diff options
author | Sumit Bose <sbose@redhat.com> | 2009-10-14 17:42:28 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-10-14 15:24:54 -0400 |
commit | c4f19342a55bbbaa09e126013b8976cb2dd31b94 (patch) | |
tree | f42de0f661cf556627f4c9d179d5921e9dcc1416 /server/providers/ldap/sdap_async.c | |
parent | 74cc8eb40a55f07431ec9dac0ecc63af850a34a7 (diff) | |
download | sssd-c4f19342a55bbbaa09e126013b8976cb2dd31b94.tar.gz sssd-c4f19342a55bbbaa09e126013b8976cb2dd31b94.tar.xz sssd-c4f19342a55bbbaa09e126013b8976cb2dd31b94.zip |
make sdap_id_connect_* independent of sdap_id_ctx
The sdap_id_connect_* request tries to bind to an LDAP server with
the default credentials. Only the opts component of the sdap_id_ctx
context is used. A new request sdap_cli_connect_* is created which
expects only the opts pointer as parameter and not the whole context.
This makes it reusable by other providers.
Diffstat (limited to 'server/providers/ldap/sdap_async.c')
-rw-r--r-- | server/providers/ldap/sdap_async.c | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c index 4f9294c51..2cf092d94 100644 --- a/server/providers/ldap/sdap_async.c +++ b/server/providers/ldap/sdap_async.c @@ -2823,3 +2823,175 @@ int sdap_exop_modify_passwd_recv(struct tevent_req *req, return EOK; } + +/* ==Client connect============================================ */ + +struct sdap_cli_connect_state { + struct tevent_context *ev; + struct sdap_options *opts; + + struct sdap_handle *sh; +}; + +static void sdap_cli_connect_done(struct tevent_req *subreq); +static void sdap_cli_kinit_done(struct tevent_req *subreq); +static void sdap_cli_bind_done(struct tevent_req *subreq); + +struct tevent_req *sdap_cli_connect_send(TALLOC_CTX *memctx, + struct tevent_context *ev, + struct sdap_options *opts) +{ + struct tevent_req *req, *subreq; + struct sdap_cli_connect_state *state; + + req = tevent_req_create(memctx, &state, struct sdap_cli_connect_state); + if (!req) return NULL; + + state->ev = ev; + state->opts = opts; + + subreq = sdap_connect_send(state, ev, opts, + sdap_go_get_bool(opts->basic, SDAP_ID_TLS)); + if (!subreq) { + talloc_zfree(req); + return NULL; + } + tevent_req_set_callback(subreq, sdap_cli_connect_done, req); + + return req; +} + +static void sdap_cli_connect_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data(subreq, + struct tevent_req); + struct sdap_cli_connect_state *state = tevent_req_data(req, + struct sdap_cli_connect_state); + const char *sasl_mech; + int ret; + + ret = sdap_connect_recv(subreq, state, &state->sh); + talloc_zfree(subreq); + if (ret) { + tevent_req_error(req, ret); + return; + } + + sasl_mech = sdap_go_get_string(state->opts->basic, SDAP_SASL_MECH); + if (sasl_mech && (strcasecmp(sasl_mech, "GSSAPI") == 0)) { + if (sdap_go_get_bool(state->opts->basic, SDAP_KRB5_KINIT)) { + subreq = sdap_kinit_send(state, state->ev, state->sh, + sdap_go_get_string(state->opts->basic, + SDAP_KRB5_KEYTAB), + sdap_go_get_string(state->opts->basic, + SDAP_SASL_AUTHID), + sdap_go_get_string(state->opts->basic, + SDAP_KRB5_REALM)); + if (!subreq) { + tevent_req_error(req, ENOMEM); + return; + } + tevent_req_set_callback(subreq, sdap_cli_kinit_done, req); + return; + } + } + + subreq = sdap_auth_send(state, + state->ev, + state->sh, + sasl_mech, + sdap_go_get_string(state->opts->basic, + SDAP_SASL_AUTHID), + sdap_go_get_string(state->opts->basic, + SDAP_DEFAULT_BIND_DN), + sdap_go_get_string(state->opts->basic, + SDAP_DEFAULT_AUTHTOK_TYPE), + sdap_go_get_blob(state->opts->basic, + SDAP_DEFAULT_AUTHTOK)); + if (!subreq) { + tevent_req_error(req, ENOMEM); + return; + } + tevent_req_set_callback(subreq, sdap_cli_bind_done, req); +} + +static void sdap_cli_kinit_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data(subreq, + struct tevent_req); + struct sdap_cli_connect_state *state = tevent_req_data(req, + struct sdap_cli_connect_state); + enum sdap_result result; + int ret; + + ret = sdap_kinit_recv(subreq, &result); + talloc_zfree(subreq); + if (ret) { + tevent_req_error(req, ret); + return; + } + if (result != SDAP_AUTH_SUCCESS) { + tevent_req_error(req, EACCES); + return; + } + + subreq = sdap_auth_send(state, + state->ev, + state->sh, + sdap_go_get_string(state->opts->basic, + SDAP_SASL_MECH), + sdap_go_get_string(state->opts->basic, + SDAP_SASL_AUTHID), + sdap_go_get_string(state->opts->basic, + SDAP_DEFAULT_BIND_DN), + sdap_go_get_string(state->opts->basic, + SDAP_DEFAULT_AUTHTOK_TYPE), + sdap_go_get_blob(state->opts->basic, + SDAP_DEFAULT_AUTHTOK)); + if (!subreq) { + tevent_req_error(req, ENOMEM); + return; + } + tevent_req_set_callback(subreq, sdap_cli_bind_done, req); +} + +static void sdap_cli_bind_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data(subreq, + struct tevent_req); + enum sdap_result result; + int ret; + + ret = sdap_auth_recv(subreq, &result); + talloc_zfree(subreq); + if (ret) { + tevent_req_error(req, ret); + return; + } + if (result != SDAP_AUTH_SUCCESS) { + tevent_req_error(req, EACCES); + return; + } + + tevent_req_done(req); +} + +int sdap_cli_connect_recv(struct tevent_req *req, TALLOC_CTX *memctx, + struct sdap_handle **gsh) +{ + struct sdap_cli_connect_state *state = tevent_req_data(req, + struct sdap_cli_connect_state); + enum tevent_req_state tstate; + uint64_t err; + + if (tevent_req_is_error(req, &tstate, &err)) { + if (err) return err; + return EIO; + } + + *gsh = talloc_steal(memctx, state->sh); + if (!*gsh) { + return ENOMEM; + } + return EOK; +} |