Do not allow setting auth, access or chpass providers for LOCAL

The LOCAL provider does not have a mechanism to load alternate auth, access or chpass backends, nor does it make sense to do so. This will throw a configuration error if these values are specified (unless they are explicitly also set to 'local')
author: Stephen Gallagher <sgallagh@redhat.com> 2009-10-16 14:17:23 -0400
committer: Stephen Gallagher <sgallagh@redhat.com> 2009-10-16 14:41:36 -0400
commit: 6d214009697fc861c24ae8abbf8b036c70e195df (patch)
tree: b5a726f2982871aa8a16b44b64e47605a2d5b1ed /server
parent: 01bf2fcf57944104f9a774c8716950f397d666ce (diff)
download: sssd-6d214009697fc861c24ae8abbf8b036c70e195df.tar.gz
sssd-6d214009697fc861c24ae8abbf8b036c70e195df.tar.bz2
sssd-6d214009697fc861c24ae8abbf8b036c70e195df.zip
1 files changed, 33 insertions, 0 deletions
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index 88bdd65e..07d776c8 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -810,6 +810,39 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
         goto done;
     }
 
+    if (strcasecmp(domain->provider, "local") == 0) {
+        /* If this is the local provider, we need to ensure that
+         * no other provider was specified for other types, since
+         * the local provider cannot load them.
+         */
+        tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+                                          CONFDB_DOMAIN_AUTH_PROVIDER,
+                                          NULL);
+        if (tmp && strcasecmp(tmp, "local") != 0) {
+            DEBUG(0, ("Local ID provider does not support [%s] as an AUTH provider.\n", tmp));
+            ret = EINVAL;
+            goto done;
+        }
+
+        tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+                                          CONFDB_DOMAIN_ACCESS_PROVIDER,
+                                          NULL);
+        if (tmp && strcasecmp(tmp, "local") != 0) {
+            DEBUG(0, ("Local ID provider does not support [%s] as an ACCESS provider.\n", tmp));
+            ret = EINVAL;
+            goto done;
+        }
+
+        tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+                                          CONFDB_DOMAIN_CHPASS_PROVIDER,
+                                          NULL);
+        if (tmp && strcasecmp(tmp, "local") != 0) {
+            DEBUG(0, ("Local ID provider does not support [%s] as a CHPASS provider.\n", tmp));
+            ret = EINVAL;
+            goto done;
+        }
+    }
+
     domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0],
                                                CONFDB_DOMAIN_TIMEOUT, 0);
author	Stephen Gallagher <sgallagh@redhat.com>	2009-10-16 14:17:23 -0400
committer	Stephen Gallagher <sgallagh@redhat.com>	2009-10-16 14:41:36 -0400
commit	6d214009697fc861c24ae8abbf8b036c70e195df (patch)
tree	b5a726f2982871aa8a16b44b64e47605a2d5b1ed /server
parent	01bf2fcf57944104f9a774c8716950f397d666ce (diff)
download	sssd-6d214009697fc861c24ae8abbf8b036c70e195df.tar.gz sssd-6d214009697fc861c24ae8abbf8b036c70e195df.tar.bz2 sssd-6d214009697fc861c24ae8abbf8b036c70e195df.zip