diff options
| author | Pavel Reichl <preichl@redhat.com> | 2015-02-16 18:56:25 -0500 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-03 18:46:57 +0100 |
| commit | cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464 (patch) | |
| tree | 32e54cf646251710844f6f1e2f43fce77905205f | |
| parent | 8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6d (diff) | |
| download | sssd-cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464.tar.gz sssd-cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464.tar.xz sssd-cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464.zip | |
SDAP: refactor pwexpire policy
Move part of pwexpire policy code to a separate function.
Relates to:
https://fedorahosted.org/sssd/ticket/2167
Reviewed-by: Sumit Bose <sbose@redhat.com>
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_auth.c | 76 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_auth.h | 46 |
3 files changed, 91 insertions, 32 deletions
diff --git a/Makefile.am b/Makefile.am index ffbdf970a..0142b4217 100644 --- a/Makefile.am +++ b/Makefile.am @@ -580,6 +580,7 @@ dist_noinst_HEADERS = \ src/providers/ldap/sdap_autofs.h \ src/providers/ldap/sdap_id_op.h \ src/providers/ldap/ldap_opts.h \ + src/providers/ldap/ldap_auth.h \ src/providers/ldap/sdap_range.h \ src/providers/ldap/sdap_users.h \ src/providers/ldap/sdap_dyndns.h \ diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 5a40c1359..4035aaf58 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -46,16 +46,10 @@ #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_async_private.h" +#include "providers/ldap/ldap_auth.h" #define LDAP_PWEXPIRE_WARNING_TIME 0 -enum pwexpire { - PWEXPIRE_NONE = 0, - PWEXPIRE_LDAP_PASSWORD_POLICY, - PWEXPIRE_KERBEROS, - PWEXPIRE_SHADOW -}; - static errno_t add_expired_warning(struct pam_data *pd, long exp_time) { int ret; @@ -248,10 +242,41 @@ done: return ret; } -static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, - const struct ldb_message *msg, - struct dp_option *opts, - enum pwexpire *type, void **data) +errno_t check_pwexpire_policy(enum pwexpire pw_expire_type, + void *pw_expire_data, + struct pam_data *pd, + int pwd_expiration_warning) +{ + errno_t ret; + + switch (pw_expire_type) { + case PWEXPIRE_SHADOW: + ret = check_pwexpire_shadow(pw_expire_data, time(NULL), pd); + break; + case PWEXPIRE_KERBEROS: + ret = check_pwexpire_kerberos(pw_expire_data, time(NULL), pd, + pwd_expiration_warning); + break; + case PWEXPIRE_LDAP_PASSWORD_POLICY: + ret = check_pwexpire_ldap(pd, pw_expire_data, + pwd_expiration_warning); + break; + case PWEXPIRE_NONE: + ret = EOK; + break; + default: + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n"); + ret = EINVAL; + } + + return ret; +} + +static errno_t +find_password_expiration_attributes(TALLOC_CTX *mem_ctx, + const struct ldb_message *msg, + struct dp_option *opts, + enum pwexpire *type, void **data) { const char *mark; const char *val; @@ -492,7 +517,7 @@ static int get_user_dn_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, return EOK; } -static int get_user_dn(TALLOC_CTX *memctx, +int get_user_dn(TALLOC_CTX *memctx, struct sss_domain_info *domain, struct sdap_options *opts, const char *username, @@ -998,7 +1023,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) case PWEXPIRE_NONE: break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n"); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } @@ -1247,25 +1272,12 @@ static void sdap_pam_auth_done(struct tevent_req *req) talloc_zfree(req); if (ret == EOK) { - switch (pw_expire_type) { - case PWEXPIRE_SHADOW: - ret = check_pwexpire_shadow(pw_expire_data, time(NULL), state->pd); - break; - case PWEXPIRE_KERBEROS: - ret = check_pwexpire_kerberos(pw_expire_data, time(NULL), - state->pd, - be_ctx->domain->pwd_expiration_warning); - break; - case PWEXPIRE_LDAP_PASSWORD_POLICY: - ret = check_pwexpire_ldap(state->pd, pw_expire_data, - be_ctx->domain->pwd_expiration_warning); - break; - case PWEXPIRE_NONE: - break; - default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n"); - state->pd->pam_status = PAM_SYSTEM_ERR; - goto done; + ret = check_pwexpire_policy(pw_expire_type, pw_expire_data, state->pd, + be_ctx->domain->pwd_expiration_warning); + if (ret == EINVAL) { + /* Unknown password expiration type. */ + state->pd->pam_status = PAM_SYSTEM_ERR; + goto done; } } diff --git a/src/providers/ldap/ldap_auth.h b/src/providers/ldap/ldap_auth.h new file mode 100644 index 000000000..5fbddd708 --- /dev/null +++ b/src/providers/ldap/ldap_auth.h @@ -0,0 +1,46 @@ +/* + SSSD + + Copyright (C) Pavel Reichl <preichl@redhat.com> 2015 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _LDAP_AUTH_H_ +#define _LDAP_AUTH_H_ + +#include "config.h" + +enum pwexpire { + PWEXPIRE_NONE = 0, + PWEXPIRE_LDAP_PASSWORD_POLICY, + PWEXPIRE_KERBEROS, + PWEXPIRE_SHADOW +}; + +int get_user_dn(TALLOC_CTX *memctx, + struct sss_domain_info *domain, + struct sdap_options *opts, + const char *username, + char **user_dn, + enum pwexpire *user_pw_expire_type, + void **user_pw_expire_data); + +errno_t check_pwexpire_policy(enum pwexpire pw_expire_type, + void *pw_expire_data, + struct pam_data *pd, + errno_t checkb); + + +#endif /* _LDAP_AUTH_H_ */ |