On (05/06/15 19:01), Pavel Reichl wrote:
On 05/20/2015 05:16 PM, Pavel Reichl wrote:
>Hello,
>
>please see first version of these patches. I'm currently working on unit
>test for the second patch which will be part of the second revision of the
>patch set.
>
>Thanks!
>
>
>_______________________________________________
>sssd-devel mailing list
>sssd-devel(a)lists.fedorahosted.org
>https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Jakub asked me off list to move resetting of
SYSDB_LAST_ONLINE_AUTH_WITH_CURRENT_TOKEN attribute from ldap code to pam
code. Please see updated patch set.
Thanks!
From d106a73df3508db94ed8936fab2864e18d838b49 Mon Sep 17 00:00:00
2001
From: Pavel Reichl <preichl(a)redhat.com>
Date: Mon, 18 May 2015 09:59:38 -0400
Subject: [PATCH 1/2] sysdb: new attribute lastOnlineAuthWithCurrentToken
Introduce new user attribute lastOnlineAuthWithCurrentToken. This attribute
behaves similarly to lastOnlineAuth but is set to NULL after password is
changed.
This attribute is needed for use-case when cached authentication is used, to
request online authentication after password is locally changed.
Resolves:
https://fedorahosted.org/sssd/ticket/1807
---
src/db/sysdb.h | 14 +++++++
src/db/sysdb_ops.c | 95 ++++++++++++++++++++++++++++++++++++++++++
src/responder/pam/pamsrv_cmd.c | 18 ++++++++
src/tests/sysdb-tests.c | 76 +++++++++++++++++++++++++++++++++
4 files changed, 203 insertions(+)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index c3d2c1406321e01b325e04e0e3f263893eb91b2e..3934e6e11afb63b1f51ed81f18452d1bd79190ed
100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -87,6 +87,7 @@
#define SYSDB_LAST_ONLINE_AUTH "lastOnlineAuth"
#define SYSDB_LAST_FAILED_LOGIN "lastFailedLogin"
#define SYSDB_FAILED_LOGIN_ATTEMPTS "failedLoginAttempts"
+#define SYSDB_LAST_ONLINE_AUTH_WITH_CURR_TOKEN
"lastOnlineAuthWithCurrentToken"
#define SYSDB_LAST_UPDATE "lastUpdate"
#define SYSDB_CACHE_EXPIRE "dataExpireTimestamp"
@@ -897,6 +898,19 @@ int sysdb_cache_password_ex(struct sss_domain_info *domain,
enum sss_authtok_type authtok_type,
size_t second_factor_size);
+errno_t
+sysdb_set_last_online_auth_with_curr_token(struct sss_domain_info *domain,
+ const char *username,
+ uint64_t value);
+errno_t
+sysdb_null_last_online_auth_with_curr_token(struct sss_domain_info *domain,
+ const char *username);
+
+errno_t
+sysdb_get_last_online_auth_with_curr_token(struct sss_domain_info *domain,
+ const char *name,
+ uint64_t *_value);
+
Should we also create following sydb functions?
sysdb_set_last_online_auth
sysdb_null_last_online_auth
sysdb_get_last_online_auth
sysdb_set_last_failed_login
sysdb_null_last_failed_login
sysdb_get_last_failed_login
sysdb_set_data_expire_timestamp
sysdb_null_data_expire_timestamp
sysdb_get_data_expire_timestamp
sysdb_set_initgroups_expire_timestamp
sysdb_null_initgroups_expire_timestamp
sysdb_get_initgroups_expire_timestamp
...
LS