diff --git a/unix_integration/src/idprovider/interface.rs b/unix_integration/src/idprovider/interface.rs index 26a724fd0..5d79b6830 100644 --- a/unix_integration/src/idprovider/interface.rs +++ b/unix_integration/src/idprovider/interface.rs @@ -134,11 +134,12 @@ pub trait IdProvider { _machine_key: &tpm::MachineKey, ) -> Result<(AuthRequest, AuthCredHandler), IdpError>; - async fn unix_user_online_auth_step( + async fn unix_user_online_auth_step( &self, _account_id: &str, _cred_handler: &mut AuthCredHandler, _pam_next_req: PamAuthRequest, + _keystore: &mut D, _tpm: &mut tpm::BoxedDynTpm, _machine_key: &tpm::MachineKey, ) -> Result<(AuthResult, AuthCacheAction), IdpError>; diff --git a/unix_integration/src/idprovider/kanidm.rs b/unix_integration/src/idprovider/kanidm.rs index 0c4cb2a48..ac0185e2f 100644 --- a/unix_integration/src/idprovider/kanidm.rs +++ b/unix_integration/src/idprovider/kanidm.rs @@ -200,11 +200,12 @@ impl IdProvider for KanidmProvider { Ok((AuthRequest::Password, AuthCredHandler::Password)) } - async fn unix_user_online_auth_step( + async fn unix_user_online_auth_step( &self, account_id: &str, cred_handler: &mut AuthCredHandler, pam_next_req: PamAuthRequest, + _keystore: &mut D, _tpm: &mut tpm::BoxedDynTpm, _machine_key: &tpm::MachineKey, ) -> Result<(AuthResult, AuthCacheAction), IdpError> { diff --git a/unix_integration/src/resolver.rs b/unix_integration/src/resolver.rs index d14515826..8c75fcc15 100644 --- a/unix_integration/src/resolver.rs +++ b/unix_integration/src/resolver.rs @@ -944,6 +944,7 @@ where CacheState::Online, ) => { let mut hsm_lock = self.hsm.lock().await; + let mut dbtxn = self.db.write().await; let maybe_cache_action = self .client @@ -951,12 +952,14 @@ where account_id, cred_handler, pam_next_req, + &mut dbtxn, hsm_lock.deref_mut(), &self.machine_key, ) .await; drop(hsm_lock); + dbtxn.commit().map_err(|_| ())?; match maybe_cache_action { Ok((res, AuthCacheAction::None)) => Ok(res),