diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-03-24 15:35:01 +0100 |
|---|---|---|
| committer | Sumit Bose <sbose@redhat.com> | 2015-05-08 09:14:15 +0200 |
| commit | 55b7fdd837a780ab0f71cbfaa2403f4626993922 (patch) | |
| tree | 292be2e43b783569cbe956b6bc564111473d0035 /src/db | |
| parent | 932c3e22e3c59a9c33f30dcc09e6bef257e14320 (diff) | |
| download | sssd-55b7fdd837a780ab0f71cbfaa2403f4626993922.tar.gz sssd-55b7fdd837a780ab0f71cbfaa2403f4626993922.tar.xz sssd-55b7fdd837a780ab0f71cbfaa2403f4626993922.zip | |
sysdb: add sysdb_cache_password_ex()
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/db')
| -rw-r--r-- | src/db/sysdb.h | 9 | ||||
| -rw-r--r-- | src/db/sysdb_ops.c | 25 |
2 files changed, 31 insertions, 3 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 2a3a2df98..c3d2c1406 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -24,6 +24,7 @@ #include "util/util.h" #include "confdb/confdb.h" +#include "sss_client/sss_cli.h" #include <tevent.h> #define CACHE_SYSDB_FILE "cache_%s.ldb" @@ -105,6 +106,8 @@ #define SYSDB_SERVERHOSTNAME "serverHostname" #define SYSDB_CACHEDPWD "cachedPassword" +#define SYSDB_CACHEDPWD_TYPE "cachedPasswordType" +#define SYSDB_CACHEDPWD_FA2_LEN "cachedPasswordSecondFactorLen" #define SYSDB_UUID "uniqueID" #define SYSDB_SID "objectSID" @@ -888,6 +891,12 @@ int sysdb_cache_password(struct sss_domain_info *domain, const char *username, const char *password); +int sysdb_cache_password_ex(struct sss_domain_info *domain, + const char *username, + const char *password, + enum sss_authtok_type authtok_type, + size_t second_factor_size); + errno_t check_failed_login_attempts(struct confdb_ctx *cdb, struct ldb_message *ldb_msg, uint32_t *failed_login_attempts, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 54cd714a4..f7ed4df72 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2223,9 +2223,11 @@ int sysdb_remove_group_member(struct sss_domain_info *domain, /* =Password-Caching====================================================== */ -int sysdb_cache_password(struct sss_domain_info *domain, - const char *username, - const char *password) +int sysdb_cache_password_ex(struct sss_domain_info *domain, + const char *username, + const char *password, + enum sss_authtok_type authtok_type, + size_t second_factor_len) { TALLOC_CTX *tmp_ctx; struct sysdb_attrs *attrs; @@ -2258,6 +2260,15 @@ int sysdb_cache_password(struct sss_domain_info *domain, ret = sysdb_attrs_add_string(attrs, SYSDB_CACHEDPWD, hash); if (ret) goto fail; + ret = sysdb_attrs_add_long(attrs, SYSDB_CACHEDPWD_TYPE, authtok_type); + if (ret) goto fail; + + if (authtok_type == SSS_AUTHTOK_TYPE_2FA && second_factor_len > 0) { + ret = sysdb_attrs_add_long(attrs, SYSDB_CACHEDPWD_FA2_LEN, + second_factor_len); + if (ret) goto fail; + } + /* FIXME: should we use a different attribute for chache passwords ?? */ ret = sysdb_attrs_add_long(attrs, "lastCachedPasswordChange", (long)time(NULL)); @@ -2282,6 +2293,14 @@ fail: return ret; } +int sysdb_cache_password(struct sss_domain_info *domain, + const char *username, + const char *password) +{ + return sysdb_cache_password_ex(domain, username, password, + SSS_AUTHTOK_TYPE_PASSWORD, 0); +} + /* =Custom Search================== */ int sysdb_search_custom(TALLOC_CTX *mem_ctx, |