diff options
-rw-r--r-- | Makefile.am | 1 | ||||
-rw-r--r-- | src/providers/ldap/ldap_access.c | 86 | ||||
-rw-r--r-- | src/providers/ldap/sdap_access.c | 59 |
3 files changed, 87 insertions, 59 deletions
diff --git a/Makefile.am b/Makefile.am index 5cc00915..b96ab042 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1311,6 +1311,7 @@ libsss_krb5_common_la_SOURCES = \ libsss_ldap_la_SOURCES = \ src/util/find_uid.c \ src/providers/ldap/ldap_init.c \ + src/providers/ldap/ldap_access.c \ src/providers/krb5/krb5_common.c \ src/providers/krb5/krb5_utils.c \ src/util/user_info_msg.c \ diff --git a/src/providers/ldap/ldap_access.c b/src/providers/ldap/ldap_access.c new file mode 100644 index 00000000..18661335 --- /dev/null +++ b/src/providers/ldap/ldap_access.c @@ -0,0 +1,86 @@ +/* + SSSD + + ldap_access.c + + Authors: + Simo Sorce <ssorce@redhat.com> + + Copyright (C) 2013 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <security/pam_modules.h> +#include "src/util/util.h" +#include "src/providers/data_provider.h" +#include "src/providers/dp_backend.h" +#include "src/providers/ldap/sdap_access.h" + +static void sdap_access_reply(struct be_req *be_req, int pam_status) +{ + struct pam_data *pd; + pd = talloc_get_type(be_req->req_data, struct pam_data); + pd->pam_status = pam_status; + + if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED) { + be_req->fn(be_req, DP_ERR_OK, pam_status, NULL); + } else { + be_req->fn(be_req, DP_ERR_FATAL, pam_status, NULL); + } +} + +static void sdap_access_done(struct tevent_req *req); +void sdap_pam_access_handler(struct be_req *breq) +{ + struct pam_data *pd; + struct tevent_req *req; + struct sdap_access_ctx *access_ctx; + + pd = talloc_get_type(breq->req_data, struct pam_data); + + access_ctx = + talloc_get_type(breq->be_ctx->bet_info[BET_ACCESS].pvt_bet_data, + struct sdap_access_ctx); + + req = sdap_access_send(breq, + breq->be_ctx->ev, + breq, + access_ctx, + pd); + if (req == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to start sdap_access request\n")); + sdap_access_reply(breq, PAM_SYSTEM_ERR); + return; + } + + tevent_req_set_callback(req, sdap_access_done, breq); +} + +static void sdap_access_done(struct tevent_req *req) +{ + errno_t ret; + int pam_status = PAM_SYSTEM_ERR; + struct be_req *breq = + tevent_req_callback_data(req, struct be_req); + + ret = sdap_access_recv(req, &pam_status); + talloc_zfree(req); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Error retrieving access check result.\n")); + pam_status = PAM_SYSTEM_ERR; + } + + sdap_access_reply(breq, pam_status); +} diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index a703f8b0..42e321d2 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -40,21 +40,6 @@ #include "providers/data_provider.h" #include "providers/dp_backend.h" -static void sdap_access_reply(struct be_req *be_req, int pam_status) -{ - struct pam_data *pd; - pd = talloc_get_type(be_req->req_data, struct pam_data); - pd->pam_status = pam_status; - - if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED) { - be_req->fn(be_req, DP_ERR_OK, pam_status, NULL); - } - - else { - be_req->fn(be_req, DP_ERR_FATAL, pam_status, NULL); - } -} - static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_req *be_req, @@ -89,33 +74,6 @@ static struct tevent_req *sdap_access_host_send( struct tevent_context *ev, struct ldb_message *user_entry); -static void sdap_access_done(struct tevent_req *req); -void sdap_pam_access_handler(struct be_req *breq) -{ - struct pam_data *pd; - struct tevent_req *req; - struct sdap_access_ctx *access_ctx; - - pd = talloc_get_type(breq->req_data, struct pam_data); - - access_ctx = - talloc_get_type(breq->be_ctx->bet_info[BET_ACCESS].pvt_bet_data, - struct sdap_access_ctx); - - req = sdap_access_send(breq, - breq->be_ctx->ev, - breq, - access_ctx, - pd); - if (req == NULL) { - DEBUG(1, ("Unable to start sdap_access request\n")); - sdap_access_reply(breq, PAM_SYSTEM_ERR); - return; - } - - tevent_req_set_callback(req, sdap_access_done, breq); -} - struct sdap_access_req_ctx { struct pam_data *pd; struct tevent_context *ev; @@ -1388,20 +1346,3 @@ sdap_access_recv(struct tevent_req *req, int *pam_status) return EOK; } - -static void sdap_access_done(struct tevent_req *req) -{ - errno_t ret; - int pam_status = PAM_SYSTEM_ERR; - struct be_req *breq = - tevent_req_callback_data(req, struct be_req); - - ret = sdap_access_recv(req, &pam_status); - talloc_zfree(req); - if (ret != EOK) { - DEBUG(1, ("Error retrieving access check result.\n")); - pam_status = PAM_SYSTEM_ERR; - } - - sdap_access_reply(breq, pam_status); -} |