summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-12-20 12:51:32 -0500
committerStephen Gallagher <sgallagh@redhat.com>2010-12-21 17:05:51 -0500
commit6ff6ccd3eec35217708870b0fe7a6362e97de95f (patch)
treecd352f9acc7d78719f64da75ce5eeac0fa37c22a /src/providers/ldap
parent3182049e4af4b79dd231fad83ed041915daa7e31 (diff)
downloadsssd-6ff6ccd3eec35217708870b0fe7a6362e97de95f.tar.gz
sssd-6ff6ccd3eec35217708870b0fe7a6362e97de95f.tar.bz2
sssd-6ff6ccd3eec35217708870b0fe7a6362e97de95f.zip
Pass all PAM data to the LDAP access provider
Previously we were only passing the username.
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/sdap_access.c21
1 files changed, 12 insertions, 9 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index 4ebd7276..fa3f522a 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -56,7 +56,7 @@ static struct tevent_req *sdap_access_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct be_ctx *be_ctx,
struct sdap_access_ctx *access_ctx,
- const char *username);
+ struct pam_data *pd);
static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -91,7 +91,7 @@ void sdap_pam_access_handler(struct be_req *breq)
breq->be_ctx->ev,
breq->be_ctx,
access_ctx,
- pd->user);
+ pd);
if (req == NULL) {
DEBUG(1, ("Unable to start sdap_access request\n"));
sdap_access_reply(breq, PAM_SYSTEM_ERR);
@@ -102,7 +102,7 @@ void sdap_pam_access_handler(struct be_req *breq)
}
struct sdap_access_req_ctx {
- const char *username;
+ struct pam_data *pd;
struct tevent_context *ev;
struct sdap_access_ctx *access_ctx;
struct be_ctx *be_ctx;
@@ -116,7 +116,7 @@ static struct tevent_req *sdap_access_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct be_ctx *be_ctx,
struct sdap_access_ctx *access_ctx,
- const char *username)
+ struct pam_data *pd)
{
errno_t ret;
struct sdap_access_req_ctx *state;
@@ -131,13 +131,13 @@ static struct tevent_req *sdap_access_send(TALLOC_CTX *mem_ctx,
}
state->be_ctx = be_ctx;
- state->username = username;
+ state->pd = pd;
state->pam_status = PAM_SYSTEM_ERR;
state->ev = ev;
state->access_ctx = access_ctx;
state->current_rule = 0;
- DEBUG(6, ("Performing access check for user [%s]\n", username));
+ DEBUG(6, ("Performing access check for user [%s]\n", pd->user));
if (access_ctx->access_rule[0] == LDAP_ACCESS_EMPTY) {
DEBUG(3, ("No access rules defined, access denied.\n"));
@@ -148,7 +148,7 @@ static struct tevent_req *sdap_access_send(TALLOC_CTX *mem_ctx,
/* Get original user DN */
ret = sysdb_get_user_attr(state, be_ctx->sysdb, be_ctx->domain,
- username, attrs,
+ pd->user, attrs,
&res);
if (ret != EOK) {
if (ret == ENOENT) {
@@ -209,9 +209,11 @@ static errno_t select_next_rule(struct tevent_req *req)
case LDAP_ACCESS_EMPTY:
return ENOENT;
break;
+
case LDAP_ACCESS_FILTER:
subreq = sdap_access_filter_send(state, state->ev, state->be_ctx,
- state->access_ctx, state->username,
+ state->access_ctx,
+ state->pd->user,
state->user_entry);
if (subreq == NULL) {
DEBUG(1, ("sdap_access_filter_send failed.\n"));
@@ -220,10 +222,11 @@ static errno_t select_next_rule(struct tevent_req *req)
tevent_req_set_callback(subreq, sdap_access_filter_done, req);
return EOK;
+
case LDAP_ACCESS_EXPIRE:
subreq = sdap_account_expired_send(state, state->ev, state->be_ctx,
state->access_ctx,
- state->username,
+ state->pd->user,
state->user_entry);
if (subreq == NULL) {
DEBUG(1, ("sdap_account_expired_send failed.\n"));