summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/data_provider_be.c1
-rw-r--r--src/providers/dp_backend.h2
-rw-r--r--src/providers/ipa/ipa_access.c4
-rw-r--r--src/providers/ipa/ipa_hbac_common.c10
-rw-r--r--src/providers/ipa/ipa_selinux.c68
-rw-r--r--src/providers/ipa/ipa_subdomains.c23
-rw-r--r--src/providers/ldap/ldap_auth.c2
7 files changed, 46 insertions, 64 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 00033a6a..133959a1 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -1040,7 +1040,6 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
be_req->be_ctx = becli->bectx;
be_req->fn = be_pam_handler_callback;
be_req->pvt = reply;
- be_req->domain = be_req->be_ctx->domain;
dbus_error_init(&dbus_error);
diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h
index e20f2b0b..f0c52832 100644
--- a/src/providers/dp_backend.h
+++ b/src/providers/dp_backend.h
@@ -147,8 +147,6 @@ struct be_req {
* selinux provider is calling the callback.
*/
int phase;
-
- struct sss_domain_info *domain;
};
struct be_acct_req {
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index c2c9bb58..927a9cbc 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -468,7 +468,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
bool in_transaction = false;
struct hbac_ctx *hbac_ctx =
tevent_req_callback_data(req, struct hbac_ctx);
- struct sss_domain_info *domain = hbac_ctx->be_req->domain;
+ struct sss_domain_info *domain = hbac_ctx->be_req->be_ctx->domain;
struct ldb_dn *base_dn;
struct ipa_access_ctx *access_ctx =
talloc_get_type(hbac_ctx->be_req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
@@ -601,7 +601,7 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx)
struct hbac_info *info;
/* Get HBAC rules from the sysdb */
- ret = hbac_get_cached_rules(hbac_ctx, hbac_ctx->be_req->domain,
+ ret = hbac_get_cached_rules(hbac_ctx, hbac_ctx->be_req->be_ctx->domain,
&hbac_ctx->rule_count, &hbac_ctx->rules);
if (ret != EOK) {
DEBUG(1, ("Could not retrieve rules from the cache\n"));
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c
index ced9fb45..17499d31 100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -307,7 +307,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Get the users */
ret = hbac_user_attrs_to_rule(new_rule,
- hbac_ctx->be_req->domain,
+ hbac_ctx->be_req->be_ctx->domain,
new_rule->name,
hbac_ctx->rules[idx],
&new_rule->users);
@@ -319,7 +319,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Get the services */
ret = hbac_service_attrs_to_rule(new_rule,
- hbac_ctx->be_req->domain,
+ hbac_ctx->be_req->be_ctx->domain,
new_rule->name,
hbac_ctx->rules[idx],
&new_rule->services);
@@ -331,7 +331,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Get the target hosts */
ret = hbac_thost_attrs_to_rule(new_rule,
- hbac_ctx->be_req->domain,
+ hbac_ctx->be_req->be_ctx->domain,
new_rule->name,
hbac_ctx->rules[idx],
&new_rule->targethosts);
@@ -344,7 +344,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Get the source hosts */
ret = hbac_shost_attrs_to_rule(new_rule,
- hbac_ctx->be_req->domain,
+ hbac_ctx->be_req->be_ctx->domain,
new_rule->name,
hbac_ctx->rules[idx],
dp_opt_get_bool(hbac_ctx->ipa_options,
@@ -431,7 +431,7 @@ hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx,
struct pam_data *pd = hbac_ctx->pd;
TALLOC_CTX *tmp_ctx;
struct hbac_eval_req *eval_req;
- struct sss_domain_info *domain = hbac_ctx->be_req->domain;
+ struct sss_domain_info *domain = hbac_ctx->be_req->be_ctx->domain;
const char *rhost;
const char *thost;
struct sss_domain_info *user_dom;
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index df0efda1..e130c4c8 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -38,7 +38,8 @@
#include "providers/ipa/ipa_selinux_maps.h"
static struct tevent_req *
-ipa_get_selinux_send(struct be_req *breq,
+ipa_get_selinux_send(TALLOC_CTX *mem_ctx,
+ struct be_ctx *be_ctx,
struct sysdb_attrs *user,
struct sysdb_attrs *host,
struct ipa_selinux_ctx *selinux_ctx);
@@ -73,6 +74,7 @@ static errno_t ipa_selinux_process_maps(struct sysdb_attrs *user,
struct ipa_selinux_op_ctx {
struct be_req *be_req;
+ struct sss_domain_info *domain;
struct sysdb_attrs *user;
struct sysdb_attrs *host;
@@ -99,14 +101,16 @@ void ipa_selinux_handler(struct be_req *be_req)
goto fail;
}
- op_ctx = ipa_selinux_create_op_ctx(be_req, be_req->domain->sysdb, be_req->domain,
+ op_ctx = ipa_selinux_create_op_ctx(be_req, be_req->be_ctx->domain->sysdb,
+ be_req->be_ctx->domain,
be_req, pd->user, hostname);
if (op_ctx == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("Cannot create op context\n"));
goto fail;
}
- req = ipa_get_selinux_send(be_req, op_ctx->user, op_ctx->host, selinux_ctx);
+ req = ipa_get_selinux_send(be_req, be_req->be_ctx,
+ op_ctx->user, op_ctx->host, selinux_ctx);
if (req == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("Cannot initiate the search\n"));
goto fail;
@@ -140,6 +144,7 @@ ipa_selinux_create_op_ctx(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
return NULL;
}
op_ctx->be_req = be_req;
+ op_ctx->domain = domain;
ret = sss_selinux_extract_user(op_ctx, sysdb, domain, username, &op_ctx->user);
if (ret != EOK) {
@@ -183,7 +188,7 @@ static void ipa_selinux_handler_done(struct tevent_req *req)
{
struct ipa_selinux_op_ctx *op_ctx = tevent_req_callback_data(req, struct ipa_selinux_op_ctx);
struct be_req *breq = op_ctx->be_req;
- struct sysdb_ctx *sysdb = breq->be_ctx->domain->sysdb;
+ struct sysdb_ctx *sysdb = op_ctx->domain->sysdb;
errno_t ret, sret;
size_t map_count = 0;
struct sysdb_attrs **maps = NULL;
@@ -215,21 +220,21 @@ static void ipa_selinux_handler_done(struct tevent_req *req)
}
in_transaction = true;
- ret = sysdb_delete_usermaps(breq->domain->sysdb, breq->domain);
+ ret = sysdb_delete_usermaps(op_ctx->domain->sysdb, op_ctx->domain);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Cannot delete existing maps from sysdb\n"));
goto fail;
}
- ret = sysdb_store_selinux_config(sysdb, breq->be_ctx->domain,
+ ret = sysdb_store_selinux_config(sysdb, op_ctx->domain,
default_user, map_order);
if (ret != EOK) {
goto fail;
}
if (map_count > 0 && maps != NULL) {
- ret = ipa_save_user_maps(sysdb, breq->be_ctx->domain, map_count, maps);
+ ret = ipa_save_user_maps(sysdb, op_ctx->domain, map_count, maps);
if (ret != EOK) {
goto fail;
}
@@ -426,7 +431,7 @@ ipa_selinux_process_seealso_maps(struct sysdb_attrs *user,
* cache if necessary
*/
struct ipa_get_selinux_state {
- struct be_req *be_req;
+ struct be_ctx *be_ctx;
struct ipa_selinux_ctx *selinux_ctx;
struct sdap_id_op *op;
@@ -445,30 +450,30 @@ static errno_t
ipa_get_selinux_maps_offline(struct tevent_req *req);
static struct tevent_req *
-ipa_get_selinux_send(struct be_req *breq,
+ipa_get_selinux_send(TALLOC_CTX *mem_ctx,
+ struct be_ctx *be_ctx,
struct sysdb_attrs *user,
struct sysdb_attrs *host,
struct ipa_selinux_ctx *selinux_ctx)
{
struct tevent_req *req;
struct tevent_req *subreq;
- struct be_ctx *bctx = breq->be_ctx;
struct ipa_get_selinux_state *state;
bool offline;
int ret = EOK;
DEBUG(SSSDBG_TRACE_FUNC, ("Retrieving SELinux user mapping\n"));
- req = tevent_req_create(breq, &state, struct ipa_get_selinux_state);
+ req = tevent_req_create(mem_ctx, &state, struct ipa_get_selinux_state);
if (req == NULL) {
return NULL;
}
- state->be_req = breq;
+ state->be_ctx = be_ctx;
state->selinux_ctx = selinux_ctx;
state->user = user;
state->host = host;
- offline = be_is_offline(bctx);
+ offline = be_is_offline(be_ctx);
DEBUG(SSSDBG_TRACE_INTERNAL, ("Connection status is [%s].\n",
offline ? "offline" : "online"));
@@ -502,7 +507,7 @@ immediate:
} else {
tevent_req_error(req, ret);
}
- tevent_req_post(req, bctx->ev);
+ tevent_req_post(req, be_ctx->ev);
return req;
}
@@ -515,7 +520,6 @@ static void ipa_get_selinux_connect_done(struct tevent_req *subreq)
int dp_error = DP_ERR_FATAL;
int ret;
struct ipa_id_ctx *id_ctx = state->selinux_ctx->id_ctx;
- struct be_ctx *bctx = state->be_req->be_ctx;
const char *access_name;
const char *selinux_name;
@@ -538,8 +542,8 @@ static void ipa_get_selinux_connect_done(struct tevent_req *subreq)
goto fail;
}
- access_name = state->be_req->be_ctx->bet_info[BET_ACCESS].mod_name;
- selinux_name = state->be_req->be_ctx->bet_info[BET_SELINUX].mod_name;
+ access_name = state->be_ctx->bet_info[BET_ACCESS].mod_name;
+ selinux_name = state->be_ctx->bet_info[BET_SELINUX].mod_name;
if (strcasecmp(access_name, selinux_name) == 0 && state->host != NULL) {
/* If the access control module is the same as the selinux module
* and the access control had already discovered the host
@@ -554,7 +558,7 @@ static void ipa_get_selinux_connect_done(struct tevent_req *subreq)
goto fail;
}
- subreq = ipa_host_info_send(state, bctx->ev,
+ subreq = ipa_host_info_send(state, state->be_ctx->ev,
sdap_id_op_handle(state->op),
id_ctx->sdap_id_ctx->opts,
hostname,
@@ -595,9 +599,8 @@ ipa_get_selinux_maps_offline(struct tevent_req *req)
struct ipa_get_selinux_state);
/* read the config entry */
- ret = sysdb_search_selinux_config(state, state->be_req->be_ctx->domain->sysdb,
- state->be_req->be_ctx->domain,
- NULL, &defaults);
+ ret = sysdb_search_selinux_config(state, state->be_ctx->domain->sysdb,
+ state->be_ctx->domain, NULL, &defaults);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_selinux_config failed [%d]: %s\n",
ret, strerror(ret)));
@@ -629,8 +632,8 @@ ipa_get_selinux_maps_offline(struct tevent_req *req)
}
/* read all the SELinux rules */
- ret = sysdb_get_selinux_usermaps(state, state->be_req->be_ctx->domain->sysdb,
- state->be_req->be_ctx->domain,
+ ret = sysdb_get_selinux_usermaps(state, state->be_ctx->domain->sysdb,
+ state->be_ctx->domain,
attrs, &nmaps, &maps);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_get_selinux_usermaps failed [%d]: %s\n",
@@ -645,7 +648,7 @@ ipa_get_selinux_maps_offline(struct tevent_req *req)
state->nmaps = nmaps;
/* read all the HBAC rules */
- ret = hbac_get_cached_rules(state, state->be_req->be_ctx->domain,
+ ret = hbac_get_cached_rules(state, state->be_ctx->domain,
&state->hbac_rule_count, &state->hbac_rules);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("hbac_get_cached_rules failed [%d]: %s\n",
@@ -689,12 +692,11 @@ static void ipa_get_config_step(struct tevent_req *req)
struct tevent_req *subreq;
struct ipa_get_selinux_state *state = tevent_req_data(req,
struct ipa_get_selinux_state);
- struct be_ctx *bctx = state->be_req->be_ctx;
struct ipa_id_ctx *id_ctx = state->selinux_ctx->id_ctx;
domain = dp_opt_get_string(state->selinux_ctx->id_ctx->ipa_options->basic,
IPA_KRB5_REALM);
- subreq = ipa_get_config_send(state, bctx->ev,
+ subreq = ipa_get_config_send(state, state->be_ctx->ev,
sdap_id_op_handle(state->op),
id_ctx->sdap_id_ctx->opts,
domain, NULL);
@@ -710,7 +712,6 @@ static void ipa_get_selinux_config_done(struct tevent_req *subreq)
struct tevent_req);
struct ipa_get_selinux_state *state = tevent_req_data(req,
struct ipa_get_selinux_state);
- struct be_ctx *bctx = state->be_req->be_ctx;
struct sdap_id_ctx *id_ctx = state->selinux_ctx->id_ctx->sdap_id_ctx;
errno_t ret;
@@ -721,7 +722,8 @@ static void ipa_get_selinux_config_done(struct tevent_req *subreq)
goto done;
}
- subreq = ipa_selinux_get_maps_send(state, bctx->ev, bctx->domain->sysdb,
+ subreq = ipa_selinux_get_maps_send(state, state->be_ctx->ev,
+ state->be_ctx->domain->sysdb,
sdap_id_op_handle(state->op),
id_ctx->opts,
state->selinux_ctx->id_ctx->ipa_options,
@@ -746,7 +748,6 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq)
struct tevent_req *req;
struct ipa_get_selinux_state *state;
- struct be_ctx *bctx;
struct ipa_id_ctx *id_ctx;
char *selinux_name;
@@ -759,7 +760,6 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq)
req = tevent_req_callback_data(subreq, struct tevent_req);
state = tevent_req_data(req, struct ipa_get_selinux_state);
- bctx = state->be_req->be_ctx;
id_ctx = state->selinux_ctx->id_ctx;
ret = ipa_selinux_get_maps_recv(subreq, state,
@@ -789,10 +789,10 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq)
}
if (check_hbac) {
- access_name = state->be_req->be_ctx->bet_info[BET_ACCESS].mod_name;
- selinux_name = state->be_req->be_ctx->bet_info[BET_SELINUX].mod_name;
+ access_name = state->be_ctx->bet_info[BET_ACCESS].mod_name;
+ selinux_name = state->be_ctx->bet_info[BET_SELINUX].mod_name;
if (strcasecmp(access_name, selinux_name) == 0) {
- ret = hbac_get_cached_rules(state, bctx->domain,
+ ret = hbac_get_cached_rules(state, state->be_ctx->domain,
&state->hbac_rule_count,
&state->hbac_rules);
/* Terminates the request */
@@ -801,7 +801,7 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq)
DEBUG(SSSDBG_TRACE_FUNC, ("SELinux maps referenced an HBAC rule. "
"Need to refresh HBAC rules\n"));
- subreq = ipa_hbac_rule_info_send(state, false, bctx->ev,
+ subreq = ipa_hbac_rule_info_send(state, false, state->be_ctx->ev,
sdap_id_op_handle(state->op),
id_ctx->sdap_id_ctx->opts,
state->selinux_ctx->hbac_search_bases,
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index c3f22b2b..63a82c08 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -679,20 +679,13 @@ static void ipa_subdomains_handler_done(struct tevent_req *req)
size_t reply_count;
struct sysdb_attrs **reply = NULL;
struct ipa_subdomains_req_ctx *ctx;
- struct be_req *be_req;
struct sysdb_ctx *sysdb;
struct sss_domain_info *domain;
bool refresh_has_changes = false;
ctx = tevent_req_callback_data(req, struct ipa_subdomains_req_ctx);
- be_req = ctx->be_req;
- if (be_req && be_req->domain) {
- sysdb = be_req->domain->sysdb;
- domain = be_req->domain;
- } else {
- sysdb = ctx->sd_ctx->be_ctx->domain->sysdb;
- domain = ctx->sd_ctx->be_ctx->domain;
- }
+ domain = ctx->sd_ctx->be_ctx->domain;
+ sysdb = domain->sysdb;
ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply);
talloc_zfree(req);
@@ -770,21 +763,14 @@ static void ipa_subdomains_handler_ranges_done(struct tevent_req *req)
size_t reply_count;
struct sysdb_attrs **reply = NULL;
struct ipa_subdomains_req_ctx *ctx;
- struct be_req *be_req;
struct sysdb_subdom *domain_info;
struct range_info **range_list = NULL;
struct sysdb_ctx *sysdb;
struct sss_domain_info *domain;
ctx = tevent_req_callback_data(req, struct ipa_subdomains_req_ctx);
- be_req = ctx->be_req;
- if (be_req && be_req->domain) {
- sysdb = be_req->domain->sysdb;
- domain = be_req->domain;
- } else {
- sysdb = ctx->sd_ctx->be_ctx->domain->sysdb;
- domain = ctx->sd_ctx->be_ctx->domain;
- }
+ domain = ctx->sd_ctx->be_ctx->domain;
+ sysdb = domain->sysdb;
ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply);
talloc_zfree(req);
@@ -950,7 +936,6 @@ static void ipa_subdom_online_cb(void *pvt)
be_req = talloc_zero(NULL, struct be_req);
be_req->be_ctx = ctx->be_ctx;
be_req->fn = ipa_subdom_be_req_callback;
- be_req->domain = ctx->be_ctx->domain;
ipa_subdomains_retrieve(ctx, be_req);
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 48a282c4..8b033952 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -829,7 +829,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
break;
case PWEXPIRE_KERBEROS:
ret = check_pwexpire_kerberos(pw_expire_data, time(NULL), NULL, &result,
- state->breq->domain->pwd_expiration_warning);
+ state->breq->be_ctx->domain->pwd_expiration_warning);
if (ret != EOK) {
DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
state->pd->pam_status = PAM_SYSTEM_ERR;