summaryrefslogtreecommitdiff
path: root/src/providers/ipa
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_access.c42
-rw-r--r--src/providers/ipa/ipa_auth.c22
-rw-r--r--src/providers/ipa/ipa_hbac_common.c16
-rw-r--r--src/providers/ipa/ipa_hostid.c6
-rw-r--r--src/providers/ipa/ipa_id.c13
-rw-r--r--src/providers/ipa/ipa_selinux.c12
-rw-r--r--src/providers/ipa/ipa_subdomains.c3
7 files changed, 61 insertions, 53 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 1b626029..7a3dbaaf 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -78,23 +78,20 @@ void ipa_access_handler(struct be_req *be_req)
struct pam_data *pd;
struct ipa_access_ctx *ipa_access_ctx;
struct tevent_req *req;
+ struct be_ctx *be_ctx = be_req_get_be_ctx(be_req);
pd = talloc_get_type(be_req->req_data, struct pam_data);
- ipa_access_ctx = talloc_get_type(
- be_req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
- struct ipa_access_ctx);
+ ipa_access_ctx = talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
+ struct ipa_access_ctx);
/* First, verify that this account isn't locked.
* We need to do this in case the auth phase was
* skipped (such as during GSSAPI single-sign-on
* or SSH public key exchange.
*/
- req = sdap_access_send(be_req,
- be_req->be_ctx->ev,
- be_req->be_ctx, be_req->be_ctx->domain,
- ipa_access_ctx->sdap_access_ctx,
- pd);
+ req = sdap_access_send(be_req, be_ctx->ev, be_ctx, be_ctx->domain,
+ ipa_access_ctx->sdap_access_ctx, pd);
if (!req) {
be_req_terminate(be_req, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL);
return;
@@ -105,6 +102,7 @@ void ipa_access_handler(struct be_req *be_req)
static void ipa_hbac_check(struct tevent_req *req)
{
struct be_req *be_req;
+ struct be_ctx *be_ctx;
struct pam_data *pd;
struct hbac_ctx *hbac_ctx = NULL;
const char *deny_method;
@@ -113,6 +111,7 @@ static void ipa_hbac_check(struct tevent_req *req)
int ret;
be_req = tevent_req_callback_data(req, struct be_req);
+ be_ctx = be_req_get_be_ctx(be_req);
pd = talloc_get_type(be_req->req_data, struct pam_data);
ret = sdap_access_recv(req, &pam_status);
@@ -147,9 +146,8 @@ static void ipa_hbac_check(struct tevent_req *req)
hbac_ctx->be_req = be_req;
hbac_ctx->pd = pd;
- ipa_access_ctx = talloc_get_type(
- be_req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
- struct ipa_access_ctx);
+ ipa_access_ctx = talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
+ struct ipa_access_ctx);
hbac_ctx->access_ctx = ipa_access_ctx;
hbac_ctx->sdap_ctx = ipa_access_ctx->sdap_ctx;
hbac_ctx->ipa_options = ipa_access_ctx->ipa_options;
@@ -191,8 +189,9 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx)
bool offline;
time_t now, refresh_interval;
struct ipa_access_ctx *access_ctx = hbac_ctx->access_ctx;
+ struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req);
- offline = be_is_offline(hbac_ctx->be_req->be_ctx);
+ offline = be_is_offline(be_ctx);
DEBUG(9, ("Connection status is [%s].\n", offline ? "offline" : "online"));
refresh_interval = dp_opt_get_int(hbac_ctx->ipa_options,
@@ -332,6 +331,7 @@ static void hbac_sysdb_save (struct tevent_req *req);
static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx)
{
+ struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req);
const char *hostname;
struct tevent_req *req;
@@ -345,8 +345,7 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx)
hostname = dp_opt_get_string(hbac_ctx->ipa_options, IPA_HOSTNAME);
}
- req = ipa_host_info_send(hbac_ctx,
- hbac_ctx->be_req->be_ctx->ev,
+ req = ipa_host_info_send(hbac_ctx, be_ctx->ev,
sdap_id_op_handle(hbac_ctx->sdap_op),
hbac_ctx->sdap_ctx->opts,
hostname,
@@ -367,6 +366,7 @@ static void hbac_get_service_info_step(struct tevent_req *req)
errno_t ret;
struct hbac_ctx *hbac_ctx =
tevent_req_callback_data(req, struct hbac_ctx);
+ struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req);
ret = ipa_host_info_recv(req, hbac_ctx,
&hbac_ctx->host_count,
@@ -379,8 +379,7 @@ static void hbac_get_service_info_step(struct tevent_req *req)
}
/* Get services and service groups */
- req = ipa_hbac_service_info_send(hbac_ctx,
- hbac_ctx->be_req->be_ctx->ev,
+ req = ipa_hbac_service_info_send(hbac_ctx, be_ctx->ev,
sdap_id_op_handle(hbac_ctx->sdap_op),
hbac_ctx->sdap_ctx->opts,
hbac_ctx->search_bases);
@@ -403,6 +402,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req)
const char *hostname;
struct hbac_ctx *hbac_ctx =
tevent_req_callback_data(req, struct hbac_ctx);
+ struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req);
ret = ipa_hbac_service_info_recv(req, hbac_ctx,
&hbac_ctx->service_count,
@@ -445,7 +445,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req)
/* Get the list of applicable rules */
req = ipa_hbac_rule_info_send(hbac_ctx,
hbac_ctx->get_deny_rules,
- hbac_ctx->be_req->be_ctx->ev,
+ be_ctx->ev,
sdap_id_op_handle(hbac_ctx->sdap_op),
hbac_ctx->sdap_ctx->opts,
hbac_ctx->search_bases,
@@ -468,10 +468,11 @@ static void hbac_sysdb_save(struct tevent_req *req)
bool in_transaction = false;
struct hbac_ctx *hbac_ctx =
tevent_req_callback_data(req, struct hbac_ctx);
- struct sss_domain_info *domain = hbac_ctx->be_req->be_ctx->domain;
+ struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req);
+ struct sss_domain_info *domain = be_ctx->domain;
struct ldb_dn *base_dn;
struct ipa_access_ctx *access_ctx =
- talloc_get_type(hbac_ctx->be_req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
+ talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
struct ipa_access_ctx);
TALLOC_CTX *tmp_ctx;
@@ -594,6 +595,7 @@ fail:
void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx)
{
+ struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req);
errno_t ret;
struct hbac_rule **hbac_rules;
struct hbac_eval_req *eval_req;
@@ -601,7 +603,7 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx)
struct hbac_info *info;
/* Get HBAC rules from the sysdb */
- ret = hbac_get_cached_rules(hbac_ctx, hbac_ctx->be_req->be_ctx->domain,
+ ret = hbac_get_cached_rules(hbac_ctx, be_ctx->domain,
&hbac_ctx->rule_count, &hbac_ctx->rules);
if (ret != EOK) {
DEBUG(1, ("Could not retrieve rules from the cache\n"));
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c
index c0912e64..5c5b34ae 100644
--- a/src/providers/ipa/ipa_auth.c
+++ b/src/providers/ipa/ipa_auth.c
@@ -190,6 +190,7 @@ void ipa_auth(struct be_req *be_req)
struct tevent_req *req;
struct ipa_auth_state *state;
struct pam_data *pd = talloc_get_type(be_req->req_data, struct pam_data);
+ struct be_ctx *be_ctx = be_req_get_be_ctx(be_req);
state = talloc_zero(be_req, struct ipa_auth_state);
if (state == NULL) {
@@ -201,28 +202,28 @@ void ipa_auth(struct be_req *be_req)
state->sh = NULL;
state->be_req = be_req;
- state->ev = be_req->be_ctx->ev;
+ state->ev = be_ctx->ev;
state->pd = pd;
switch (state->pd->cmd) {
case SSS_PAM_AUTHENTICATE:
state->ipa_auth_ctx = talloc_get_type(
- be_req->be_ctx->bet_info[BET_AUTH].pvt_bet_data,
- struct ipa_auth_ctx);
+ be_ctx->bet_info[BET_AUTH].pvt_bet_data,
+ struct ipa_auth_ctx);
break;
case SSS_PAM_CHAUTHTOK:
case SSS_PAM_CHAUTHTOK_PRELIM:
state->ipa_auth_ctx = talloc_get_type(
- be_req->be_ctx->bet_info[BET_CHPASS].pvt_bet_data,
- struct ipa_auth_ctx);
+ be_ctx->bet_info[BET_CHPASS].pvt_bet_data,
+ struct ipa_auth_ctx);
break;
default:
DEBUG(SSSDBG_OP_FAILURE, ("Unsupported PAM task.\n"));
goto fail;
}
- req = krb5_auth_send(state, state->ev, be_req->be_ctx, state->pd,
+ req = krb5_auth_send(state, state->ev, be_ctx, state->pd,
state->ipa_auth_ctx->krb5_auth_ctx);
if (req == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("krb5_auth_send failed.\n"));
@@ -324,6 +325,7 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req)
{
struct ipa_auth_state *state = tevent_req_callback_data(req,
struct ipa_auth_state);
+ struct be_ctx *be_ctx = be_req_get_be_ctx(state->be_req);
const char **attrs;
struct ldb_message *user_msg;
const char *dn;
@@ -352,8 +354,8 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req)
attrs[0] = SYSDB_ORIG_DN;
attrs[1] = NULL;
- ret = sysdb_search_user_by_name(state, state->be_req->be_ctx->domain->sysdb,
- state->be_req->be_ctx->domain,
+ ret = sysdb_search_user_by_name(state, be_ctx->domain->sysdb,
+ be_ctx->domain,
state->pd->user, attrs, &user_msg);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_name failed.\n"));
@@ -387,6 +389,7 @@ static void ipa_auth_ldap_done(struct tevent_req *req)
{
struct ipa_auth_state *state = tevent_req_callback_data(req,
struct ipa_auth_state);
+ struct be_ctx *be_ctx = be_req_get_be_ctx(state->be_req);
int ret;
int dp_err = DP_ERR_FATAL;
enum sdap_result result;
@@ -412,8 +415,7 @@ static void ipa_auth_ldap_done(struct tevent_req *req)
DEBUG(SSSDBG_TRACE_FUNC, ("LDAP authentication succeded, "
"trying Kerberos authentication again.\n"));
- req = krb5_auth_send(state, state->ev,
- state->be_req->be_ctx, state->pd,
+ req = krb5_auth_send(state, state->ev, be_ctx, state->pd,
state->ipa_auth_ctx->krb5_auth_ctx);
if (req == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("krb5_auth_send failed.\n"));
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c
index 17499d31..90ec0ce4 100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -264,6 +264,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
size_t idx,
struct hbac_rule **rule)
{
+ struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req);
errno_t ret;
struct hbac_rule *new_rule;
struct ldb_message_element *el;
@@ -306,8 +307,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
}
/* Get the users */
- ret = hbac_user_attrs_to_rule(new_rule,
- hbac_ctx->be_req->be_ctx->domain,
+ ret = hbac_user_attrs_to_rule(new_rule, be_ctx->domain,
new_rule->name,
hbac_ctx->rules[idx],
&new_rule->users);
@@ -318,8 +318,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
}
/* Get the services */
- ret = hbac_service_attrs_to_rule(new_rule,
- hbac_ctx->be_req->be_ctx->domain,
+ ret = hbac_service_attrs_to_rule(new_rule, be_ctx->domain,
new_rule->name,
hbac_ctx->rules[idx],
&new_rule->services);
@@ -330,8 +329,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
}
/* Get the target hosts */
- ret = hbac_thost_attrs_to_rule(new_rule,
- hbac_ctx->be_req->be_ctx->domain,
+ ret = hbac_thost_attrs_to_rule(new_rule, be_ctx->domain,
new_rule->name,
hbac_ctx->rules[idx],
&new_rule->targethosts);
@@ -343,8 +341,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Get the source hosts */
- ret = hbac_shost_attrs_to_rule(new_rule,
- hbac_ctx->be_req->be_ctx->domain,
+ ret = hbac_shost_attrs_to_rule(new_rule, be_ctx->domain,
new_rule->name,
hbac_ctx->rules[idx],
dp_opt_get_bool(hbac_ctx->ipa_options,
@@ -431,7 +428,8 @@ hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx,
struct pam_data *pd = hbac_ctx->pd;
TALLOC_CTX *tmp_ctx;
struct hbac_eval_req *eval_req;
- struct sss_domain_info *domain = hbac_ctx->be_req->be_ctx->domain;
+ struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req);
+ struct sss_domain_info *domain = be_ctx->domain;
const char *rhost;
const char *thost;
struct sss_domain_info *user_dom;
diff --git a/src/providers/ipa/ipa_hostid.c b/src/providers/ipa/ipa_hostid.c
index b60876cb..448914ba 100644
--- a/src/providers/ipa/ipa_hostid.c
+++ b/src/providers/ipa/ipa_hostid.c
@@ -55,6 +55,7 @@ ipa_host_info_hosts_done(struct tevent_req *req);
void
ipa_host_info_handler(struct be_req *breq)
{
+ struct be_ctx *be_ctx = be_req_get_be_ctx(breq);
struct ipa_hostid_ctx *hostid_ctx;
struct sdap_id_ctx *ctx;
struct be_host_req *hr;
@@ -63,7 +64,8 @@ ipa_host_info_handler(struct be_req *breq)
errno_t ret = EOK;
const char *err = "Unknown Error";
- hostid_ctx = talloc_get_type(breq->be_ctx->bet_info[BET_HOSTID].pvt_bet_data, struct ipa_hostid_ctx);
+ hostid_ctx = talloc_get_type(be_ctx->bet_info[BET_HOSTID].pvt_bet_data,
+ struct ipa_hostid_ctx);
ctx = hostid_ctx->sdap_id_ctx;
if (be_is_offline(ctx->be)) {
@@ -81,7 +83,7 @@ ipa_host_info_handler(struct be_req *breq)
goto done;
}
- req = hosts_get_send(breq, breq->be_ctx->ev, hostid_ctx,
+ req = hosts_get_send(breq, be_ctx->ev, hostid_ctx,
hr->name, hr->alias);
if (!req) {
ret = ENOMEM;
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
index 82e29826..0344a184 100644
--- a/src/providers/ipa/ipa_id.c
+++ b/src/providers/ipa/ipa_id.c
@@ -66,12 +66,14 @@ static void ipa_account_info_done(struct tevent_req *req);
void ipa_account_info_handler(struct be_req *breq)
{
+ struct be_ctx *be_ctx = be_req_get_be_ctx(breq);
struct ipa_id_ctx *ipa_ctx;
struct sdap_id_ctx *ctx;
struct be_acct_req *ar;
struct tevent_req *req = NULL;
- ipa_ctx = talloc_get_type(breq->be_ctx->bet_info[BET_ID].pvt_bet_data, struct ipa_id_ctx);
+ ipa_ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data,
+ struct ipa_id_ctx);
ctx = ipa_ctx->sdap_id_ctx;
if (be_is_offline(ctx->be)) {
@@ -80,9 +82,9 @@ void ipa_account_info_handler(struct be_req *breq)
ar = talloc_get_type(breq->req_data, struct be_acct_req);
- if (strcasecmp(ar->domain, breq->be_ctx->domain->name) != 0) {
+ if (strcasecmp(ar->domain, be_ctx->domain->name) != 0) {
/* if domain names do not match, this is a subdomain case */
- req = ipa_get_subdom_acct_send(breq, breq->be_ctx->ev, ctx, ar);
+ req = ipa_get_subdom_acct_send(breq, be_ctx->ev, ctx, ar);
} else if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_NETGROUP) {
/* netgroups are handled by a separate request function */
@@ -90,7 +92,7 @@ void ipa_account_info_handler(struct be_req *breq)
return sdap_handler_done(breq, DP_ERR_FATAL,
EINVAL, "Invalid filter type");
}
- req = ipa_id_get_netgroup_send(breq, breq->be_ctx->ev,
+ req = ipa_id_get_netgroup_send(breq, be_ctx->ev,
ipa_ctx, ar->filter_value);
} else {
/* any account request is handled by sdap,
@@ -321,9 +323,10 @@ static int ipa_id_get_netgroup_recv(struct tevent_req *req, int *dp_error)
void ipa_check_online(struct be_req *be_req)
{
+ struct be_ctx *be_ctx = be_req_get_be_ctx(be_req);
struct ipa_id_ctx *ipa_ctx;
- ipa_ctx = talloc_get_type(be_req->be_ctx->bet_info[BET_ID].pvt_bet_data,
+ ipa_ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data,
struct ipa_id_ctx);
return sdap_do_online_check(be_req, ipa_ctx->sdap_id_ctx);
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index 8ed17a2f..2203069c 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -82,6 +82,7 @@ struct ipa_selinux_op_ctx {
void ipa_selinux_handler(struct be_req *be_req)
{
+ struct be_ctx *be_ctx = be_req_get_be_ctx(be_req);
struct ipa_selinux_ctx *selinux_ctx;
struct ipa_selinux_op_ctx *op_ctx;
struct tevent_req *req;
@@ -90,9 +91,8 @@ void ipa_selinux_handler(struct be_req *be_req)
pd = talloc_get_type(be_req->req_data, struct pam_data);
- selinux_ctx = talloc_get_type(
- be_req->be_ctx->bet_info[BET_SELINUX].pvt_bet_data,
- struct ipa_selinux_ctx);
+ selinux_ctx = talloc_get_type(be_ctx->bet_info[BET_SELINUX].pvt_bet_data,
+ struct ipa_selinux_ctx);
hostname = dp_opt_get_string(selinux_ctx->id_ctx->ipa_options->basic,
IPA_HOSTNAME);
@@ -101,15 +101,15 @@ void ipa_selinux_handler(struct be_req *be_req)
goto fail;
}
- op_ctx = ipa_selinux_create_op_ctx(be_req, be_req->be_ctx->domain->sysdb,
- be_req->be_ctx->domain,
+ op_ctx = ipa_selinux_create_op_ctx(be_req, be_ctx->domain->sysdb,
+ be_ctx->domain,
be_req, pd->user, hostname);
if (op_ctx == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("Cannot create op context\n"));
goto fail;
}
- req = ipa_get_selinux_send(be_req, be_req->be_ctx,
+ req = ipa_get_selinux_send(be_req, be_ctx,
op_ctx->user, op_ctx->host, selinux_ctx);
if (req == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("Cannot initiate the search\n"));
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index e234ca1b..c9ab3aad 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -992,10 +992,11 @@ done:
void ipa_subdomains_handler(struct be_req *be_req)
{
+ struct be_ctx *be_ctx = be_req_get_be_ctx(be_req);
struct ipa_subdomains_ctx *ctx;
time_t now;
- ctx = talloc_get_type(be_req->be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data,
+ ctx = talloc_get_type(be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data,
struct ipa_subdomains_ctx);
if (!ctx) {
be_req_terminate(be_req, DP_ERR_FATAL, EINVAL, NULL);