diff options
author | Pavel Reichl <preichl@redhat.com> | 2014-08-01 16:13:08 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-27 14:24:54 +0200 |
commit | 1a357c873baa79c0b82ab1d084f942cfcc8ba1c0 (patch) | |
tree | 1dea7441b1d7377644f4516c479fd2ce48f56256 /src/providers/ldap | |
parent | 72db1f3ce67b0634f2843088f1198b3b350b72ab (diff) | |
download | sssd-1a357c873baa79c0b82ab1d084f942cfcc8ba1c0.tar.gz sssd-1a357c873baa79c0b82ab1d084f942cfcc8ba1c0.tar.xz sssd-1a357c873baa79c0b82ab1d084f942cfcc8ba1c0.zip |
SDAP: refactor AC offline checks
Prepare code for other access control checks.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/sdap_access.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 9eb8215f5..fa05a452d 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -678,11 +678,12 @@ struct sdap_access_filter_req_ctx { struct sdap_id_op *sdap_op; struct sysdb_handle *handle; struct sss_domain_info *domain; + /* cached result of access control checks */ bool cached_access; const char *basedn; }; -static errno_t sdap_access_filter_decide_offline(struct tevent_req *req); +static errno_t sdap_access_decide_offline(bool cached_ac); static int sdap_access_filter_retry(struct tevent_req *req); static void sdap_access_filter_connect_done(struct tevent_req *subreq); static void sdap_access_filter_done(struct tevent_req *req); @@ -727,10 +728,11 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->cached_access = ldb_msg_find_attr_as_bool(user_entry, SYSDB_LDAP_ACCESS_FILTER, false); + /* Ok, we have one result, check if we are online or offline */ if (be_is_offline(be_ctx)) { /* Ok, we're offline. Return from the cache */ - ret = sdap_access_filter_decide_offline(req); + ret = sdap_access_decide_offline(state->cached_access); goto done; } @@ -796,12 +798,13 @@ done: return req; } -static errno_t sdap_access_filter_decide_offline(struct tevent_req *req) +/* Helper function, + * cached_ac => access granted + * !cached_ac => access denied + */ +static errno_t sdap_access_decide_offline(bool cached_ac) { - struct sdap_access_filter_req_ctx *state = - tevent_req_data(req, struct sdap_access_filter_req_ctx); - - if (state->cached_access) { + if (cached_ac) { DEBUG(SSSDBG_TRACE_FUNC, "Access granted by cached credentials\n"); return EOK; } else { @@ -841,7 +844,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq) if (ret != EOK) { if (dp_error == DP_ERR_OFFLINE) { - ret = sdap_access_filter_decide_offline(req); + ret = sdap_access_decide_offline(state->cached_access); if (ret == EOK) { tevent_req_done(req); return; @@ -899,7 +902,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq) return; } } else if (dp_error == DP_ERR_OFFLINE) { - ret = sdap_access_filter_decide_offline(req); + ret = sdap_access_decide_offline(state->cached_access); } else if (ret == ERR_INVALID_FILTER) { sss_log(SSS_LOG_ERR, MALFORMED_FILTER, state->filter); DEBUG(SSSDBG_CRIT_FAILURE, MALFORMED_FILTER, state->filter); |