diff options
-rw-r--r-- | src/providers/ipa/ipa_access.c | 94 | ||||
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 152 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_accounts.c | 418 | ||||
-rw-r--r-- | src/responder/pam/pam_LOCAL_domain.c | 122 | ||||
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 142 |
5 files changed, 205 insertions, 723 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 12c55637..2d47f8b2 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -228,7 +228,6 @@ static void hbac_get_host_info_connect_done(struct tevent_req *subreq); static void hbac_get_host_memberof(struct tevent_req *req, struct ldb_message **msgs); static void hbac_get_host_memberof_done(struct tevent_req *subreq); -static void hbac_get_host_info_store_trans(struct tevent_req *subreq); static struct tevent_req *hbac_get_host_info_send(TALLOC_CTX *memctx, struct tevent_context *ev, @@ -435,12 +434,13 @@ static void hbac_get_host_memberof(struct tevent_req *req, { struct hbac_get_host_info_state *state = tevent_req_data(req, struct hbac_get_host_info_state); - struct tevent_req *subreq; + bool in_transaction = false; int ret; int i; int v; struct ldb_message_element *el; struct hbac_host_info **hhi; + char *object_name; if (state->host_reply_count == 0) { DEBUG(1, ("No hosts not found in IPA server.\n")); @@ -567,37 +567,12 @@ static void hbac_get_host_memberof(struct tevent_req *req, return; } - subreq = sysdb_transaction_send(state, state->ev, state->sysdb); - if (subreq == NULL) { - DEBUG(1, ("sysdb_transaction_send failed.\n")); - ret = ENOMEM; - goto fail; - } - tevent_req_set_callback(subreq, hbac_get_host_info_store_trans, req); - return; - -fail: - tevent_req_error(req, ret); - return; -} - -static void hbac_get_host_info_store_trans(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct hbac_get_host_info_state *state = - tevent_req_data(req, struct hbac_get_host_info_state); - struct ldb_message_element *el; - char *object_name; - int ret; - int i; - - ret = sysdb_transaction_recv(subreq, state, &state->handle); - talloc_zfree(subreq); + ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { tevent_req_error(req, ret); return; } + in_transaction = true; for (i = 0; i < state->host_reply_count; i++) { @@ -639,17 +614,20 @@ static void hbac_get_host_info_store_trans(struct tevent_req *subreq) } } - subreq = sysdb_transaction_commit_send(state, state->ev, state->handle); - if (subreq == NULL) { - DEBUG(1, ("sysdb_transaction_commit_send failed.\n")); - ret = ENOMEM; + ret = sysdb_transaction_commit(state->sysdb); + if (ret) { + DEBUG(1, ("sysdb_transaction_commit failed.\n")); goto fail; } - tevent_req_set_callback(subreq, sysdb_transaction_complete, req); + in_transaction = false; + tevent_req_done(req); return; fail: + if (in_transaction) { + sysdb_transaction_cancel(state->sysdb); + } tevent_req_error(req, ret); return; } @@ -690,7 +668,6 @@ static void hbac_get_rules_connect_done(struct tevent_req *subreq); static void hbac_rule_get(struct tevent_req *req, struct ldb_message **msgs); static void hbac_rule_get_done(struct tevent_req *subreq); -static void hbac_rule_store_trans(struct tevent_req *subreq); static struct tevent_req *hbac_get_rules_send(TALLOC_CTX *memctx, struct tevent_context *ev, @@ -913,10 +890,12 @@ static void hbac_rule_get(struct tevent_req *req, { struct hbac_get_rules_state *state = tevent_req_data(req, struct hbac_get_rules_state); - struct tevent_req *subreq; + bool in_transaction = false; int ret; int i; struct ldb_message_element *el; + struct ldb_dn *hbac_base_dn; + char *object_name; if (state->offline) { ret = msgs2attrs_array(state, state->hbac_reply_count, msgs, @@ -947,38 +926,12 @@ static void hbac_rule_get(struct tevent_req *req, return; } - subreq = sysdb_transaction_send(state, state->ev, state->sysdb); - if (subreq == NULL) { - DEBUG(1, ("sysdb_transaction_send failed.\n")); - ret = ENOMEM; - goto fail; - } - tevent_req_set_callback(subreq, hbac_rule_store_trans, req); - return; - -fail: - tevent_req_error(req, ret); - return; -} - -static void hbac_rule_store_trans(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct hbac_get_rules_state *state = - tevent_req_data(req, struct hbac_get_rules_state); - struct ldb_dn *hbac_base_dn; - struct ldb_message_element *el; - char *object_name; - int ret; - int i; - - ret = sysdb_transaction_recv(subreq, state, &state->handle); - talloc_zfree(subreq); + ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { tevent_req_error(req, ret); return; } + in_transaction = true; hbac_base_dn = sysdb_custom_subtree_dn(state->sysdb, state, state->sdap_ctx->be->domain->name, @@ -1026,17 +979,20 @@ static void hbac_rule_store_trans(struct tevent_req *subreq) } } - subreq = sysdb_transaction_commit_send(state, state->ev, state->handle); - if (subreq == NULL) { - DEBUG(1, ("sysdb_transaction_commit_send failed.\n")); - ret = ENOMEM; + ret = sysdb_transaction_commit(state->sysdb); + if (ret) { + DEBUG(1, ("sysdb_transaction_commit failed.\n")); goto fail; } - tevent_req_set_callback(subreq, sysdb_transaction_complete, req); + in_transaction = false; + tevent_req_done(req); return; fail: + if (in_transaction) { + sysdb_transaction_cancel(state->sysdb); + } tevent_req_error(req, ret); return; } diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 57ce673c..0d5ea5d2 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -174,106 +174,60 @@ static errno_t check_if_ccache_file_is_used(uid_t uid, const char *ccname, return EOK; } -struct krb5_save_ccname_state { - struct tevent_context *ev; - struct sysdb_ctx *sysdb; - struct sysdb_handle *handle; - struct sss_domain_info *domain; - const char *name; - struct sysdb_attrs *attrs; -}; - -static void krb5_save_ccname_trans(struct tevent_req *subreq); - -static struct tevent_req *krb5_save_ccname_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - const char *name, - const char *ccname) +static int krb5_save_ccname(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *name, + const char *ccname) { - struct tevent_req *req; - struct tevent_req *subreq; - struct krb5_save_ccname_state *state; + TALLOC_CTX *tmpctx; + struct sysdb_attrs *attrs; int ret; if (name == NULL || ccname == NULL) { DEBUG(1, ("Missing user or ccache name.\n")); - return NULL; + return EINVAL; } - req = tevent_req_create(mem_ctx, &state, struct krb5_save_ccname_state); - if (req == NULL) { - DEBUG(1, ("tevent_req_create failed.\n")); - return NULL; + tmpctx = talloc_new(mem_ctx); + if (!tmpctx) { + return ENOMEM; } - state->ev = ev; - state->sysdb = sysdb; - state->handle = NULL; - state->domain = domain; - state->name = name; + attrs = sysdb_new_attrs(mem_ctx); + if (!attrs) { + ret = ENOMEM; + goto done; + } - state->attrs = sysdb_new_attrs(state); - ret = sysdb_attrs_add_string(state->attrs, SYSDB_CCACHE_FILE, ccname); + ret = sysdb_attrs_add_string(attrs, SYSDB_CCACHE_FILE, ccname); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_add_string failed.\n")); - goto failed; - } - - subreq = sysdb_transaction_send(state, ev, sysdb); - if (subreq == NULL) { - goto failed; + goto done; } - tevent_req_set_callback(subreq, krb5_save_ccname_trans, req); - - return req; -failed: - talloc_free(req); - return NULL; -} - -static void krb5_save_ccname_trans(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct krb5_save_ccname_state *state = tevent_req_data(req, - struct krb5_save_ccname_state); - int ret; - - ret = sysdb_transaction_recv(subreq, state, &state->handle); - talloc_zfree(subreq); + ret = sysdb_transaction_start(sysdb); if (ret != EOK) { - DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); - tevent_req_error(req, ret); - return; + DEBUG(6, ("Error %d starting transaction (%s)\n", ret, strerror(ret))); + goto done; } - ret = sysdb_set_user_attr(state, sysdb_handle_get_ctx(state->handle), - state->domain, state->name, - state->attrs, SYSDB_MOD_REP); + ret = sysdb_set_user_attr(tmpctx, sysdb, + domain, name, attrs, SYSDB_MOD_REP); if (ret != EOK) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); - tevent_req_error(req, ret); - return; + sysdb_transaction_cancel(sysdb); + goto done; } - subreq = sysdb_transaction_commit_send(state, state->ev, state->handle); - if (subreq == NULL) { - DEBUG(6, ("Error: Out of memory\n")); - tevent_req_error(req, ENOMEM); - return; + ret = sysdb_transaction_commit(sysdb); + if (ret != EOK) { + DEBUG(1, ("Failed to commit transaction!\n")); } - tevent_req_set_callback(subreq, sysdb_transaction_complete, req); - return; -} -int krb5_save_ccname_recv(struct tevent_req *req) -{ - TEVENT_REQ_RETURN_ON_ERROR(req); - - return EOK; +done: + talloc_zfree(tmpctx); + return ret; } errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf) @@ -660,7 +614,7 @@ static void get_user_attr_done(void *pvt, int err, struct ldb_result *res); static void krb5_resolve_kdc_done(struct tevent_req *req); static void krb5_resolve_kpasswd_done(struct tevent_req *req); static void krb5_find_ccache_step(struct krb5child_req *kr); -static void krb5_save_ccname_done(struct tevent_req *req); +static void krb5_save_ccname_done(struct krb5child_req *kr); static void krb5_child_done(struct tevent_req *req); void krb5_pam_handler(struct be_req *be_req) @@ -998,16 +952,15 @@ static void krb5_find_ccache_step(struct krb5child_req *kr) pd->authtok_size = 0; if (kr->active_ccache_present) { - req = krb5_save_ccname_send(kr, be_req->be_ctx->ev, - be_req->be_ctx->sysdb, - be_req->be_ctx->domain, pd->user, - kr->ccname); - if (req == NULL) { - DEBUG(1, ("krb5_save_ccname_send failed.\n")); + ret = krb5_save_ccname(kr, be_req->be_ctx->sysdb, + be_req->be_ctx->domain, pd->user, + kr->ccname); + if (ret) { + DEBUG(1, ("krb5_save_ccname failed.\n")); goto done; } - tevent_req_set_callback(req, krb5_save_ccname_done, kr); + krb5_save_ccname_done(kr); return; } } @@ -1136,25 +1089,25 @@ static void krb5_child_done(struct tevent_req *req) goto done; } - req = krb5_save_ccname_send(kr, be_req->be_ctx->ev, be_req->be_ctx->sysdb, - be_req->be_ctx->domain, pd->user, kr->ccname); - if (req == NULL) { + ret = krb5_save_ccname(kr, be_req->be_ctx->sysdb, + be_req->be_ctx->domain, + pd->user, kr->ccname); + if (ret) { DEBUG(1, ("krb5_save_ccname_send failed.\n")); goto done; } - tevent_req_set_callback(req, krb5_save_ccname_done, kr); + krb5_save_ccname_done(kr); return; + done: talloc_free(kr); pd->pam_status = pam_status; krb_reply(be_req, dp_err, pd->pam_status); } -static void krb5_save_ccname_done(struct tevent_req *req) +static void krb5_save_ccname_done(struct krb5child_req *kr) { - struct krb5child_req *kr = tevent_req_callback_data(req, - struct krb5child_req); struct pam_data *pd = kr->pd; struct be_req *be_req = kr->req; struct krb5_ctx *krb5_ctx = kr->krb5_ctx; @@ -1167,22 +1120,15 @@ static void krb5_save_ccname_done(struct tevent_req *req) ret = add_krb5_env(krb5_ctx->opts, kr->ccname, pd); if (ret != EOK) { DEBUG(1, ("add_krb5_env failed.\n")); - goto failed; + goto done; } } - ret = krb5_save_ccname_recv(req); - talloc_zfree(req); - if (ret != EOK) { - DEBUG(1, ("Saving ccache name failed.\n")); - goto failed; - } - if (kr->is_offline) { DEBUG(4, ("Backend is marked offline, retry later!\n")); pam_status = PAM_AUTHINFO_UNAVAIL; dp_err = DP_ERR_OFFLINE; - goto failed; + goto done; } if (be_req->be_ctx->domain->cache_credentials == TRUE) { @@ -1213,7 +1159,7 @@ static void krb5_save_ccname_done(struct tevent_req *req) if (password == NULL) { DEBUG(0, ("password not available, offline auth may not work.\n")); - goto failed; + goto done; } talloc_set_destructor((TALLOC_CTX *)password, password_destructor); @@ -1230,7 +1176,7 @@ static void krb5_save_ccname_done(struct tevent_req *req) pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; -failed: +done: talloc_free(kr); pd->pam_status = pam_status; diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 0385c8f8..9dca9eb0 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -278,80 +278,35 @@ fail: /* ==Generic-Function-to-save-multiple-users============================= */ -struct sdap_save_users_state { - struct tevent_context *ev; - struct sysdb_ctx *sysdb; - struct sdap_options *opts; - struct sss_domain_info *dom; - - struct sysdb_attrs **users; - int count; - - struct sysdb_handle *handle; - - char *higher_timestamp; -}; - -static void sdap_save_users_trans(struct tevent_req *subreq); -struct tevent_req *sdap_save_users_send(TALLOC_CTX *memctx, - struct tevent_context *ev, - struct sss_domain_info *dom, - struct sysdb_ctx *sysdb, - struct sdap_options *opts, - struct sysdb_attrs **users, - int num_users) -{ - struct tevent_req *req, *subreq; - struct sdap_save_users_state *state; - - req = tevent_req_create(memctx, &state, struct sdap_save_users_state); - if (!req) return NULL; - - state->ev = ev; - state->opts = opts; - state->sysdb = sysdb; - state->dom = dom; - state->users = users; - state->count = num_users; - state->handle = NULL; - state->higher_timestamp = NULL; - - subreq = sysdb_transaction_send(state, state->ev, state->sysdb); - if (!subreq) { - tevent_req_error(req, ENOMEM); - tevent_req_post(req, ev); - return req; - } - tevent_req_set_callback(subreq, sdap_save_users_trans, req); - - return req; -} - -static void sdap_save_users_trans(struct tevent_req *subreq) +static int sdap_save_users(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, + struct sdap_options *opts, + struct sysdb_attrs **users, + int num_users, + char **_timestamp) { - struct tevent_req *req; - struct sdap_save_users_state *state; + TALLOC_CTX *tmpctx; + char *higher_timestamp = NULL; char *timestamp; int ret; int i; - req = tevent_req_callback_data(subreq, struct tevent_req); - state = tevent_req_data(req, struct sdap_save_users_state); + tmpctx = talloc_new(memctx); + if (!tmpctx) { + return ENOMEM; + } - ret = sysdb_transaction_recv(subreq, state, &state->handle); - talloc_zfree(subreq); + ret = sysdb_transaction_start(sysdb); if (ret) { - tevent_req_error(req, ret); - return; + goto done; } - for (i = 0; i < state->count; i++) { + for (i = 0; i < num_users; i++) { timestamp = NULL; - ret = sdap_save_user(state, state->sysdb, - state->opts, state->dom, - state->users[i], - false, ×tamp); + ret = sdap_save_user(tmpctx, sysdb, opts, dom, + users[i], false, ×tamp); /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -362,42 +317,32 @@ static void sdap_save_users_trans(struct tevent_req *subreq) } if (timestamp) { - if (state->higher_timestamp) { - if (strcmp(timestamp, state->higher_timestamp) > 0) { - talloc_zfree(state->higher_timestamp); - state->higher_timestamp = timestamp; + if (higher_timestamp) { + if (strcmp(timestamp, higher_timestamp) > 0) { + talloc_zfree(higher_timestamp); + higher_timestamp = timestamp; } else { talloc_zfree(timestamp); } } else { - state->higher_timestamp = timestamp; + higher_timestamp = timestamp; } } } - subreq = sysdb_transaction_commit_send(state, state->ev, - state->handle); - if (!subreq) { - tevent_req_error(req, ENOMEM); - return; + ret = sysdb_transaction_commit(sysdb); + if (ret) { + DEBUG(1, ("Failed to commit transaction!\n")); + goto done; } - /* sysdb_transaction_complete will call tevent_req_done(req) */ - tevent_req_set_callback(subreq, sysdb_transaction_complete, req); -} - -static int sdap_save_users_recv(struct tevent_req *req, - TALLOC_CTX *mem_ctx, char **timestamp) -{ - struct sdap_save_users_state *state = tevent_req_data(req, - struct sdap_save_users_state); - TEVENT_REQ_RETURN_ON_ERROR(req); - - if (timestamp) { - *timestamp = talloc_steal(mem_ctx, state->higher_timestamp); + if (_timestamp) { + *_timestamp = talloc_steal(memctx, higher_timestamp); } - return EOK; +done: + talloc_zfree(tmpctx); + return ret; } @@ -418,7 +363,6 @@ struct sdap_get_users_state { }; static void sdap_get_users_process(struct tevent_req *subreq); -static void sdap_get_users_done(struct tevent_req *subreq); struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx, struct tevent_context *ev, @@ -484,34 +428,18 @@ static void sdap_get_users_process(struct tevent_req *subreq) return; } - subreq = sdap_save_users_send(state, state->ev, state->dom, - state->sysdb, state->opts, - state->users, state->count); - if (!subreq) { - tevent_req_error(req, ENOMEM); - return; - } - tevent_req_set_callback(subreq, sdap_get_users_done, req); -} - -static void sdap_get_users_done(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct sdap_get_users_state *state = tevent_req_data(req, - struct sdap_get_users_state); - int ret; - - DEBUG(9, ("Saving %d Users - Done\n", state->count)); - - ret = sdap_save_users_recv(subreq, state, &state->higher_timestamp); - talloc_zfree(subreq); + ret = sdap_save_users(state, state->sysdb, + state->dom, state->opts, + state->users, state->count, + &state->higher_timestamp); if (ret) { DEBUG(2, ("Failed to store users.\n")); tevent_req_error(req, ret); return; } + DEBUG(9, ("Saving %d Users - Done\n", state->count)); + tevent_req_done(req); } @@ -872,101 +800,53 @@ fail: /* ==Generic-Function-to-save-multiple-groups============================= */ -struct sdap_save_groups_state { - struct tevent_context *ev; - struct sysdb_ctx *sysdb; - struct sdap_options *opts; - struct sss_domain_info *dom; - - struct sysdb_attrs **groups; - int count; - int cur; - bool twopass; - - struct sysdb_handle *handle; - - char *higher_timestamp; -}; - -static void sdap_save_groups_trans(struct tevent_req *subreq); -struct tevent_req *sdap_save_groups_send(TALLOC_CTX *memctx, - struct tevent_context *ev, - struct sss_domain_info *dom, - struct sysdb_ctx *sysdb, - struct sdap_options *opts, - struct sysdb_attrs **groups, - int num_groups) +static int sdap_save_groups(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, + struct sdap_options *opts, + struct sysdb_attrs **groups, + int num_groups, + char **_timestamp) { - struct tevent_req *req, *subreq; - struct sdap_save_groups_state *state; - - req = tevent_req_create(memctx, &state, struct sdap_save_groups_state); - if (!req) return NULL; - - state->ev = ev; - state->opts = opts; - state->sysdb = sysdb; - state->dom = dom; - state->groups = groups; - state->count = num_groups; - state->cur = 0; - state->handle = NULL; - state->higher_timestamp = NULL; + TALLOC_CTX *tmpctx; + char *higher_timestamp = NULL; + char *timestamp; + bool twopass; + int ret; + int i; switch (opts->schema_type) { case SDAP_SCHEMA_RFC2307: - state->twopass = false; + twopass = false; break; case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_IPA_V1: case SDAP_SCHEMA_AD: - state->twopass = true; + twopass = true; break; default: - tevent_req_error(req, EINVAL); - tevent_req_post(req, ev); - return req; + return EINVAL; } - subreq = sysdb_transaction_send(state, state->ev, state->sysdb); - if (!subreq) { - tevent_req_error(req, ENOMEM); - tevent_req_post(req, ev); - return req; + tmpctx = talloc_new(memctx); + if (!tmpctx) { + return ENOMEM; } - tevent_req_set_callback(subreq, sdap_save_groups_trans, req); - - return req; -} - -static void sdap_save_groups_trans(struct tevent_req *subreq) -{ - struct tevent_req *req; - struct sdap_save_groups_state *state; - char *timestamp; - int ret; - int i; - - req = tevent_req_callback_data(subreq, struct tevent_req); - state = tevent_req_data(req, struct sdap_save_groups_state); - ret = sysdb_transaction_recv(subreq, state, &state->handle); - talloc_zfree(subreq); + ret = sysdb_transaction_start(sysdb); if (ret) { - tevent_req_error(req, ret); - return; + goto done; } - for (i = 0; i < state->count; i++) { + for (i = 0; i < num_groups; i++) { timestamp = NULL; /* if 2 pass savemembers = false */ - ret = sdap_save_group(state, sysdb_handle_get_ctx(state->handle), - state->opts, state->dom, - state->groups[i], - (!state->twopass), ×tamp); + ret = sdap_save_group(tmpctx, sysdb, + opts, dom, groups[i], + (!twopass), ×tamp); /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -977,27 +857,24 @@ static void sdap_save_groups_trans(struct tevent_req *subreq) } if (timestamp) { - if (state->higher_timestamp) { - if (strcmp(timestamp, state->higher_timestamp) > 0) { - talloc_zfree(state->higher_timestamp); - state->higher_timestamp = timestamp; + if (higher_timestamp) { + if (strcmp(timestamp, higher_timestamp) > 0) { + talloc_zfree(higher_timestamp); + higher_timestamp = timestamp; } else { talloc_zfree(timestamp); } } else { - state->higher_timestamp = timestamp; + higher_timestamp = timestamp; } } } - if (state->twopass) { + if (twopass) { - for (i = 0; i < state->count; i++) { + for (i = 0; i < num_groups; i++) { - ret = sdap_save_grpmem(state, - sysdb_handle_get_ctx(state->handle), - state->opts, state->dom, - state->groups[i]); + ret = sdap_save_grpmem(tmpctx, sysdb, opts, dom, groups[i]); /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { @@ -1008,29 +885,19 @@ static void sdap_save_groups_trans(struct tevent_req *subreq) } } - subreq = sysdb_transaction_commit_send(state, state->ev, - state->handle); - if (!subreq) { - tevent_req_error(req, ENOMEM); - return; + ret = sysdb_transaction_commit(sysdb); + if (ret) { + DEBUG(1, ("Failed to commit transaction!\n")); + goto done; } - /* sysdb_transaction_complete will call tevent_req_done(req) */ - tevent_req_set_callback(subreq, sysdb_transaction_complete, req); -} - -static int sdap_save_groups_recv(struct tevent_req *req, - TALLOC_CTX *mem_ctx, char **timestamp) -{ - struct sdap_save_groups_state *state = tevent_req_data(req, - struct sdap_save_groups_state); - - TEVENT_REQ_RETURN_ON_ERROR(req); - if (timestamp) { - *timestamp = talloc_steal(mem_ctx, state->higher_timestamp); + if (_timestamp) { + *_timestamp = talloc_steal(memctx, higher_timestamp); } - return EOK; +done: + talloc_zfree(tmpctx); + return ret; } @@ -1051,7 +918,6 @@ struct sdap_get_groups_state { }; static void sdap_get_groups_process(struct tevent_req *subreq); -static void sdap_get_groups_done(struct tevent_req *subreq); struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, struct tevent_context *ev, @@ -1117,34 +983,18 @@ static void sdap_get_groups_process(struct tevent_req *subreq) return; } - subreq = sdap_save_groups_send(state, state->ev, state->dom, - state->sysdb, state->opts, - state->groups, state->count); - if (!subreq) { - tevent_req_error(req, ENOMEM); - return; - } - tevent_req_set_callback(subreq, sdap_get_groups_done, req); -} - -static void sdap_get_groups_done(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct sdap_get_groups_state *state = tevent_req_data(req, - struct sdap_get_groups_state); - int ret; - - DEBUG(9, ("Saving %d Groups - Done\n", state->count)); - - ret = sdap_save_groups_recv(subreq, state, &state->higher_timestamp); - talloc_zfree(subreq); + ret = sdap_save_groups(state, state->sysdb, + state->dom, state->opts, + state->groups, state->count, + &state->higher_timestamp); if (ret) { DEBUG(2, ("Failed to store groups.\n")); tevent_req_error(req, ret); return; } + DEBUG(9, ("Saving %d Groups - Done\n", state->count)); + tevent_req_done(req); } @@ -1177,7 +1027,6 @@ struct sdap_initgr_rfc2307_state { }; static void sdap_initgr_rfc2307_process(struct tevent_req *subreq); -static void sdap_initgr_rfc2307_done(struct tevent_req *subreq); struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, @@ -1246,25 +1095,9 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq) return; } - subreq = sdap_save_groups_send(state, state->ev, state->dom, - state->sysdb, state->opts, - groups, count); - if (!subreq) { - tevent_req_error(req, ENOMEM); - return; - } - tevent_req_set_callback(subreq, sdap_initgr_rfc2307_done, req); -} - -static void sdap_initgr_rfc2307_done(struct tevent_req *subreq) -{ - struct tevent_req *req; - int ret; - - req = tevent_req_callback_data(subreq, struct tevent_req); - - ret = sdap_save_groups_recv(subreq, NULL, NULL); - talloc_zfree(subreq); + ret = sdap_save_groups(state, state->sysdb, + state->dom, state->opts, + groups, count, NULL); if (ret) { tevent_req_error(req, ret); return; @@ -1305,7 +1138,6 @@ struct sdap_initgr_nested_state { static void sdap_initgr_nested_search(struct tevent_req *subreq); static void sdap_initgr_nested_store(struct tevent_req *req); -static void sdap_initgr_nested_done(struct tevent_req *subreq); static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, @@ -1435,30 +1267,13 @@ static void sdap_initgr_nested_search(struct tevent_req *subreq) static void sdap_initgr_nested_store(struct tevent_req *req) { - struct tevent_req *subreq; struct sdap_initgr_nested_state *state; - - state = tevent_req_data(req, struct sdap_initgr_nested_state); - - subreq = sdap_save_groups_send(state, state->ev, state->dom, - state->sysdb, state->opts, - state->groups, state->groups_cur); - if (!subreq) { - tevent_req_error(req, ENOMEM); - return; - } - tevent_req_set_callback(subreq, sdap_initgr_nested_done, req); -} - -static void sdap_initgr_nested_done(struct tevent_req *subreq) -{ - struct tevent_req *req; int ret; - req = tevent_req_callback_data(subreq, struct tevent_req); + state = tevent_req_data(req, struct sdap_initgr_nested_state); - ret = sdap_save_groups_recv(subreq, NULL, NULL); - talloc_zfree(subreq); + ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts, + state->groups, state->groups_cur, NULL); if (ret) { tevent_req_error(req, ret); return; @@ -1492,8 +1307,6 @@ struct sdap_get_initgr_state { }; static void sdap_get_initgr_user(struct tevent_req *subreq); -static void sdap_get_initgr_store(struct tevent_req *subreq); -static void sdap_get_initgr_process(struct tevent_req *subreq); static void sdap_get_initgr_done(struct tevent_req *subreq); struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, @@ -1590,66 +1403,33 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) state->orig_user = usr_attrs[0]; - subreq = sysdb_transaction_send(state, state->ev, state->sysdb); - if (!subreq) { - tevent_req_error(req, ENOMEM); - return; - } - tevent_req_set_callback(subreq, sdap_get_initgr_store, req); -} - -static void sdap_get_initgr_store(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct sdap_get_initgr_state *state = tevent_req_data(req, - struct sdap_get_initgr_state); - int ret; - - DEBUG(9, ("Storing the user\n")); - - ret = sysdb_transaction_recv(subreq, state, &state->handle); - talloc_zfree(subreq); + ret = sysdb_transaction_start(state->sysdb); if (ret) { tevent_req_error(req, ret); return; } + DEBUG(9, ("Storing the user\n")); + ret = sdap_save_user(state, state->sysdb, state->opts, state->dom, state->orig_user, true, NULL); if (ret) { + sysdb_transaction_cancel(state->sysdb); tevent_req_error(req, ret); return; } DEBUG(9, ("Commit change\n")); - subreq = sysdb_transaction_commit_send(state, state->ev, state->handle); - if (!subreq) { - tevent_req_error(req, ENOMEM); - return; - } - tevent_req_set_callback(subreq, sdap_get_initgr_process, req); -} - -static void sdap_get_initgr_process(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct sdap_get_initgr_state *state = tevent_req_data(req, - struct sdap_get_initgr_state); - int ret; - - DEBUG(9, ("Process user's groups\n")); - - ret = sysdb_transaction_commit_recv(subreq); - talloc_zfree(subreq); + ret = sysdb_transaction_commit(state->sysdb); if (ret) { tevent_req_error(req, ret); return; } + DEBUG(9, ("Process user's groups\n")); + switch (state->opts->schema_type) { case SDAP_SCHEMA_RFC2307: subreq = sdap_initgr_rfc2307_send(state, state->ev, state->opts, diff --git a/src/responder/pam/pam_LOCAL_domain.c b/src/responder/pam/pam_LOCAL_domain.c index 80f8a91c..09229c29 100644 --- a/src/responder/pam/pam_LOCAL_domain.c +++ b/src/responder/pam/pam_LOCAL_domain.c @@ -70,69 +70,8 @@ static void prepare_reply(struct LOCAL_request *lreq) lreq->preq->callback(lreq->preq); } -static void set_user_attr_done(struct tevent_req *req) -{ - struct LOCAL_request *lreq; - int ret; - - lreq = tevent_req_callback_data(req, struct LOCAL_request); - - ret = sysdb_transaction_commit_recv(req); - if (ret) { - DEBUG(2, ("set_user_attr failed.\n")); - lreq->error =ret; - } - - prepare_reply(lreq); -} - -static void set_user_attr_req(struct tevent_req *req) -{ - struct LOCAL_request *lreq = tevent_req_callback_data(req, - struct LOCAL_request); - int ret; - - DEBUG(4, ("entering set_user_attr_req\n")); - - ret = sysdb_transaction_recv(req, lreq, &lreq->handle); - if (ret) { - lreq->error = ret; - return prepare_reply(lreq); - } - - ret = sysdb_set_user_attr(lreq, sysdb_handle_get_ctx(lreq->handle), - lreq->preq->domain, - lreq->preq->pd->user, - lreq->mod_attrs, SYSDB_MOD_REP); - - DEBUG(4, ("set_user_attr_callback, status [%d][%s]\n", ret, strerror(ret))); - - if (ret) { - lreq->error = ret; - goto fail; - } - - req = sysdb_transaction_commit_send(lreq, lreq->ev, lreq->handle); - if (!req) { - lreq->error = ENOMEM; - goto fail; - } - tevent_req_set_callback(req, set_user_attr_done, lreq); - - return; - -fail: - DEBUG(2, ("set_user_attr failed.\n")); - - /* cancel transaction */ - talloc_zfree(lreq->handle); - - prepare_reply(lreq); -} - static void do_successful_login(struct LOCAL_request *lreq) { - struct tevent_req *req; int ret; lreq->mod_attrs = sysdb_new_attrs(lreq); @@ -148,23 +87,19 @@ static void do_successful_login(struct LOCAL_request *lreq) NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); - req = sysdb_transaction_send(lreq, lreq->ev, lreq->dbctx); - if (!req) { - lreq->error = ENOMEM; - goto done; - } - tevent_req_set_callback(req, set_user_attr_req, lreq); - - return; + ret = sysdb_set_user_attr(lreq, lreq->dbctx, + lreq->preq->domain, + lreq->preq->pd->user, + lreq->mod_attrs, SYSDB_MOD_REP); + NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), + lreq->error, ret, done); done: - - prepare_reply(lreq); + return; } static void do_failed_login(struct LOCAL_request *lreq) { - struct tevent_req *req; int ret; int failedLoginAttempts; struct pam_data *pd; @@ -194,18 +129,15 @@ static void do_failed_login(struct LOCAL_request *lreq) NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); - req = sysdb_transaction_send(lreq, lreq->ev, lreq->dbctx); - if (!req) { - lreq->error = ENOMEM; - goto done; - } - tevent_req_set_callback(req, set_user_attr_req, lreq); - - return; + ret = sysdb_set_user_attr(lreq, lreq->dbctx, + lreq->preq->domain, + lreq->preq->pd->user, + lreq->mod_attrs, SYSDB_MOD_REP); + NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), + lreq->error, ret, done); done: - - prepare_reply(lreq); + return; } static void do_pam_acct_mgmt(struct LOCAL_request *lreq) @@ -222,13 +154,10 @@ static void do_pam_acct_mgmt(struct LOCAL_request *lreq) (strncasecmp(disabled, "no",2) != 0) ) { pd->pam_status = PAM_PERM_DENIED; } - - prepare_reply(lreq); } static void do_pam_chauthtok(struct LOCAL_request *lreq) { - struct tevent_req *req; int ret; char *newauthtok; char *salt; @@ -246,7 +175,7 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq) if (strlen(newauthtok) == 0) { /* TODO: should we allow null passwords via a config option ? */ DEBUG(1, ("Empty passwords are not allowed!\n")); - ret = EINVAL; + lreq->error = EINVAL; goto done; } @@ -274,17 +203,15 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq) NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); - req = sysdb_transaction_send(lreq, lreq->ev, lreq->dbctx); - if (!req) { - lreq->error = ENOMEM; - goto done; - } - tevent_req_set_callback(req, set_user_attr_req, lreq); + ret = sysdb_set_user_attr(lreq, lreq->dbctx, + lreq->preq->domain, + lreq->preq->pd->user, + lreq->mod_attrs, SYSDB_MOD_REP); + NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), + lreq->error, ret, done); - return; done: - - prepare_reply(lreq); + return; } static void local_handler_callback(void *pvt, int ldb_status, @@ -361,7 +288,7 @@ static void local_handler_callback(void *pvt, int ldb_status, if (strcmp(new_hash, password) != 0) { DEBUG(1, ("Passwords do not match.\n")); do_failed_login(lreq); - return; + goto done; } break; @@ -370,15 +297,12 @@ static void local_handler_callback(void *pvt, int ldb_status, switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: do_successful_login(lreq); - return; break; case SSS_PAM_CHAUTHTOK: do_pam_chauthtok(lreq); - return; break; case SSS_PAM_ACCT_MGMT: do_pam_acct_mgmt(lreq); - return; break; case SSS_PAM_SETCRED: break; diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 77f29ec8..eba78cce 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -271,119 +271,8 @@ static int pam_parse_in_data(struct sss_names_ctx *snctx, /*=Save-Last-Login-State===================================================*/ -struct set_last_login_state { - struct tevent_context *ev; - struct sysdb_ctx *dbctx; - - struct sss_domain_info *dom; - const char *username; - struct sysdb_attrs *attrs; - - struct sysdb_handle *handle; - - struct ldb_result *res; -}; - -static void set_last_login_trans_done(struct tevent_req *subreq); -static void set_last_login_done(struct tevent_req *subreq); - -static struct tevent_req *set_last_login_send(TALLOC_CTX *memctx, - struct tevent_context *ev, - struct sysdb_ctx *dbctx, - struct sss_domain_info *dom, - const char *username, - struct sysdb_attrs *attrs) -{ - struct tevent_req *req, *subreq; - struct set_last_login_state *state; - - req = tevent_req_create(memctx, &state, struct set_last_login_state); - if (!req) { - return NULL; - } - - state->ev = ev; - state->dbctx = dbctx; - state->dom = dom; - state->username = username; - state->attrs = attrs; - state->handle = NULL; - - subreq = sysdb_transaction_send(state, state->ev, state->dbctx); - if (!subreq) { - talloc_free(req); - return NULL; - } - tevent_req_set_callback(subreq, set_last_login_trans_done, req); - - return req; -} - -static void set_last_login_trans_done(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct set_last_login_state *state = tevent_req_data(req, - struct set_last_login_state); - int ret; - - ret = sysdb_transaction_recv(subreq, state, &state->handle); - talloc_zfree(subreq); - if (ret != EOK) { - DEBUG(1, ("Unable to acquire sysdb transaction lock\n")); - tevent_req_error(req, ret); - return; - } - - ret = sysdb_set_user_attr(state, sysdb_handle_get_ctx(state->handle), - state->dom, state->username, - state->attrs, SYSDB_MOD_REP); - if (ret != EOK) { - DEBUG(4, ("set_user_attr_callback, status [%d][%s]\n", - ret, strerror(ret))); - tevent_req_error(req, ret); - return; - } - - subreq = sysdb_transaction_commit_send(state, state->ev, state->handle); - if (!subreq) { - tevent_req_error(req, ENOMEM); - return; - } - tevent_req_set_callback(subreq, set_last_login_done, req); -} - -static void set_last_login_done(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - int ret; - - ret = sysdb_transaction_commit_recv(subreq); - if (ret != EOK) { - DEBUG(2, ("set_last_login failed.\n")); - tevent_req_error(req, ret); - return; - } - - tevent_req_done(req); -} - -static int set_last_login_recv(struct tevent_req *req) -{ - TEVENT_REQ_RETURN_ON_ERROR(req); - - return EOK; -} - -/*=========================================================================*/ - - -static void set_last_login_reply(struct tevent_req *req); - static errno_t set_last_login(struct pam_auth_req *preq) { - struct tevent_req *req; struct sysdb_ctx *dbctx; struct sysdb_attrs *attrs; errno_t ret; @@ -411,13 +300,17 @@ static errno_t set_last_login(struct pam_auth_req *preq) goto fail; } - req = set_last_login_send(preq, preq->cctx->ev, dbctx, - preq->domain, preq->pd->user, attrs); - if (!req) { - ret = ENOMEM; + ret = sysdb_set_user_attr(preq, dbctx, + preq->domain, preq->pd->user, + attrs, SYSDB_MOD_REP); + if (ret != EOK) { + DEBUG(2, ("set_last_login failed.\n")); + preq->pd->pam_status = PAM_SYSTEM_ERR; goto fail; + } else { + preq->pd->last_auth_saved = true; } - tevent_req_set_callback(req, set_last_login_reply, preq); + preq->callback(preq); return EOK; @@ -425,22 +318,6 @@ fail: return ret; } -static void set_last_login_reply(struct tevent_req *req) -{ - struct pam_auth_req *preq = tevent_req_callback_data(req, - struct pam_auth_req); - int ret; - - ret = set_last_login_recv(req); - if (ret != EOK) { - preq->pd->pam_status = PAM_SYSTEM_ERR; - } else { - preq->pd->last_auth_saved = true; - } - - preq->callback(preq); -} - static void pam_reply_delay(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { @@ -566,7 +443,6 @@ static void pam_reply(struct pam_auth_req *preq) if (ret != EOK) { goto done; } - return; } |