diff options
Diffstat (limited to 'src/providers/ldap/sdap_access.c')
-rw-r--r-- | src/providers/ldap/sdap_access.c | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 18d38ebb..ee20a84a 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -42,7 +42,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct be_req *be_req, + struct be_ctx *be_ctx, + struct sss_domain_info *domain, struct sdap_access_ctx *access_ctx, const char *username, struct ldb_message *user_entry); @@ -78,7 +79,8 @@ struct sdap_access_req_ctx { struct pam_data *pd; struct tevent_context *ev; struct sdap_access_ctx *access_ctx; - struct be_req *be_req; + struct be_ctx *be_ctx; + struct sss_domain_info *domain; int pam_status; struct ldb_message *user_entry; size_t current_rule; @@ -88,7 +90,8 @@ static errno_t select_next_rule(struct tevent_req *req); struct tevent_req * sdap_access_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct be_req *be_req, + struct be_ctx *be_ctx, + struct sss_domain_info *domain, struct sdap_access_ctx *access_ctx, struct pam_data *pd) { @@ -105,7 +108,8 @@ sdap_access_send(TALLOC_CTX *mem_ctx, return NULL; } - state->be_req = be_req; + state->be_ctx = be_ctx; + state->domain = domain; state->pd = pd; state->pam_status = PAM_SYSTEM_ERR; state->ev = ev; @@ -122,8 +126,8 @@ sdap_access_send(TALLOC_CTX *mem_ctx, } /* Get original user DN, take care of subdomain users as well */ - if (strcasecmp(pd->domain, be_req->be_ctx->domain->name) != 0) { - user_dom = new_subdomain(state, be_req->be_ctx->domain, pd->domain, + if (strcasecmp(pd->domain, be_ctx->domain->name) != 0) { + user_dom = new_subdomain(state, be_ctx->domain, pd->domain, NULL, NULL); if (user_dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("new_subdomain failed.\n")); @@ -133,7 +137,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx, ret = sysdb_get_user_attr(state, user_dom->sysdb, user_dom, pd->user, attrs, &res); } else { - ret = sysdb_get_user_attr(state, be_req->domain->sysdb, be_req->domain, + ret = sysdb_get_user_attr(state, domain->sysdb, domain, pd->user, attrs, &res); } if (ret != EOK) { @@ -197,7 +201,8 @@ static errno_t select_next_rule(struct tevent_req *req) break; case LDAP_ACCESS_FILTER: - subreq = sdap_access_filter_send(state, state->ev, state->be_req, + subreq = sdap_access_filter_send(state, state->ev, state->be_ctx, + state->domain, state->access_ctx, state->pd->user, state->user_entry); @@ -724,7 +729,7 @@ struct sdap_access_filter_req_ctx { struct sdap_id_ctx *sdap_ctx; struct sdap_id_op *sdap_op; struct sysdb_handle *handle; - struct be_req *be_req; + struct sss_domain_info *domain; int pam_status; bool cached_access; char *basedn; @@ -736,7 +741,8 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq); static void sdap_access_filter_get_access_done(struct tevent_req *req); static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct be_req *be_req, + struct be_ctx *be_ctx, + struct sss_domain_info *domain, struct sdap_access_ctx *access_ctx, const char *username, struct ldb_message *user_entry) @@ -757,17 +763,17 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, DEBUG(6, ("No filter set. Access is denied.\n")); state->pam_status = PAM_PERM_DENIED; tevent_req_done(req); - tevent_req_post(req, be_req->be_ctx->ev); + tevent_req_post(req, ev); return req; } state->filter = NULL; - state->be_req = be_req; state->username = username; state->pam_status = PAM_SYSTEM_ERR; state->sdap_ctx = access_ctx->id_ctx; state->ev = ev; state->access_ctx = access_ctx; + state->domain = domain; DEBUG(6, ("Performing access filter check for user [%s]\n", username)); @@ -775,7 +781,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, SYSDB_LDAP_ACCESS_FILTER, false); /* Ok, we have one result, check if we are online or offline */ - if (be_is_offline(state->be_req->be_ctx)) { + if (be_is_offline(be_ctx)) { /* Ok, we're offline. Return from the cache */ sdap_access_filter_decide_offline(req); goto finished; @@ -1018,8 +1024,8 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) goto done; } - ret = sysdb_set_user_attr(state->be_req->domain->sysdb, - state->be_req->domain, + ret = sysdb_set_user_attr(state->domain->sysdb, + state->domain, state->username, attrs, SYSDB_MOD_REP); if (ret != EOK) { |