diff options
author | Pavel Reichl <preichl@redhat.com> | 2014-08-01 16:13:08 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-27 15:54:08 +0200 |
commit | 2c8c42d3dfdad2ebf3af69afa8aee15abe54c588 (patch) | |
tree | fb8ca915caded4f628029ae7da3eef815dd1f39b | |
parent | bd7052ba902c4ba5e34117aa3cc71e54e59c70c9 (diff) | |
download | sssd-2c8c42d3dfdad2ebf3af69afa8aee15abe54c588.tar.gz sssd-2c8c42d3dfdad2ebf3af69afa8aee15abe54c588.tar.xz sssd-2c8c42d3dfdad2ebf3af69afa8aee15abe54c588.zip |
SDAP: refactor AC offline checks
Prepare code for other access control checks.
-rw-r--r-- | src/providers/ldap/sdap_access.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index f060b3288..fd1163e5e 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -679,11 +679,12 @@ struct sdap_access_filter_req_ctx { struct sdap_id_op *sdap_op; struct sysdb_handle *handle; struct sss_domain_info *domain; + /* cached result of access control checks */ bool cached_access; const char *basedn; }; -static errno_t sdap_access_filter_decide_offline(struct tevent_req *req); +static errno_t sdap_access_decide_offline(bool cached_ac); static int sdap_access_filter_retry(struct tevent_req *req); static void sdap_access_filter_connect_done(struct tevent_req *subreq); static void sdap_access_filter_done(struct tevent_req *req); @@ -728,10 +729,11 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->cached_access = ldb_msg_find_attr_as_bool(user_entry, SYSDB_LDAP_ACCESS_FILTER, false); + /* Ok, we have one result, check if we are online or offline */ if (be_is_offline(be_ctx)) { /* Ok, we're offline. Return from the cache */ - ret = sdap_access_filter_decide_offline(req); + ret = sdap_access_decide_offline(state->cached_access); goto done; } @@ -797,12 +799,13 @@ done: return req; } -static errno_t sdap_access_filter_decide_offline(struct tevent_req *req) +/* Helper function, + * cached_ac => access granted + * !cached_ac => access denied + */ +static errno_t sdap_access_decide_offline(bool cached_ac) { - struct sdap_access_filter_req_ctx *state = - tevent_req_data(req, struct sdap_access_filter_req_ctx); - - if (state->cached_access) { + if (cached_ac) { DEBUG(SSSDBG_TRACE_FUNC, "Access granted by cached credentials\n"); return EOK; } else { @@ -842,7 +845,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq) if (ret != EOK) { if (dp_error == DP_ERR_OFFLINE) { - ret = sdap_access_filter_decide_offline(req); + ret = sdap_access_decide_offline(state->cached_access); if (ret == EOK) { tevent_req_done(req); return; @@ -900,7 +903,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq) return; } } else if (dp_error == DP_ERR_OFFLINE) { - ret = sdap_access_filter_decide_offline(req); + ret = sdap_access_decide_offline(state->cached_access); } else if (ret == ERR_INVALID_FILTER) { sss_log(SSS_LOG_ERR, MALFORMED_FILTER, state->filter); DEBUG(SSSDBG_CRIT_FAILURE, MALFORMED_FILTER, state->filter); |