
                                   "lastPasswordChange",
-- 
cgit