diff options
author | Jan Zeleny <jzeleny@redhat.com> | 2012-01-18 11:08:06 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-06 08:25:22 -0500 |
commit | 71ad247500b417836a1a2edec257a4433a7c415f (patch) | |
tree | 55ce381a9f7444b8aaea8d70ed02db2a9477b7e1 /src/providers/ipa/ipa_access.c | |
parent | 8a36504008872f03d1b1ca980adeceba28c331f5 (diff) | |
download | sssd-71ad247500b417836a1a2edec257a4433a7c415f.tar.gz sssd-71ad247500b417836a1a2edec257a4433a7c415f.tar.xz sssd-71ad247500b417836a1a2edec257a4433a7c415f.zip |
Implemented support for multiple search bases in HBAC rules and services
Diffstat (limited to 'src/providers/ipa/ipa_access.c')
-rw-r--r-- | src/providers/ipa/ipa_access.c | 34 |
1 files changed, 5 insertions, 29 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 4ee3d82a3..7d42e8b4e 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -31,30 +31,7 @@ #include "providers/ipa/ipa_access.h" #include "providers/ipa/ipa_hbac.h" #include "providers/ipa/ipa_hbac_private.h" - -static char *get_hbac_search_base(TALLOC_CTX *mem_ctx, - struct dp_option *ipa_options) -{ - char *base; - int ret; - - base = dp_opt_get_string(ipa_options, IPA_HBAC_SEARCH_BASE); - if (base != NULL) { - return talloc_strdup(mem_ctx, base); - } - - DEBUG(9, ("ipa_hbac_search_base not available, trying base DN.\n")); - - ret = domain_to_basedn(mem_ctx, - dp_opt_get_string(ipa_options, IPA_KRB5_REALM), - &base); - if (ret != EOK) { - DEBUG(1, ("domain_to_basedn failed.\n")); - return NULL; - } - - return base; -} +#include "providers/ipa/ipa_hbac_rules.h" static void ipa_access_reply(struct hbac_ctx *hbac_ctx, int pam_status) { @@ -119,9 +96,8 @@ void ipa_access_handler(struct be_req *be_req) hbac_ctx->sdap_ctx = ipa_access_ctx->sdap_ctx; hbac_ctx->ipa_options = ipa_access_ctx->ipa_options; hbac_ctx->tr_ctx = ipa_access_ctx->tr_ctx; - hbac_ctx->hbac_search_base = get_hbac_search_base(hbac_ctx, - hbac_ctx->ipa_options); - if (hbac_ctx->hbac_search_base == NULL) { + hbac_ctx->search_bases = ipa_access_ctx->hbac_search_bases; + if (hbac_ctx->search_bases == NULL) { DEBUG(1, ("No HBAC search base found.\n")); goto fail; } @@ -334,7 +310,7 @@ static void hbac_get_service_info_step(struct tevent_req *req) hbac_ctx_sysdb(hbac_ctx), sdap_id_op_handle(hbac_ctx->sdap_op), hbac_ctx_sdap_id_ctx(hbac_ctx)->opts, - hbac_ctx->hbac_search_base); + hbac_ctx->search_bases); if (req == NULL) { DEBUG(1,("Could not get service info\n")); goto fail; @@ -399,7 +375,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) hbac_ctx_ev(hbac_ctx), sdap_id_op_handle(hbac_ctx->sdap_op), hbac_ctx_sdap_id_ctx(hbac_ctx)->opts, - hbac_ctx->hbac_search_base, + hbac_ctx->search_bases, hbac_ctx->ipa_host); if (req == NULL) { DEBUG(1, ("Could not get rules\n")); |