summaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-01-10 16:36:22 -0500
committerJakub Hrozek <jhrozek@redhat.com>2013-01-21 22:17:34 +0100
commit249a28dbf31e11794c7f35d709c5561c1555898d (patch)
treeb3245fd366d70f9e4d5d45cc7643f2d078ce8423 /src/providers
parent225d845476b6136be9b77f528ed986bba7a7f732 (diff)
downloadsssd-249a28dbf31e11794c7f35d709c5561c1555898d.tar.gz
sssd-249a28dbf31e11794c7f35d709c5561c1555898d.tar.bz2
sssd-249a28dbf31e11794c7f35d709c5561c1555898d.zip
Pass domain not be_req to access check functions
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ad/ad_access.c11
-rw-r--r--src/providers/ipa/ipa_access.c2
-rw-r--r--src/providers/ldap/ldap_access.c3
-rw-r--r--src/providers/ldap/sdap_access.c36
-rw-r--r--src/providers/ldap/sdap_access.h3
5 files changed, 33 insertions, 22 deletions
diff --git a/src/providers/ad/ad_access.c b/src/providers/ad/ad_access.c
index 16b2423f..ec086d4e 100644
--- a/src/providers/ad/ad_access.c
+++ b/src/providers/ad/ad_access.c
@@ -39,22 +39,25 @@ ad_access_handler(struct be_req *breq)
struct ad_access_ctx);
struct pam_data *pd = talloc_get_type(breq->req_data, struct pam_data);
+ struct sss_domain_info *domain;
/* Handle subdomains */
if (strcasecmp(pd->domain, breq->be_ctx->domain->name) != 0) {
- breq->domain = new_subdomain(breq, breq->be_ctx->domain, pd->domain,
- NULL, NULL);
- if (breq->domain == NULL) {
+ domain = new_subdomain(breq, breq->be_ctx->domain,
+ pd->domain, NULL, NULL);
+ if (domain == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("new_subdomain failed.\n"));
breq->fn(breq, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL);
return;
}
+ } else {
+ domain = breq->be_ctx->domain;
}
/* Verify that the account is not locked */
req = sdap_access_send(breq,
breq->be_ctx->ev,
- breq,
+ breq->be_ctx, domain,
access_ctx->sdap_access_ctx,
pd);
if (!req) {
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 0d0b600c..c2c9bb58 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -92,7 +92,7 @@ void ipa_access_handler(struct be_req *be_req)
*/
req = sdap_access_send(be_req,
be_req->be_ctx->ev,
- be_req,
+ be_req->be_ctx, be_req->be_ctx->domain,
ipa_access_ctx->sdap_access_ctx,
pd);
if (!req) {
diff --git a/src/providers/ldap/ldap_access.c b/src/providers/ldap/ldap_access.c
index 18661335..83f27736 100644
--- a/src/providers/ldap/ldap_access.c
+++ b/src/providers/ldap/ldap_access.c
@@ -56,7 +56,8 @@ void sdap_pam_access_handler(struct be_req *breq)
req = sdap_access_send(breq,
breq->be_ctx->ev,
- breq,
+ breq->be_ctx,
+ breq->be_ctx->domain,
access_ctx,
pd);
if (req == NULL) {
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index 18d38ebb..ee20a84a 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -42,7 +42,8 @@
static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- struct be_req *be_req,
+ struct be_ctx *be_ctx,
+ struct sss_domain_info *domain,
struct sdap_access_ctx *access_ctx,
const char *username,
struct ldb_message *user_entry);
@@ -78,7 +79,8 @@ struct sdap_access_req_ctx {
struct pam_data *pd;
struct tevent_context *ev;
struct sdap_access_ctx *access_ctx;
- struct be_req *be_req;
+ struct be_ctx *be_ctx;
+ struct sss_domain_info *domain;
int pam_status;
struct ldb_message *user_entry;
size_t current_rule;
@@ -88,7 +90,8 @@ static errno_t select_next_rule(struct tevent_req *req);
struct tevent_req *
sdap_access_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- struct be_req *be_req,
+ struct be_ctx *be_ctx,
+ struct sss_domain_info *domain,
struct sdap_access_ctx *access_ctx,
struct pam_data *pd)
{
@@ -105,7 +108,8 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
return NULL;
}
- state->be_req = be_req;
+ state->be_ctx = be_ctx;
+ state->domain = domain;
state->pd = pd;
state->pam_status = PAM_SYSTEM_ERR;
state->ev = ev;
@@ -122,8 +126,8 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
}
/* Get original user DN, take care of subdomain users as well */
- if (strcasecmp(pd->domain, be_req->be_ctx->domain->name) != 0) {
- user_dom = new_subdomain(state, be_req->be_ctx->domain, pd->domain,
+ if (strcasecmp(pd->domain, be_ctx->domain->name) != 0) {
+ user_dom = new_subdomain(state, be_ctx->domain, pd->domain,
NULL, NULL);
if (user_dom == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("new_subdomain failed.\n"));
@@ -133,7 +137,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
ret = sysdb_get_user_attr(state, user_dom->sysdb, user_dom,
pd->user, attrs, &res);
} else {
- ret = sysdb_get_user_attr(state, be_req->domain->sysdb, be_req->domain,
+ ret = sysdb_get_user_attr(state, domain->sysdb, domain,
pd->user, attrs, &res);
}
if (ret != EOK) {
@@ -197,7 +201,8 @@ static errno_t select_next_rule(struct tevent_req *req)
break;
case LDAP_ACCESS_FILTER:
- subreq = sdap_access_filter_send(state, state->ev, state->be_req,
+ subreq = sdap_access_filter_send(state, state->ev, state->be_ctx,
+ state->domain,
state->access_ctx,
state->pd->user,
state->user_entry);
@@ -724,7 +729,7 @@ struct sdap_access_filter_req_ctx {
struct sdap_id_ctx *sdap_ctx;
struct sdap_id_op *sdap_op;
struct sysdb_handle *handle;
- struct be_req *be_req;
+ struct sss_domain_info *domain;
int pam_status;
bool cached_access;
char *basedn;
@@ -736,7 +741,8 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq);
static void sdap_access_filter_get_access_done(struct tevent_req *req);
static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- struct be_req *be_req,
+ struct be_ctx *be_ctx,
+ struct sss_domain_info *domain,
struct sdap_access_ctx *access_ctx,
const char *username,
struct ldb_message *user_entry)
@@ -757,17 +763,17 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
DEBUG(6, ("No filter set. Access is denied.\n"));
state->pam_status = PAM_PERM_DENIED;
tevent_req_done(req);
- tevent_req_post(req, be_req->be_ctx->ev);
+ tevent_req_post(req, ev);
return req;
}
state->filter = NULL;
- state->be_req = be_req;
state->username = username;
state->pam_status = PAM_SYSTEM_ERR;
state->sdap_ctx = access_ctx->id_ctx;
state->ev = ev;
state->access_ctx = access_ctx;
+ state->domain = domain;
DEBUG(6, ("Performing access filter check for user [%s]\n", username));
@@ -775,7 +781,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
SYSDB_LDAP_ACCESS_FILTER,
false);
/* Ok, we have one result, check if we are online or offline */
- if (be_is_offline(state->be_req->be_ctx)) {
+ if (be_is_offline(be_ctx)) {
/* Ok, we're offline. Return from the cache */
sdap_access_filter_decide_offline(req);
goto finished;
@@ -1018,8 +1024,8 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
goto done;
}
- ret = sysdb_set_user_attr(state->be_req->domain->sysdb,
- state->be_req->domain,
+ ret = sysdb_set_user_attr(state->domain->sysdb,
+ state->domain,
state->username,
attrs, SYSDB_MOD_REP);
if (ret != EOK) {
diff --git a/src/providers/ldap/sdap_access.h b/src/providers/ldap/sdap_access.h
index 08c6efe2..4f5f7201 100644
--- a/src/providers/ldap/sdap_access.h
+++ b/src/providers/ldap/sdap_access.h
@@ -59,7 +59,8 @@ struct sdap_access_ctx {
struct tevent_req *
sdap_access_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- struct be_req *be_req,
+ struct be_ctx *be_ctx,
+ struct sss_domain_info *domain,
struct sdap_access_ctx *access_ctx,
struct pam_data *pd);
errno_t