summaryrefslogtreecommitdiff
path: root/server/responder/pam
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-04-07 19:25:48 -0400
committerSimo Sorce <ssorce@redhat.com>2009-04-08 10:55:03 -0400
commit6b5d45693f01eec55128eb3508266cda73071d93 (patch)
treec51ca00f2fb243e5eaf06128e8092583fba1bd8c /server/responder/pam
parente8a7526b06acf4af322fdab593c8bafbd9f4a103 (diff)
downloadsssd-6b5d45693f01eec55128eb3508266cda73071d93.tar.gz
sssd-6b5d45693f01eec55128eb3508266cda73071d93.tar.bz2
sssd-6b5d45693f01eec55128eb3508266cda73071d93.zip
Change the way we retrieve domains
To be able to correctly filter out duplicate names when multiple non-fully qualified domains are in use we need to be able to specify the domains order. This is now accomplished by the configuration paramets 'domains' in the config/domains entry. 'domains' is a comma separated list of domain names. This paramter allows also to have disbaled domains in the configuration without requiring to completely delete them. The domains list is now kept in a linked list of sss_domain_info objects. The first domain is also the "default" domain.
Diffstat (limited to 'server/responder/pam')
-rw-r--r--server/responder/pam/pam_LOCAL_domain.c5
-rw-r--r--server/responder/pam/pam_LOCAL_domain.h2
-rw-r--r--server/responder/pam/pamsrv_cmd.c29
3 files changed, 16 insertions, 20 deletions
diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c
index 49a06ff3..28a95db8 100644
--- a/server/responder/pam/pam_LOCAL_domain.c
+++ b/server/responder/pam/pam_LOCAL_domain.c
@@ -347,7 +347,7 @@ done:
}
int LOCAL_pam_handler(struct cli_ctx *cctx, pam_dp_callback_t callback,
- struct pam_data *pd)
+ struct sss_domain_info *dom, struct pam_data *pd)
{
int ret;
struct LOCAL_request *lreq=NULL;
@@ -377,8 +377,7 @@ int LOCAL_pam_handler(struct cli_ctx *cctx, pam_dp_callback_t callback,
DEBUG(4, ("LOCAL pam handler.\n"));
- lreq->domain_info = btreemap_get_value(lreq->cctx->rctx->domain_map,
- lreq->pd->domain);
+ lreq->domain_info = dom;
NULL_CHECK_OR_JUMP(lreq->domain_info, ("Domain info not found.\n"),
ret, EINVAL, done);
diff --git a/server/responder/pam/pam_LOCAL_domain.h b/server/responder/pam/pam_LOCAL_domain.h
index 6cac6075..bc2064db 100644
--- a/server/responder/pam/pam_LOCAL_domain.h
+++ b/server/responder/pam/pam_LOCAL_domain.h
@@ -4,6 +4,6 @@
#include "responder/pam/pamsrv.h"
int LOCAL_pam_handler(struct cli_ctx *cctx, pam_dp_callback_t callback,
- struct pam_data *pd);
+ struct sss_domain_info *dom, struct pam_data *pd);
#endif /* __PAM_LOCAL_DOMAIN_H__ */
diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c
index 22a2b85d..db5f064f 100644
--- a/server/responder/pam/pamsrv_cmd.c
+++ b/server/responder/pam/pamsrv_cmd.c
@@ -197,7 +197,7 @@ done:
static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
{
- struct sss_domain_info *info;
+ struct sss_domain_info *dom;
uint8_t *body;
size_t blen;
int ret;
@@ -224,30 +224,27 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
pd->response_delay = 0;
pd->resp_list = NULL;
- if (pd->domain == NULL) {
- if (cctx->rctx->default_domain != NULL) {
- pd->domain = cctx->rctx->default_domain;
- } else {
- pd->domain = talloc_strdup(pd, "LOCAL");
- }
- DEBUG(4, ("Using default domain [%s].\n", pd->domain));
- }
if (pd->domain) {
- /* Check for registered domain */
- info = btreemap_get_value(cctx->rctx->domain_map,
- (void *)(pd->domain));
- if (!info) {
+ for (dom = cctx->rctx->domains; dom; dom = dom->next) {
+ if (strcasecmp(dom->name, pd->domain) == 0) break;
+ }
+ if (!dom) {
talloc_free(pd);
return EINVAL;
}
}
+ else {
+ DEBUG(4, ("Domain not provided, using default.\n"));
+ dom = cctx->rctx->domains;
+ pd->domain = dom->name;
+ }
- if (!info->provider) {
- return LOCAL_pam_handler(cctx, pam_reply, pd);
+ if (!dom->provider) {
+ return LOCAL_pam_handler(cctx, pam_reply, dom, pd);
};
- ret=pam_dp_send_req(cctx, pam_reply, PAM_DP_TIMEOUT, pd);
+ ret = pam_dp_send_req(cctx, pam_reply, PAM_DP_TIMEOUT, pd);
DEBUG(4, ("pam_dp_send_req returned %d\n", ret));
return ret;