SDAP: refactor pwexpire policy

Move part of pwexpire policy code to a separate function. Relates to: https://fedorahosted.org/sssd/ticket/2167 Reviewed-by: Sumit Bose <sbose@redhat.com>
author: Pavel Reichl <preichl@redhat.com> 2015-02-16 18:56:25 -0500
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-03-03 18:46:57 +0100
commit: cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464 (patch)
tree: 32e54cf646251710844f6f1e2f43fce77905205f /src/providers
parent: 8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6d (diff)
download: sssd-cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464.tar.gz
sssd-cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464.tar.xz
sssd-cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464.zip
2 files changed, 90 insertions, 32 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 5a40c1359..4035aaf58 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -46,16 +46,10 @@
 #include "providers/ldap/ldap_common.h"
 #include "providers/ldap/sdap_async.h"
 #include "providers/ldap/sdap_async_private.h"
+#include "providers/ldap/ldap_auth.h"
 
 #define LDAP_PWEXPIRE_WARNING_TIME 0
 
-enum pwexpire {
-    PWEXPIRE_NONE = 0,
-    PWEXPIRE_LDAP_PASSWORD_POLICY,
-    PWEXPIRE_KERBEROS,
-    PWEXPIRE_SHADOW
-};
-
 static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
 {
     int ret;
@@ -248,10 +242,41 @@ done:
     return ret;
 }
 
-static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx,
-                                               const struct ldb_message *msg,
-                                               struct dp_option *opts,
-                                               enum pwexpire *type, void **data)
+errno_t check_pwexpire_policy(enum pwexpire pw_expire_type,
+                              void *pw_expire_data,
+                              struct pam_data *pd,
+                              int pwd_expiration_warning)
+{
+    errno_t ret;
+
+    switch (pw_expire_type) {
+    case PWEXPIRE_SHADOW:
+        ret = check_pwexpire_shadow(pw_expire_data, time(NULL), pd);
+        break;
+    case PWEXPIRE_KERBEROS:
+        ret = check_pwexpire_kerberos(pw_expire_data, time(NULL), pd,
+                                      pwd_expiration_warning);
+        break;
+    case PWEXPIRE_LDAP_PASSWORD_POLICY:
+        ret = check_pwexpire_ldap(pd, pw_expire_data,
+                                  pwd_expiration_warning);
+        break;
+    case PWEXPIRE_NONE:
+        ret = EOK;
+        break;
+    default:
+        DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n");
+        ret = EINVAL;
+    }
+
+    return ret;
+}
+
+static errno_t
+find_password_expiration_attributes(TALLOC_CTX *mem_ctx,
+                                    const struct ldb_message *msg,
+                                    struct dp_option *opts,
+                                    enum pwexpire *type, void **data)
 {
     const char *mark;
     const char *val;
@@ -492,7 +517,7 @@ static int get_user_dn_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req,
     return EOK;
 }
 
-static int get_user_dn(TALLOC_CTX *memctx,
+int get_user_dn(TALLOC_CTX *memctx,
                        struct sss_domain_info *domain,
                        struct sdap_options *opts,
                        const char *username,
@@ -998,7 +1023,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
         case PWEXPIRE_NONE:
             break;
         default:
-            DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n");
+            DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n");
                 state->pd->pam_status = PAM_SYSTEM_ERR;
                 goto done;
         }
@@ -1247,25 +1272,12 @@ static void sdap_pam_auth_done(struct tevent_req *req)
     talloc_zfree(req);
 
     if (ret == EOK) {
-        switch (pw_expire_type) {
-        case PWEXPIRE_SHADOW:
-            ret = check_pwexpire_shadow(pw_expire_data, time(NULL), state->pd);
-            break;
-        case PWEXPIRE_KERBEROS:
-            ret = check_pwexpire_kerberos(pw_expire_data, time(NULL),
-                                          state->pd,
-                                          be_ctx->domain->pwd_expiration_warning);
-            break;
-        case PWEXPIRE_LDAP_PASSWORD_POLICY:
-            ret = check_pwexpire_ldap(state->pd, pw_expire_data,
-                                      be_ctx->domain->pwd_expiration_warning);
-            break;
-        case PWEXPIRE_NONE:
-            break;
-        default:
-            DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n");
-                state->pd->pam_status = PAM_SYSTEM_ERR;
-                goto done;
+        ret = check_pwexpire_policy(pw_expire_type, pw_expire_data, state->pd,
+                                    be_ctx->domain->pwd_expiration_warning);
+        if (ret == EINVAL) {
+            /* Unknown password expiration type. */
+            state->pd->pam_status = PAM_SYSTEM_ERR;
+            goto done;
         }
     }
 
diff --git a/src/providers/ldap/ldap_auth.h b/src/providers/ldap/ldap_auth.h
new file mode 100644
index 000000000..5fbddd708
--- /dev/null
+++ b/src/providers/ldap/ldap_auth.h
@@ -0,0 +1,46 @@
+/*
+    SSSD
+
+    Copyright (C) Pavel Reichl <preichl@redhat.com> 2015
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LDAP_AUTH_H_
+#define _LDAP_AUTH_H_
+
+#include "config.h"
+
+enum pwexpire {
+    PWEXPIRE_NONE = 0,
+    PWEXPIRE_LDAP_PASSWORD_POLICY,
+    PWEXPIRE_KERBEROS,
+    PWEXPIRE_SHADOW
+};
+
+int get_user_dn(TALLOC_CTX *memctx,
+                struct sss_domain_info *domain,
+                struct sdap_options *opts,
+                const char *username,
+                char **user_dn,
+                enum pwexpire *user_pw_expire_type,
+                void **user_pw_expire_data);
+
+errno_t check_pwexpire_policy(enum pwexpire pw_expire_type,
+                              void *pw_expire_data,
+                              struct pam_data *pd,
+                              errno_t checkb);
+
+
+#endif /* _LDAP_AUTH_H_ */
author	Pavel Reichl <preichl@redhat.com>	2015-02-16 18:56:25 -0500
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-03-03 18:46:57 +0100
commit	cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464 (patch)
tree	32e54cf646251710844f6f1e2f43fce77905205f /src/providers
parent	8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6d (diff)
download	sssd-cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464.tar.gz sssd-cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464.tar.xz sssd-cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464.zip