diff options
| author | Pavel Reichl <preichl@redhat.com> | 2014-08-01 12:22:21 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-27 15:54:02 +0200 |
| commit | 13c41d8242e43f2bffa26fe9253ce812d91b0c80 (patch) | |
| tree | c2ecf5e660ada98a84e72b1a4059a20c55f6a6ae | |
| parent | 80cef0e640c23df99a4fe60b0164b75f165c2f56 (diff) | |
| download | sssd-13c41d8242e43f2bffa26fe9253ce812d91b0c80.tar.gz sssd-13c41d8242e43f2bffa26fe9253ce812d91b0c80.tar.xz sssd-13c41d8242e43f2bffa26fe9253ce812d91b0c80.zip | |
SDAP: refactor sdap_access_filter_done
As preparation for ticket #2364 move code from sdap_access_filter_done()
into sdap_access_done() to make its reuse possible and thus avoid code
duplication.
Rename check_next_rule() to sdap_access_check_next_rule().
Update definition order of tevent-using functions by time of execution.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
| -rw-r--r-- | src/providers/ldap/sdap_access.c | 55 |
1 files changed, 37 insertions, 18 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 147f5a645..f3afdc7d0 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -59,6 +59,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, struct sdap_id_conn_ctx *conn, const char *username, struct ldb_message *user_entry); + static errno_t sdap_access_filter_recv(struct tevent_req *req); static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx, @@ -70,6 +71,10 @@ static errno_t sdap_access_service(struct pam_data *pd, static errno_t sdap_access_host(struct ldb_message *user_entry); +enum sdap_access_control_type { + SDAP_ACCESS_CONTROL_FILTER, +}; + struct sdap_access_req_ctx { struct pam_data *pd; struct tevent_context *ev; @@ -79,11 +84,12 @@ struct sdap_access_req_ctx { struct sss_domain_info *domain; struct ldb_message *user_entry; size_t current_rule; + enum sdap_access_control_type ac_type; }; -static errno_t check_next_rule(struct sdap_access_req_ctx *state, - struct tevent_req *req); -static void sdap_access_filter_done(struct tevent_req *subreq); +static errno_t sdap_access_check_next_rule(struct sdap_access_req_ctx *state, + struct tevent_req *req); +static void sdap_access_done(struct tevent_req *subreq); struct tevent_req * sdap_access_send(TALLOC_CTX *mem_ctx, @@ -152,7 +158,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx, state->user_entry = res->msgs[0]; - ret = check_next_rule(state, req); + ret = sdap_access_check_next_rule(state, req); if (ret == EAGAIN) { return req; } @@ -167,8 +173,8 @@ done: return req; } -static errno_t check_next_rule(struct sdap_access_req_ctx *state, - struct tevent_req *req) +static errno_t sdap_access_check_next_rule(struct sdap_access_req_ctx *state, + struct tevent_req *req) { struct tevent_req *subreq; int ret = EOK; @@ -191,7 +197,9 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state, return ENOMEM; } - tevent_req_set_callback(subreq, sdap_access_filter_done, req); + state->ac_type = SDAP_ACCESS_CONTROL_FILTER; + + tevent_req_set_callback(subreq, sdap_access_done, req); return EAGAIN; case LDAP_ACCESS_EXPIRE: @@ -219,14 +227,27 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state, return ret; } -static void sdap_access_filter_done(struct tevent_req *subreq) +static void sdap_access_done(struct tevent_req *subreq) { errno_t ret; - struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); - struct sdap_access_req_ctx *state = - tevent_req_data(req, struct sdap_access_req_ctx); + struct tevent_req *req; + struct sdap_access_req_ctx *state; + + req = tevent_req_callback_data(subreq, struct tevent_req); + state = tevent_req_data(req, struct sdap_access_req_ctx); + + /* process subrequest */ + switch(state->ac_type) { + case SDAP_ACCESS_CONTROL_FILTER: + ret = sdap_access_filter_recv(subreq); + break; + default: + ret = EINVAL; + DEBUG(SSSDBG_MINOR_FAILURE, "Unknown access control type: %d.", + state->ac_type); + break; + } - ret = sdap_access_filter_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Error retrieving access check result.\n"); @@ -236,7 +257,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq) state->current_rule++; - ret = check_next_rule(state, req); + ret = sdap_access_check_next_rule(state, req); switch (ret) { case EAGAIN: return; @@ -256,7 +277,6 @@ errno_t sdap_access_recv(struct tevent_req *req) return EOK; } - #define SHADOW_EXPIRE_MSG "Account expired according to shadow attributes" static errno_t sdap_account_expired_shadow(struct pam_data *pd, @@ -661,7 +681,7 @@ struct sdap_access_filter_req_ctx { static errno_t sdap_access_filter_decide_offline(struct tevent_req *req); static int sdap_access_filter_retry(struct tevent_req *req); static void sdap_access_filter_connect_done(struct tevent_req *subreq); -static void sdap_access_filter_get_access_done(struct tevent_req *req); +static void sdap_access_filter_done(struct tevent_req *req); static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, @@ -848,10 +868,10 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq) return; } - tevent_req_set_callback(subreq, sdap_access_filter_get_access_done, req); + tevent_req_set_callback(subreq, sdap_access_filter_done, req); } -static void sdap_access_filter_get_access_done(struct tevent_req *subreq) +static void sdap_access_filter_done(struct tevent_req *subreq) { int ret, tret, dp_error; size_t num_results; @@ -956,7 +976,6 @@ static errno_t sdap_access_filter_recv(struct tevent_req *req) return EOK; } - #define AUTHR_SRV_MISSING_MSG "Authorized service attribute missing, " \ "access denied" #define AUTHR_SRV_DENY_MSG "Access denied by authorized service attribute" |