diff options
Diffstat (limited to 'src/providers/ipa')
-rw-r--r-- | src/providers/ipa/ipa_access.c | 42 | ||||
-rw-r--r-- | src/providers/ipa/ipa_auth.c | 22 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_common.c | 16 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hostid.c | 6 | ||||
-rw-r--r-- | src/providers/ipa/ipa_id.c | 13 | ||||
-rw-r--r-- | src/providers/ipa/ipa_selinux.c | 12 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 3 |
7 files changed, 61 insertions, 53 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 1b626029..7a3dbaaf 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -78,23 +78,20 @@ void ipa_access_handler(struct be_req *be_req) struct pam_data *pd; struct ipa_access_ctx *ipa_access_ctx; struct tevent_req *req; + struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); pd = talloc_get_type(be_req->req_data, struct pam_data); - ipa_access_ctx = talloc_get_type( - be_req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data, - struct ipa_access_ctx); + ipa_access_ctx = talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data, + struct ipa_access_ctx); /* First, verify that this account isn't locked. * We need to do this in case the auth phase was * skipped (such as during GSSAPI single-sign-on * or SSH public key exchange. */ - req = sdap_access_send(be_req, - be_req->be_ctx->ev, - be_req->be_ctx, be_req->be_ctx->domain, - ipa_access_ctx->sdap_access_ctx, - pd); + req = sdap_access_send(be_req, be_ctx->ev, be_ctx, be_ctx->domain, + ipa_access_ctx->sdap_access_ctx, pd); if (!req) { be_req_terminate(be_req, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL); return; @@ -105,6 +102,7 @@ void ipa_access_handler(struct be_req *be_req) static void ipa_hbac_check(struct tevent_req *req) { struct be_req *be_req; + struct be_ctx *be_ctx; struct pam_data *pd; struct hbac_ctx *hbac_ctx = NULL; const char *deny_method; @@ -113,6 +111,7 @@ static void ipa_hbac_check(struct tevent_req *req) int ret; be_req = tevent_req_callback_data(req, struct be_req); + be_ctx = be_req_get_be_ctx(be_req); pd = talloc_get_type(be_req->req_data, struct pam_data); ret = sdap_access_recv(req, &pam_status); @@ -147,9 +146,8 @@ static void ipa_hbac_check(struct tevent_req *req) hbac_ctx->be_req = be_req; hbac_ctx->pd = pd; - ipa_access_ctx = talloc_get_type( - be_req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data, - struct ipa_access_ctx); + ipa_access_ctx = talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data, + struct ipa_access_ctx); hbac_ctx->access_ctx = ipa_access_ctx; hbac_ctx->sdap_ctx = ipa_access_ctx->sdap_ctx; hbac_ctx->ipa_options = ipa_access_ctx->ipa_options; @@ -191,8 +189,9 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) bool offline; time_t now, refresh_interval; struct ipa_access_ctx *access_ctx = hbac_ctx->access_ctx; + struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); - offline = be_is_offline(hbac_ctx->be_req->be_ctx); + offline = be_is_offline(be_ctx); DEBUG(9, ("Connection status is [%s].\n", offline ? "offline" : "online")); refresh_interval = dp_opt_get_int(hbac_ctx->ipa_options, @@ -332,6 +331,7 @@ static void hbac_sysdb_save (struct tevent_req *req); static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx) { + struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); const char *hostname; struct tevent_req *req; @@ -345,8 +345,7 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx) hostname = dp_opt_get_string(hbac_ctx->ipa_options, IPA_HOSTNAME); } - req = ipa_host_info_send(hbac_ctx, - hbac_ctx->be_req->be_ctx->ev, + req = ipa_host_info_send(hbac_ctx, be_ctx->ev, sdap_id_op_handle(hbac_ctx->sdap_op), hbac_ctx->sdap_ctx->opts, hostname, @@ -367,6 +366,7 @@ static void hbac_get_service_info_step(struct tevent_req *req) errno_t ret; struct hbac_ctx *hbac_ctx = tevent_req_callback_data(req, struct hbac_ctx); + struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); ret = ipa_host_info_recv(req, hbac_ctx, &hbac_ctx->host_count, @@ -379,8 +379,7 @@ static void hbac_get_service_info_step(struct tevent_req *req) } /* Get services and service groups */ - req = ipa_hbac_service_info_send(hbac_ctx, - hbac_ctx->be_req->be_ctx->ev, + req = ipa_hbac_service_info_send(hbac_ctx, be_ctx->ev, sdap_id_op_handle(hbac_ctx->sdap_op), hbac_ctx->sdap_ctx->opts, hbac_ctx->search_bases); @@ -403,6 +402,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) const char *hostname; struct hbac_ctx *hbac_ctx = tevent_req_callback_data(req, struct hbac_ctx); + struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); ret = ipa_hbac_service_info_recv(req, hbac_ctx, &hbac_ctx->service_count, @@ -445,7 +445,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) /* Get the list of applicable rules */ req = ipa_hbac_rule_info_send(hbac_ctx, hbac_ctx->get_deny_rules, - hbac_ctx->be_req->be_ctx->ev, + be_ctx->ev, sdap_id_op_handle(hbac_ctx->sdap_op), hbac_ctx->sdap_ctx->opts, hbac_ctx->search_bases, @@ -468,10 +468,11 @@ static void hbac_sysdb_save(struct tevent_req *req) bool in_transaction = false; struct hbac_ctx *hbac_ctx = tevent_req_callback_data(req, struct hbac_ctx); - struct sss_domain_info *domain = hbac_ctx->be_req->be_ctx->domain; + struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); + struct sss_domain_info *domain = be_ctx->domain; struct ldb_dn *base_dn; struct ipa_access_ctx *access_ctx = - talloc_get_type(hbac_ctx->be_req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data, + talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data, struct ipa_access_ctx); TALLOC_CTX *tmp_ctx; @@ -594,6 +595,7 @@ fail: void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx) { + struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); errno_t ret; struct hbac_rule **hbac_rules; struct hbac_eval_req *eval_req; @@ -601,7 +603,7 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx) struct hbac_info *info; /* Get HBAC rules from the sysdb */ - ret = hbac_get_cached_rules(hbac_ctx, hbac_ctx->be_req->be_ctx->domain, + ret = hbac_get_cached_rules(hbac_ctx, be_ctx->domain, &hbac_ctx->rule_count, &hbac_ctx->rules); if (ret != EOK) { DEBUG(1, ("Could not retrieve rules from the cache\n")); diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index c0912e64..5c5b34ae 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -190,6 +190,7 @@ void ipa_auth(struct be_req *be_req) struct tevent_req *req; struct ipa_auth_state *state; struct pam_data *pd = talloc_get_type(be_req->req_data, struct pam_data); + struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); state = talloc_zero(be_req, struct ipa_auth_state); if (state == NULL) { @@ -201,28 +202,28 @@ void ipa_auth(struct be_req *be_req) state->sh = NULL; state->be_req = be_req; - state->ev = be_req->be_ctx->ev; + state->ev = be_ctx->ev; state->pd = pd; switch (state->pd->cmd) { case SSS_PAM_AUTHENTICATE: state->ipa_auth_ctx = talloc_get_type( - be_req->be_ctx->bet_info[BET_AUTH].pvt_bet_data, - struct ipa_auth_ctx); + be_ctx->bet_info[BET_AUTH].pvt_bet_data, + struct ipa_auth_ctx); break; case SSS_PAM_CHAUTHTOK: case SSS_PAM_CHAUTHTOK_PRELIM: state->ipa_auth_ctx = talloc_get_type( - be_req->be_ctx->bet_info[BET_CHPASS].pvt_bet_data, - struct ipa_auth_ctx); + be_ctx->bet_info[BET_CHPASS].pvt_bet_data, + struct ipa_auth_ctx); break; default: DEBUG(SSSDBG_OP_FAILURE, ("Unsupported PAM task.\n")); goto fail; } - req = krb5_auth_send(state, state->ev, be_req->be_ctx, state->pd, + req = krb5_auth_send(state, state->ev, be_ctx, state->pd, state->ipa_auth_ctx->krb5_auth_ctx); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_auth_send failed.\n")); @@ -324,6 +325,7 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) { struct ipa_auth_state *state = tevent_req_callback_data(req, struct ipa_auth_state); + struct be_ctx *be_ctx = be_req_get_be_ctx(state->be_req); const char **attrs; struct ldb_message *user_msg; const char *dn; @@ -352,8 +354,8 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) attrs[0] = SYSDB_ORIG_DN; attrs[1] = NULL; - ret = sysdb_search_user_by_name(state, state->be_req->be_ctx->domain->sysdb, - state->be_req->be_ctx->domain, + ret = sysdb_search_user_by_name(state, be_ctx->domain->sysdb, + be_ctx->domain, state->pd->user, attrs, &user_msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_name failed.\n")); @@ -387,6 +389,7 @@ static void ipa_auth_ldap_done(struct tevent_req *req) { struct ipa_auth_state *state = tevent_req_callback_data(req, struct ipa_auth_state); + struct be_ctx *be_ctx = be_req_get_be_ctx(state->be_req); int ret; int dp_err = DP_ERR_FATAL; enum sdap_result result; @@ -412,8 +415,7 @@ static void ipa_auth_ldap_done(struct tevent_req *req) DEBUG(SSSDBG_TRACE_FUNC, ("LDAP authentication succeded, " "trying Kerberos authentication again.\n")); - req = krb5_auth_send(state, state->ev, - state->be_req->be_ctx, state->pd, + req = krb5_auth_send(state, state->ev, be_ctx, state->pd, state->ipa_auth_ctx->krb5_auth_ctx); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_auth_send failed.\n")); diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 17499d31..90ec0ce4 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -264,6 +264,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, size_t idx, struct hbac_rule **rule) { + struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); errno_t ret; struct hbac_rule *new_rule; struct ldb_message_element *el; @@ -306,8 +307,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, } /* Get the users */ - ret = hbac_user_attrs_to_rule(new_rule, - hbac_ctx->be_req->be_ctx->domain, + ret = hbac_user_attrs_to_rule(new_rule, be_ctx->domain, new_rule->name, hbac_ctx->rules[idx], &new_rule->users); @@ -318,8 +318,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, } /* Get the services */ - ret = hbac_service_attrs_to_rule(new_rule, - hbac_ctx->be_req->be_ctx->domain, + ret = hbac_service_attrs_to_rule(new_rule, be_ctx->domain, new_rule->name, hbac_ctx->rules[idx], &new_rule->services); @@ -330,8 +329,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, } /* Get the target hosts */ - ret = hbac_thost_attrs_to_rule(new_rule, - hbac_ctx->be_req->be_ctx->domain, + ret = hbac_thost_attrs_to_rule(new_rule, be_ctx->domain, new_rule->name, hbac_ctx->rules[idx], &new_rule->targethosts); @@ -343,8 +341,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the source hosts */ - ret = hbac_shost_attrs_to_rule(new_rule, - hbac_ctx->be_req->be_ctx->domain, + ret = hbac_shost_attrs_to_rule(new_rule, be_ctx->domain, new_rule->name, hbac_ctx->rules[idx], dp_opt_get_bool(hbac_ctx->ipa_options, @@ -431,7 +428,8 @@ hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx, struct pam_data *pd = hbac_ctx->pd; TALLOC_CTX *tmp_ctx; struct hbac_eval_req *eval_req; - struct sss_domain_info *domain = hbac_ctx->be_req->be_ctx->domain; + struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); + struct sss_domain_info *domain = be_ctx->domain; const char *rhost; const char *thost; struct sss_domain_info *user_dom; diff --git a/src/providers/ipa/ipa_hostid.c b/src/providers/ipa/ipa_hostid.c index b60876cb..448914ba 100644 --- a/src/providers/ipa/ipa_hostid.c +++ b/src/providers/ipa/ipa_hostid.c @@ -55,6 +55,7 @@ ipa_host_info_hosts_done(struct tevent_req *req); void ipa_host_info_handler(struct be_req *breq) { + struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct ipa_hostid_ctx *hostid_ctx; struct sdap_id_ctx *ctx; struct be_host_req *hr; @@ -63,7 +64,8 @@ ipa_host_info_handler(struct be_req *breq) errno_t ret = EOK; const char *err = "Unknown Error"; - hostid_ctx = talloc_get_type(breq->be_ctx->bet_info[BET_HOSTID].pvt_bet_data, struct ipa_hostid_ctx); + hostid_ctx = talloc_get_type(be_ctx->bet_info[BET_HOSTID].pvt_bet_data, + struct ipa_hostid_ctx); ctx = hostid_ctx->sdap_id_ctx; if (be_is_offline(ctx->be)) { @@ -81,7 +83,7 @@ ipa_host_info_handler(struct be_req *breq) goto done; } - req = hosts_get_send(breq, breq->be_ctx->ev, hostid_ctx, + req = hosts_get_send(breq, be_ctx->ev, hostid_ctx, hr->name, hr->alias); if (!req) { ret = ENOMEM; diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 82e29826..0344a184 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -66,12 +66,14 @@ static void ipa_account_info_done(struct tevent_req *req); void ipa_account_info_handler(struct be_req *breq) { + struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct ipa_id_ctx *ipa_ctx; struct sdap_id_ctx *ctx; struct be_acct_req *ar; struct tevent_req *req = NULL; - ipa_ctx = talloc_get_type(breq->be_ctx->bet_info[BET_ID].pvt_bet_data, struct ipa_id_ctx); + ipa_ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, + struct ipa_id_ctx); ctx = ipa_ctx->sdap_id_ctx; if (be_is_offline(ctx->be)) { @@ -80,9 +82,9 @@ void ipa_account_info_handler(struct be_req *breq) ar = talloc_get_type(breq->req_data, struct be_acct_req); - if (strcasecmp(ar->domain, breq->be_ctx->domain->name) != 0) { + if (strcasecmp(ar->domain, be_ctx->domain->name) != 0) { /* if domain names do not match, this is a subdomain case */ - req = ipa_get_subdom_acct_send(breq, breq->be_ctx->ev, ctx, ar); + req = ipa_get_subdom_acct_send(breq, be_ctx->ev, ctx, ar); } else if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_NETGROUP) { /* netgroups are handled by a separate request function */ @@ -90,7 +92,7 @@ void ipa_account_info_handler(struct be_req *breq) return sdap_handler_done(breq, DP_ERR_FATAL, EINVAL, "Invalid filter type"); } - req = ipa_id_get_netgroup_send(breq, breq->be_ctx->ev, + req = ipa_id_get_netgroup_send(breq, be_ctx->ev, ipa_ctx, ar->filter_value); } else { /* any account request is handled by sdap, @@ -321,9 +323,10 @@ static int ipa_id_get_netgroup_recv(struct tevent_req *req, int *dp_error) void ipa_check_online(struct be_req *be_req) { + struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct ipa_id_ctx *ipa_ctx; - ipa_ctx = talloc_get_type(be_req->be_ctx->bet_info[BET_ID].pvt_bet_data, + ipa_ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, struct ipa_id_ctx); return sdap_do_online_check(be_req, ipa_ctx->sdap_id_ctx); diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 8ed17a2f..2203069c 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -82,6 +82,7 @@ struct ipa_selinux_op_ctx { void ipa_selinux_handler(struct be_req *be_req) { + struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct ipa_selinux_ctx *selinux_ctx; struct ipa_selinux_op_ctx *op_ctx; struct tevent_req *req; @@ -90,9 +91,8 @@ void ipa_selinux_handler(struct be_req *be_req) pd = talloc_get_type(be_req->req_data, struct pam_data); - selinux_ctx = talloc_get_type( - be_req->be_ctx->bet_info[BET_SELINUX].pvt_bet_data, - struct ipa_selinux_ctx); + selinux_ctx = talloc_get_type(be_ctx->bet_info[BET_SELINUX].pvt_bet_data, + struct ipa_selinux_ctx); hostname = dp_opt_get_string(selinux_ctx->id_ctx->ipa_options->basic, IPA_HOSTNAME); @@ -101,15 +101,15 @@ void ipa_selinux_handler(struct be_req *be_req) goto fail; } - op_ctx = ipa_selinux_create_op_ctx(be_req, be_req->be_ctx->domain->sysdb, - be_req->be_ctx->domain, + op_ctx = ipa_selinux_create_op_ctx(be_req, be_ctx->domain->sysdb, + be_ctx->domain, be_req, pd->user, hostname); if (op_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot create op context\n")); goto fail; } - req = ipa_get_selinux_send(be_req, be_req->be_ctx, + req = ipa_get_selinux_send(be_req, be_ctx, op_ctx->user, op_ctx->host, selinux_ctx); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initiate the search\n")); diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index e234ca1b..c9ab3aad 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -992,10 +992,11 @@ done: void ipa_subdomains_handler(struct be_req *be_req) { + struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct ipa_subdomains_ctx *ctx; time_t now; - ctx = talloc_get_type(be_req->be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data, + ctx = talloc_get_type(be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data, struct ipa_subdomains_ctx); if (!ctx) { be_req_terminate(be_req, DP_ERR_FATAL, EINVAL, NULL); |