rpms/sssd/F-11 0001-Use-different-attribute-for-cached-passwords-change.patch, NONE, 1.1 0001-Use-different-attribute-for-cached-passwords.patch, NONE, 1.1 sssd.spec, 1.13, 1.14
Simo Sorce
simo at fedoraproject.org
Tue Apr 28 17:38:15 UTC 2009
- Previous message (by thread): rpms/R-multtest/devel .cvsignore, 1.4, 1.5 R-multtest.spec, 1.7, 1.8 sources, 1.4, 1.5
- Next message (by thread): rpms/gdm/F-11 gdm-2.26.1-multistack.patch, 1.2, 1.3 gdm.spec, 1.466, 1.467
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: simo
Update of /cvs/pkgs/rpms/sssd/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5882
Modified Files:
sssd.spec
Added Files:
0001-Use-different-attribute-for-cached-passwords-change.patch
0001-Use-different-attribute-for-cached-passwords.patch
Log Message:
* Tue Apr 28 2009 Simo Sorce <ssorce at redhat.com> - 0.3.3-1
- Add patches to fix password caching
0001-Use-different-attribute-for-cached-passwords-change.patch:
--- NEW FILE 0001-Use-different-attribute-for-cached-passwords-change.patch ---
>From 11d01e05e08a9acf11af9aea96910b4795627082 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Tue, 28 Apr 2009 10:20:55 +0200
Subject: [PATCH] Use different attribute for cached passwords change time
---
server/responder/pam/pamsrv_cache.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
index 5e492a5..302f70c 100644
--- a/server/responder/pam/pamsrv_cache.c
+++ b/server/responder/pam/pamsrv_cache.c
@@ -153,7 +153,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
if (ret) goto done;
/* FIXME: should we use a different attribute for chache passwords ?? */
- ret = sysdb_attrs_add_long(ctx->attrs, "lastPasswordChange",
+ ret = sysdb_attrs_add_long(ctx->attrs, "lastCachedPasswordChange",
(long)time(NULL));
if (ret) goto done;
@@ -256,7 +256,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
SYSDB_CACHEDPWD,
SYSDB_DISABLED,
SYSDB_LAST_LOGIN,
- "lastPasswordChange",
+ "lastCachedPasswordChange",
"accountExpires",
"failedLoginAttempts",
"lastFailedLogin",
--
1.6.0.6
0001-Use-different-attribute-for-cached-passwords.patch:
--- NEW FILE 0001-Use-different-attribute-for-cached-passwords.patch ---
>From c4f46b40e2f55abd9ae2296fd68daa88bd60e32f Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce at redhat.com>
Date: Mon, 27 Apr 2009 18:21:25 -0400
Subject: [PATCH] Use different attribute for cached passwords
This fixes a bug with legacy backends where the cached password would be cleared
on a user update.
Using a different attribute we make sure a userPassword coming from the remote
backend does not interfere with a cachedPassword (and vice versa).
---
server/db/sysdb.h | 2 ++
server/responder/pam/pamsrv_cache.c | 6 +++---
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/server/db/sysdb.h b/server/db/sysdb.h
index df49bc7..7bfe1fd 100644
--- a/server/db/sysdb.h
+++ b/server/db/sysdb.h
@@ -63,6 +63,8 @@
#define SYSDB_LAST_UPDATE "lastUpdate"
+#define SYSDB_CACHEDPWD "cachedPassword"
+
#define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
#define SYSDB_UC "objectclass="SYSDB_USER_CLASS
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
index 10f4199..154c7d1 100644
--- a/server/responder/pam/pamsrv_cache.c
+++ b/server/responder/pam/pamsrv_cache.c
@@ -149,7 +149,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
goto done;
}
- ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_PWD, comphash);
+ ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash);
if (ret) goto done;
/* FIXME: should we use a different attribute for chache passwords ?? */
@@ -219,7 +219,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status,
goto done;
}
- userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
+ userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CACHEDPWD, NULL);
if (userhash == NULL || *userhash == '\0') {
DEBUG(4, ("Cached credentials not available.\n"));
ret = PAM_AUTHINFO_UNAVAIL;
@@ -253,7 +253,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
int ret;
static const char *attrs[] = {SYSDB_NAME,
- SYSDB_PWD,
+ SYSDB_CACHEDPWD,
SYSDB_DISABLED,
SYSDB_LAST_LOGIN,
"lastPasswordChange",
--
1.6.0.6
Index: sssd.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sssd/F-11/sssd.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -p -r1.13 -r1.14
--- sssd.spec 27 Apr 2009 21:39:33 -0000 1.13
+++ sssd.spec 28 Apr 2009 17:37:45 -0000 1.14
@@ -1,6 +1,6 @@
Name: sssd
Version: 0.3.3
-Release: 0%{?dist}
+Release: 1%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
@@ -13,6 +13,8 @@ Source1: sssd.conf.default
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
### Patches ###
+Patch1: 0001-Use-different-attribute-for-cached-passwords.patch
+Patch2: 0001-Use-different-attribute-for-cached-passwords-change.patch
### Dependencies ###
@@ -51,6 +53,8 @@ services for projects like FreeIPA.
%prep
%setup -q
+%patch1 -p 1 -b .pwd-attr
+%patch2 -p 1 -b .pwd-cache-attr
%build
@@ -139,6 +143,9 @@ if [ $1 -ge 1 ] ; then
fi
%changelog
+* Tue Apr 28 2009 Simo Sorce <ssorce at redhat.com> - 0.3.3-1
+- Add patches to fix password caching
+
* Mon Apr 27 2009 Simo Sorce <ssorce at redhat.com> - 0.3.3-0
- Version 0.3.3
- Previous message (by thread): rpms/R-multtest/devel .cvsignore, 1.4, 1.5 R-multtest.spec, 1.7, 1.8 sources, 1.4, 1.5
- Next message (by thread): rpms/gdm/F-11 gdm-2.26.1-multistack.patch, 1.2, 1.3 gdm.spec, 1.466, 1.467
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list