summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-01-09 23:14:40 -0500
committerJakub Hrozek <jhrozek@redhat.com>2013-01-21 22:17:33 +0100
commit7a468783159880f81f7cd9270ee94bf0954d6a56 (patch)
tree783e9fc503f3cb322e1b3d2e8dd0d8289287be1a
parent7a92ae1598735ff69e36c72a7be60292ccad41d3 (diff)
downloadsssd-7a468783159880f81f7cd9270ee94bf0954d6a56.tar.gz
sssd-7a468783159880f81f7cd9270ee94bf0954d6a56.tar.xz
sssd-7a468783159880f81f7cd9270ee94bf0954d6a56.zip
Move ldap provider access functions
It was confusing to see the ldap provider own handler mixed with the generic ldap access code used also by the ipa and ad providers. So move the ldap provider handler code in its own file.
-rw-r--r--Makefile.am1
-rw-r--r--src/providers/ldap/ldap_access.c86
-rw-r--r--src/providers/ldap/sdap_access.c59
3 files changed, 87 insertions, 59 deletions
diff --git a/Makefile.am b/Makefile.am
index 5cc009154..b96ab0428 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1311,6 +1311,7 @@ libsss_krb5_common_la_SOURCES = \
libsss_ldap_la_SOURCES = \
src/util/find_uid.c \
src/providers/ldap/ldap_init.c \
+ src/providers/ldap/ldap_access.c \
src/providers/krb5/krb5_common.c \
src/providers/krb5/krb5_utils.c \
src/util/user_info_msg.c \
diff --git a/src/providers/ldap/ldap_access.c b/src/providers/ldap/ldap_access.c
new file mode 100644
index 000000000..186613356
--- /dev/null
+++ b/src/providers/ldap/ldap_access.c
@@ -0,0 +1,86 @@
+/*
+ SSSD
+
+ ldap_access.c
+
+ Authors:
+ Simo Sorce <ssorce@redhat.com>
+
+ Copyright (C) 2013 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <security/pam_modules.h>
+#include "src/util/util.h"
+#include "src/providers/data_provider.h"
+#include "src/providers/dp_backend.h"
+#include "src/providers/ldap/sdap_access.h"
+
+static void sdap_access_reply(struct be_req *be_req, int pam_status)
+{
+ struct pam_data *pd;
+ pd = talloc_get_type(be_req->req_data, struct pam_data);
+ pd->pam_status = pam_status;
+
+ if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED) {
+ be_req->fn(be_req, DP_ERR_OK, pam_status, NULL);
+ } else {
+ be_req->fn(be_req, DP_ERR_FATAL, pam_status, NULL);
+ }
+}
+
+static void sdap_access_done(struct tevent_req *req);
+void sdap_pam_access_handler(struct be_req *breq)
+{
+ struct pam_data *pd;
+ struct tevent_req *req;
+ struct sdap_access_ctx *access_ctx;
+
+ pd = talloc_get_type(breq->req_data, struct pam_data);
+
+ access_ctx =
+ talloc_get_type(breq->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
+ struct sdap_access_ctx);
+
+ req = sdap_access_send(breq,
+ breq->be_ctx->ev,
+ breq,
+ access_ctx,
+ pd);
+ if (req == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to start sdap_access request\n"));
+ sdap_access_reply(breq, PAM_SYSTEM_ERR);
+ return;
+ }
+
+ tevent_req_set_callback(req, sdap_access_done, breq);
+}
+
+static void sdap_access_done(struct tevent_req *req)
+{
+ errno_t ret;
+ int pam_status = PAM_SYSTEM_ERR;
+ struct be_req *breq =
+ tevent_req_callback_data(req, struct be_req);
+
+ ret = sdap_access_recv(req, &pam_status);
+ talloc_zfree(req);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Error retrieving access check result.\n"));
+ pam_status = PAM_SYSTEM_ERR;
+ }
+
+ sdap_access_reply(breq, pam_status);
+}
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index a703f8b05..42e321d2f 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -40,21 +40,6 @@
#include "providers/data_provider.h"
#include "providers/dp_backend.h"
-static void sdap_access_reply(struct be_req *be_req, int pam_status)
-{
- struct pam_data *pd;
- pd = talloc_get_type(be_req->req_data, struct pam_data);
- pd->pam_status = pam_status;
-
- if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED) {
- be_req->fn(be_req, DP_ERR_OK, pam_status, NULL);
- }
-
- else {
- be_req->fn(be_req, DP_ERR_FATAL, pam_status, NULL);
- }
-}
-
static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct be_req *be_req,
@@ -89,33 +74,6 @@ static struct tevent_req *sdap_access_host_send(
struct tevent_context *ev,
struct ldb_message *user_entry);
-static void sdap_access_done(struct tevent_req *req);
-void sdap_pam_access_handler(struct be_req *breq)
-{
- struct pam_data *pd;
- struct tevent_req *req;
- struct sdap_access_ctx *access_ctx;
-
- pd = talloc_get_type(breq->req_data, struct pam_data);
-
- access_ctx =
- talloc_get_type(breq->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
- struct sdap_access_ctx);
-
- req = sdap_access_send(breq,
- breq->be_ctx->ev,
- breq,
- access_ctx,
- pd);
- if (req == NULL) {
- DEBUG(1, ("Unable to start sdap_access request\n"));
- sdap_access_reply(breq, PAM_SYSTEM_ERR);
- return;
- }
-
- tevent_req_set_callback(req, sdap_access_done, breq);
-}
-
struct sdap_access_req_ctx {
struct pam_data *pd;
struct tevent_context *ev;
@@ -1388,20 +1346,3 @@ sdap_access_recv(struct tevent_req *req, int *pam_status)
return EOK;
}
-
-static void sdap_access_done(struct tevent_req *req)
-{
- errno_t ret;
- int pam_status = PAM_SYSTEM_ERR;
- struct be_req *breq =
- tevent_req_callback_data(req, struct be_req);
-
- ret = sdap_access_recv(req, &pam_status);
- talloc_zfree(req);
- if (ret != EOK) {
- DEBUG(1, ("Error retrieving access check result.\n"));
- pam_status = PAM_SYSTEM_ERR;
- }
-
- sdap_access_reply(breq, pam_status);
-}