From 249a28dbf31e11794c7f35d709c5561c1555898d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 10 Jan 2013 16:36:22 -0500 Subject: Pass domain not be_req to access check functions --- src/providers/ad/ad_access.c | 11 +++++++---- src/providers/ipa/ipa_access.c | 2 +- src/providers/ldap/ldap_access.c | 3 ++- src/providers/ldap/sdap_access.c | 36 +++++++++++++++++++++--------------- src/providers/ldap/sdap_access.h | 3 ++- 5 files changed, 33 insertions(+), 22 deletions(-) (limited to 'src') diff --git a/src/providers/ad/ad_access.c b/src/providers/ad/ad_access.c index 16b2423f..ec086d4e 100644 --- a/src/providers/ad/ad_access.c +++ b/src/providers/ad/ad_access.c @@ -39,22 +39,25 @@ ad_access_handler(struct be_req *breq) struct ad_access_ctx); struct pam_data *pd = talloc_get_type(breq->req_data, struct pam_data); + struct sss_domain_info *domain; /* Handle subdomains */ if (strcasecmp(pd->domain, breq->be_ctx->domain->name) != 0) { - breq->domain = new_subdomain(breq, breq->be_ctx->domain, pd->domain, - NULL, NULL); - if (breq->domain == NULL) { + domain = new_subdomain(breq, breq->be_ctx->domain, + pd->domain, NULL, NULL); + if (domain == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("new_subdomain failed.\n")); breq->fn(breq, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL); return; } + } else { + domain = breq->be_ctx->domain; } /* Verify that the account is not locked */ req = sdap_access_send(breq, breq->be_ctx->ev, - breq, + breq->be_ctx, domain, access_ctx->sdap_access_ctx, pd); if (!req) { diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 0d0b600c..c2c9bb58 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -92,7 +92,7 @@ void ipa_access_handler(struct be_req *be_req) */ req = sdap_access_send(be_req, be_req->be_ctx->ev, - be_req, + be_req->be_ctx, be_req->be_ctx->domain, ipa_access_ctx->sdap_access_ctx, pd); if (!req) { diff --git a/src/providers/ldap/ldap_access.c b/src/providers/ldap/ldap_access.c index 18661335..83f27736 100644 --- a/src/providers/ldap/ldap_access.c +++ b/src/providers/ldap/ldap_access.c @@ -56,7 +56,8 @@ void sdap_pam_access_handler(struct be_req *breq) req = sdap_access_send(breq, breq->be_ctx->ev, - breq, + breq->be_ctx, + breq->be_ctx->domain, access_ctx, pd); if (req == NULL) { diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 18d38ebb..ee20a84a 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -42,7 +42,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct be_req *be_req, + struct be_ctx *be_ctx, + struct sss_domain_info *domain, struct sdap_access_ctx *access_ctx, const char *username, struct ldb_message *user_entry); @@ -78,7 +79,8 @@ struct sdap_access_req_ctx { struct pam_data *pd; struct tevent_context *ev; struct sdap_access_ctx *access_ctx; - struct be_req *be_req; + struct be_ctx *be_ctx; + struct sss_domain_info *domain; int pam_status; struct ldb_message *user_entry; size_t current_rule; @@ -88,7 +90,8 @@ static errno_t select_next_rule(struct tevent_req *req); struct tevent_req * sdap_access_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct be_req *be_req, + struct be_ctx *be_ctx, + struct sss_domain_info *domain, struct sdap_access_ctx *access_ctx, struct pam_data *pd) { @@ -105,7 +108,8 @@ sdap_access_send(TALLOC_CTX *mem_ctx, return NULL; } - state->be_req = be_req; + state->be_ctx = be_ctx; + state->domain = domain; state->pd = pd; state->pam_status = PAM_SYSTEM_ERR; state->ev = ev; @@ -122,8 +126,8 @@ sdap_access_send(TALLOC_CTX *mem_ctx, } /* Get original user DN, take care of subdomain users as well */ - if (strcasecmp(pd->domain, be_req->be_ctx->domain->name) != 0) { - user_dom = new_subdomain(state, be_req->be_ctx->domain, pd->domain, + if (strcasecmp(pd->domain, be_ctx->domain->name) != 0) { + user_dom = new_subdomain(state, be_ctx->domain, pd->domain, NULL, NULL); if (user_dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("new_subdomain failed.\n")); @@ -133,7 +137,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx, ret = sysdb_get_user_attr(state, user_dom->sysdb, user_dom, pd->user, attrs, &res); } else { - ret = sysdb_get_user_attr(state, be_req->domain->sysdb, be_req->domain, + ret = sysdb_get_user_attr(state, domain->sysdb, domain, pd->user, attrs, &res); } if (ret != EOK) { @@ -197,7 +201,8 @@ static errno_t select_next_rule(struct tevent_req *req) break; case LDAP_ACCESS_FILTER: - subreq = sdap_access_filter_send(state, state->ev, state->be_req, + subreq = sdap_access_filter_send(state, state->ev, state->be_ctx, + state->domain, state->access_ctx, state->pd->user, state->user_entry); @@ -724,7 +729,7 @@ struct sdap_access_filter_req_ctx { struct sdap_id_ctx *sdap_ctx; struct sdap_id_op *sdap_op; struct sysdb_handle *handle; - struct be_req *be_req; + struct sss_domain_info *domain; int pam_status; bool cached_access; char *basedn; @@ -736,7 +741,8 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq); static void sdap_access_filter_get_access_done(struct tevent_req *req); static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct be_req *be_req, + struct be_ctx *be_ctx, + struct sss_domain_info *domain, struct sdap_access_ctx *access_ctx, const char *username, struct ldb_message *user_entry) @@ -757,17 +763,17 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, DEBUG(6, ("No filter set. Access is denied.\n")); state->pam_status = PAM_PERM_DENIED; tevent_req_done(req); - tevent_req_post(req, be_req->be_ctx->ev); + tevent_req_post(req, ev); return req; } state->filter = NULL; - state->be_req = be_req; state->username = username; state->pam_status = PAM_SYSTEM_ERR; state->sdap_ctx = access_ctx->id_ctx; state->ev = ev; state->access_ctx = access_ctx; + state->domain = domain; DEBUG(6, ("Performing access filter check for user [%s]\n", username)); @@ -775,7 +781,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, SYSDB_LDAP_ACCESS_FILTER, false); /* Ok, we have one result, check if we are online or offline */ - if (be_is_offline(state->be_req->be_ctx)) { + if (be_is_offline(be_ctx)) { /* Ok, we're offline. Return from the cache */ sdap_access_filter_decide_offline(req); goto finished; @@ -1018,8 +1024,8 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) goto done; } - ret = sysdb_set_user_attr(state->be_req->domain->sysdb, - state->be_req->domain, + ret = sysdb_set_user_attr(state->domain->sysdb, + state->domain, state->username, attrs, SYSDB_MOD_REP); if (ret != EOK) { diff --git a/src/providers/ldap/sdap_access.h b/src/providers/ldap/sdap_access.h index 08c6efe2..4f5f7201 100644 --- a/src/providers/ldap/sdap_access.h +++ b/src/providers/ldap/sdap_access.h @@ -59,7 +59,8 @@ struct sdap_access_ctx { struct tevent_req * sdap_access_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct be_req *be_req, + struct be_ctx *be_ctx, + struct sss_domain_info *domain, struct sdap_access_ctx *access_ctx, struct pam_data *pd); errno_t -- cgit