summaryrefslogtreecommitdiff
path: root/server/providers
diff options
context:
space:
mode:
Diffstat (limited to 'server/providers')
-rw-r--r--server/providers/ldap/ldap_auth.c48
-rw-r--r--server/providers/ldap/sdap_async.c97
-rw-r--r--server/providers/ldap/sdap_async.h9
-rw-r--r--server/providers/proxy.c155
4 files changed, 49 insertions, 260 deletions
diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c
index c176cb4e..e3633857 100644
--- a/server/providers/ldap/ldap_auth.c
+++ b/server/providers/ldap/ldap_auth.c
@@ -312,7 +312,7 @@ struct sdap_pam_auth_state {
static void sdap_pam_auth_done(struct tevent_req *req);
static void sdap_password_cache_done(struct tevent_req *req);
-static void sdap_pam_auth_reply(struct be_req *breq, int result, const char *err);
+static void sdap_pam_auth_reply(struct be_req *breq, int result);
/* FIXME: convert caller to tevent_req too ?*/
static void sdap_pam_auth_send(struct be_req *breq)
@@ -356,22 +356,16 @@ static void sdap_pam_auth_send(struct be_req *breq)
default:
pd->pam_status = PAM_SUCCESS;
}
- tevent_req_set_callback(req, sdap_cache_pw_done, data);
-
- return;
-
-fail:
- DEBUG(2, ("Failed to cache password (%d)[%s]!?\n", ret, strerror(ret)));
done:
- sdap_pam_auth_reply(breq, pd->pam_status, NULL);
+ sdap_pam_auth_reply(breq, pd->pam_status);
}
static void sdap_pam_auth_done(struct tevent_req *req)
{
struct sdap_pam_auth_state *state =
tevent_req_callback_data(req, struct sdap_pam_auth_state);
- struct tevent_req *preq;
+ struct tevent_req *subreq;
enum sdap_result result;
int ret;
@@ -399,34 +393,35 @@ static void sdap_pam_auth_done(struct tevent_req *req)
if (result == SDAP_AUTH_SUCCESS &&
state->breq->be_ctx->domain->cache_credentials) {
- preq = sdap_cache_pw_send(state,
- state->breq->be_ctx->ev,
- state->breq->be_ctx->sysdb,
- state->breq->be_ctx->domain,
- state->username,
- state->password);
+ subreq = sysdb_cache_password_send(state,
+ state->breq->be_ctx->ev,
+ state->breq->be_ctx->sysdb,
+ NULL,
+ state->breq->be_ctx->domain,
+ state->username, state->password);
/* password caching failures are not fatal errors */
- if (!preq) {
+ if (!subreq) {
DEBUG(2, ("Failed to cache password for %s\n", state->username));
goto done;
}
- tevent_req_set_callback(preq, sdap_password_cache_done, state);
+ tevent_req_set_callback(subreq, sdap_password_cache_done, state);
return;
}
done:
- sdap_pam_auth_reply(state->breq, state->pd->pam_status, NULL);
+ sdap_pam_auth_reply(state->breq, state->pd->pam_status);
}
-static void sdap_password_cache_done(struct tevent_req *req)
+static void sdap_password_cache_done(struct tevent_req *subreq)
{
- struct sdap_pam_auth_state *state =
- tevent_req_callback_data(req, struct sdap_pam_auth_state);
+ struct sdap_pam_auth_state *state = tevent_req_callback_data(subreq,
+ struct sdap_pam_auth_state);
int ret;
- ret = sdap_cache_pw_recv(req);
+ ret = sysdb_cache_password_recv(subreq);
+ talloc_zfree(subreq);
if (ret) {
/* password caching failures are not fatal errors */
DEBUG(2, ("Failed to cache password for %s\n", state->username));
@@ -434,13 +429,14 @@ static void sdap_password_cache_done(struct tevent_req *req)
DEBUG(4, ("Password successfully cached for %s\n", state->username));
}
- talloc_zfree(req);
- sdap_pam_auth_reply(state->breq, state->pd->pam_status, NULL);
+ sdap_pam_auth_reply(state->breq, state->pd->pam_status);
}
-static void sdap_pam_auth_reply(struct be_req *req, int result, const char *err)
+static void sdap_pam_auth_reply(struct be_req *req, int result)
{
- req->fn(req, result, err);
+ const char *errstr = NULL;
+ if (result) errstr = "Operation failed";
+ req->fn(req, result, errstr);
}
/* ==Module-Initialization-and-Dispose==================================== */
diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c
index e618824d..2aba33c1 100644
--- a/server/providers/ldap/sdap_async.c
+++ b/server/providers/ldap/sdap_async.c
@@ -520,103 +520,6 @@ int sdap_auth_recv(struct tevent_req *req, enum sdap_result *result)
return EOK;
}
-/* ==Password=Caching===================================================== */
-
-struct sdap_cache_pw_state {
- struct sss_domain_info *domain;
- const char *username;
- const char *password;
-
- struct sysdb_req *sysreq;
-
- int result;
-};
-
-static void sdap_cache_pw_op(struct sysdb_req *req, void *pvt);
-static void sdap_cache_pw_callback(void *pvt, int error, struct ldb_result *r);
-
-struct tevent_req *sdap_cache_pw_send(TALLOC_CTX *memctx,
- struct tevent_context *ev,
- struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
- const char *username,
- const char *password)
-{
- struct tevent_req *req;
- struct sdap_cache_pw_state *state;
- int ret;
-
- req = tevent_req_create(memctx, &state, struct sdap_cache_pw_state);
- if (!req) return NULL;
-
- state->domain = domain;
- state->username = username;
- state->password = password;
-
- ret = sysdb_transaction(state, sysdb, sdap_cache_pw_op, req);
-
- if (ret != EOK) {
- DEBUG(1, ("Failed to start sysydb transaction (%d)[%s]!?\n",
- ret, strerror(ret)));
- goto fail;
- }
-
- return req;
-
-fail:
- tevent_req_error(req, EIO);
- tevent_req_post(req, ev);
- return req;
-}
-
-static void sdap_cache_pw_op(struct sysdb_req *sysreq, void *pvt)
-{
- struct tevent_req *req = talloc_get_type(pvt, struct tevent_req);
- struct sdap_cache_pw_state *state = tevent_req_data(req,
- struct sdap_cache_pw_state);
- int ret;
-
- state->sysreq = sysreq;
-
- ret = sysdb_set_cached_password(sysreq,
- state->domain,
- state->username,
- state->password,
- sdap_cache_pw_callback, req);
- if (ret != EOK) {
- state->result = ret;
- tevent_req_done(req);
- }
-}
-
-static void sdap_cache_pw_callback(void *pvt, int e, struct ldb_result *r)
-{
- struct tevent_req *req = talloc_get_type(pvt, struct tevent_req);
- struct sdap_cache_pw_state *state = tevent_req_data(req,
- struct sdap_cache_pw_state);
- sysdb_transaction_done(state->sysreq, e);
-
- if (e != EOK) {
- DEBUG(2, ("Failed to cache password (%d)[%s]!?\n", e, strerror(e)));
- state->result = e;
- }
-
- state->result = EOK;
- tevent_req_done(req);
-}
-
-int sdap_cache_pw_recv(struct tevent_req *req)
-{
- struct sdap_cache_pw_state *state = tevent_req_data(req,
- struct sdap_cache_pw_state);
- enum tevent_req_state tstate;
- uint64_t err;
-
- if (tevent_req_is_error(req, &tstate, &err)) {
- return err;
- }
- return state->result;
-}
/* ==Save-User-Entry====================================================== */
diff --git a/server/providers/ldap/sdap_async.h b/server/providers/ldap/sdap_async.h
index 6b72ac04..37c307a0 100644
--- a/server/providers/ldap/sdap_async.h
+++ b/server/providers/ldap/sdap_async.h
@@ -79,12 +79,3 @@ struct tevent_req *sdap_auth_send(TALLOC_CTX *memctx,
const char *password);
int sdap_auth_recv(struct tevent_req *req, enum sdap_result *result);
-
-struct tevent_req *sdap_cache_pw_send(TALLOC_CTX *memctx,
- struct tevent_context *ev,
- struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
- const char *username,
- const char *password);
-
-int sdap_cache_pw_recv(struct tevent_req *req);
diff --git a/server/providers/proxy.c b/server/providers/proxy.c
index 58d52d54..23360945 100644
--- a/server/providers/proxy.c
+++ b/server/providers/proxy.c
@@ -158,12 +158,6 @@ failed:
}
static void proxy_pam_handler_cache_done(struct tevent_req *treq);
-static struct tevent_req *cache_password_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
- const char *username,
- struct authtok_conv *ac);
static void proxy_reply(struct be_req *req,
int error, const char *errstr);
@@ -257,32 +251,46 @@ static void proxy_pam_handler(struct be_req *req) {
pd->pam_status = pam_status;
if (cache_auth_data) {
- struct tevent_req *treq;
+ struct tevent_req *subreq;
+ char *password;
- treq = cache_password_send(req, req->be_ctx->ev,
- req->be_ctx->sysdb,
- req->be_ctx->domain,
- pd->user, auth_data);
- if (!treq) {
+ password = talloc_size(req, auth_data->authtok_size + 1);
+ if (!password) {
/* password caching failures are not fatal errors */
return proxy_reply(req, EOK, NULL);
}
- tevent_req_set_callback(treq, proxy_pam_handler_cache_done, req);
-
- return;
+ memcpy(password, auth_data->authtok, auth_data->authtok_size);
+ password[auth_data->authtok_size] = '\0';
+ talloc_set_destructor((TALLOC_CTX *)password, password_destructor);
+
+ subreq = sysdb_cache_password_send(req, req->be_ctx->ev,
+ req->be_ctx->sysdb, NULL,
+ req->be_ctx->domain,
+ pd->user, password);
+ if (!subreq) {
+ /* password caching failures are not fatal errors */
+ return proxy_reply(req, EOK, NULL);
+ }
+ tevent_req_set_callback(subreq, proxy_pam_handler_cache_done, req);
}
proxy_reply(req, EOK, NULL);
}
-static void proxy_pam_handler_cache_done(struct tevent_req *treq)
+static void proxy_pam_handler_cache_done(struct tevent_req *subreq)
{
- struct be_req *req = tevent_req_callback_data(treq, struct be_req);
+ struct be_req *req = tevent_req_callback_data(subreq, struct be_req);
+ int ret;
/* password caching failures are not fatal errors */
+ ret = sysdb_cache_password_recv(subreq);
+ talloc_zfree(subreq);
- /* so we just ignore any return */
- talloc_zfree(treq);
+ /* so we just log it any return */
+ if (ret) {
+ DEBUG(2, ("Failed to cache password (%d)[%s]!?\n",
+ ret, strerror(ret)));
+ }
return proxy_reply(req, EOK, NULL);
}
@@ -342,115 +350,6 @@ static int proxy_default_recv(struct tevent_req *req)
}
-/* =Password-Caching======================================================*/
-
-struct cache_pw_state {
- struct tevent_context *ev;
- struct sss_domain_info *domain;
- const char *name;
- char *passwd;
-
- struct sysdb_handle *handle;
-};
-
-static void cache_password_process(struct tevent_req *subreq);
-static void cache_password_done(struct tevent_req *subreq);
-
-static struct tevent_req *cache_password_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
- const char *username,
- struct authtok_conv *ac)
-{
- struct tevent_req *req, *subreq;
- struct cache_pw_state *state;
- int ret;
-
- req = tevent_req_create(mem_ctx, &state, struct cache_pw_state);
- if (!req) {
- ret = ENOMEM;
- goto fail;
- }
-
- state->ev = ev;
- state->handle = NULL;
- state->name = username;
-
- state->passwd = talloc_size(state, ac->authtok_size + 1);
- if (!state->passwd) {
- ret = ENOMEM;
- goto fail;
- }
- memcpy(state->passwd, ac->authtok, ac->authtok_size);
- state->passwd[ac->authtok_size] = '\0';
- talloc_set_destructor((TALLOC_CTX *)state->passwd,
- password_destructor);
-
- subreq = sysdb_transaction_send(state, state->ev, sysdb);
- if (!subreq) {
- ret = ENOMEM;
- goto fail;
- }
- tevent_req_set_callback(subreq, cache_password_process, req);
-
- return req;
-
-fail:
- tevent_req_error(req, ret);
- tevent_req_post(req, ev);
- return req;
-}
-
-static void cache_password_process(struct tevent_req *subreq)
-{
- struct tevent_req *req = tevent_req_callback_data(subreq,
- struct tevent_req);
- struct cache_pw_state *state = tevent_req_data(req,
- struct cache_pw_state);
- int ret;
-
- ret = sysdb_transaction_recv(subreq, state, &state->handle);
- if (ret) {
- tevent_req_error(req, ret);
- return;
- }
-
- subreq = sysdb_set_cached_password_send(state, state->ev, state->handle,
- state->domain,
- state->name,
- state->passwd);
- if (!subreq) {
- tevent_req_error(req, ENOMEM);
- return;
- }
- tevent_req_set_callback(subreq, cache_password_done, req);
-}
-
-static void cache_password_done(struct tevent_req *subreq)
-{
- struct tevent_req *req = tevent_req_callback_data(subreq,
- struct tevent_req);
- struct cache_pw_state *state = tevent_req_data(req,
- struct cache_pw_state);
- int ret;
-
- ret = sysdb_set_cached_password_recv(subreq);
- talloc_zfree(subreq);
- if (ret) {
- tevent_req_error(req, ret);
- return;
- }
-
- subreq = sysdb_transaction_commit_send(state, state->ev, state->handle);
- if (!subreq) {
- tevent_req_error(req, ENOMEM);
- return;
- }
- tevent_req_set_callback(subreq, proxy_default_done, req);
-}
-
-
/* =Getpwnam-wrapper======================================================*/
static void get_pw_name_process(struct tevent_req *subreq);