summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPavel Reichl <preichl@redhat.com>2014-08-01 12:22:21 +0100
committerJakub Hrozek <jhrozek@redhat.com>2014-08-17 21:01:46 +0200
commited2136eebe3fbffccb8a5c548afdb815a46d5d39 (patch)
tree3b4883327c71d3ecb056276ec5a1560963b991db /src
parent46ebf4415306454e1d062b61a2495b7cdb821c0f (diff)
downloadsssd-ed2136eebe3fbffccb8a5c548afdb815a46d5d39.tar.gz
sssd-ed2136eebe3fbffccb8a5c548afdb815a46d5d39.tar.xz
sssd-ed2136eebe3fbffccb8a5c548afdb815a46d5d39.zip
SDAP: refactor sdap_access_filter_done
As preparation for ticket #2364 move code from sdap_access_filter_done() into sdap_access_done() to make its reuse possible and thus avoid code duplication. Rename check_next_rule() to sdap_access_check_next_rule(). Update definition order of tevent-using functions by time of execution. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src')
-rw-r--r--src/providers/ldap/sdap_access.c55
1 files changed, 37 insertions, 18 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index 94c64eff4..e6432de08 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -59,6 +59,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
struct sdap_id_conn_ctx *conn,
const char *username,
struct ldb_message *user_entry);
+
static errno_t sdap_access_filter_recv(struct tevent_req *req);
static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx,
@@ -70,6 +71,10 @@ static errno_t sdap_access_service(struct pam_data *pd,
static errno_t sdap_access_host(struct ldb_message *user_entry);
+enum sdap_access_control_type {
+ SDAP_ACCESS_CONTROL_FILTER,
+};
+
struct sdap_access_req_ctx {
struct pam_data *pd;
struct tevent_context *ev;
@@ -79,11 +84,12 @@ struct sdap_access_req_ctx {
struct sss_domain_info *domain;
struct ldb_message *user_entry;
size_t current_rule;
+ enum sdap_access_control_type ac_type;
};
-static errno_t check_next_rule(struct sdap_access_req_ctx *state,
- struct tevent_req *req);
-static void sdap_access_filter_done(struct tevent_req *subreq);
+static errno_t sdap_access_check_next_rule(struct sdap_access_req_ctx *state,
+ struct tevent_req *req);
+static void sdap_access_done(struct tevent_req *subreq);
struct tevent_req *
sdap_access_send(TALLOC_CTX *mem_ctx,
@@ -151,7 +157,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
state->user_entry = res->msgs[0];
- ret = check_next_rule(state, req);
+ ret = sdap_access_check_next_rule(state, req);
if (ret == EAGAIN) {
return req;
}
@@ -166,8 +172,8 @@ done:
return req;
}
-static errno_t check_next_rule(struct sdap_access_req_ctx *state,
- struct tevent_req *req)
+static errno_t sdap_access_check_next_rule(struct sdap_access_req_ctx *state,
+ struct tevent_req *req)
{
struct tevent_req *subreq;
int ret = EOK;
@@ -190,7 +196,9 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state,
return ENOMEM;
}
- tevent_req_set_callback(subreq, sdap_access_filter_done, req);
+ state->ac_type = SDAP_ACCESS_CONTROL_FILTER;
+
+ tevent_req_set_callback(subreq, sdap_access_done, req);
return EAGAIN;
case LDAP_ACCESS_EXPIRE:
@@ -218,14 +226,27 @@ static errno_t check_next_rule(struct sdap_access_req_ctx *state,
return ret;
}
-static void sdap_access_filter_done(struct tevent_req *subreq)
+static void sdap_access_done(struct tevent_req *subreq)
{
errno_t ret;
- struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req);
- struct sdap_access_req_ctx *state =
- tevent_req_data(req, struct sdap_access_req_ctx);
+ struct tevent_req *req;
+ struct sdap_access_req_ctx *state;
+
+ req = tevent_req_callback_data(subreq, struct tevent_req);
+ state = tevent_req_data(req, struct sdap_access_req_ctx);
+
+ /* process subrequest */
+ switch(state->ac_type) {
+ case SDAP_ACCESS_CONTROL_FILTER:
+ ret = sdap_access_filter_recv(subreq);
+ break;
+ default:
+ ret = EINVAL;
+ DEBUG(SSSDBG_MINOR_FAILURE, "Unknown access control type: %d.",
+ state->ac_type);
+ break;
+ }
- ret = sdap_access_filter_recv(subreq);
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Error retrieving access check result.\n");
@@ -235,7 +256,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq)
state->current_rule++;
- ret = check_next_rule(state, req);
+ ret = sdap_access_check_next_rule(state, req);
switch (ret) {
case EAGAIN:
return;
@@ -255,7 +276,6 @@ errno_t sdap_access_recv(struct tevent_req *req)
return EOK;
}
-
#define SHADOW_EXPIRE_MSG "Account expired according to shadow attributes"
static errno_t sdap_account_expired_shadow(struct pam_data *pd,
@@ -660,7 +680,7 @@ struct sdap_access_filter_req_ctx {
static errno_t sdap_access_filter_decide_offline(struct tevent_req *req);
static int sdap_access_filter_retry(struct tevent_req *req);
static void sdap_access_filter_connect_done(struct tevent_req *subreq);
-static void sdap_access_filter_get_access_done(struct tevent_req *req);
+static void sdap_access_filter_done(struct tevent_req *req);
static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct be_ctx *be_ctx,
@@ -847,10 +867,10 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq)
return;
}
- tevent_req_set_callback(subreq, sdap_access_filter_get_access_done, req);
+ tevent_req_set_callback(subreq, sdap_access_filter_done, req);
}
-static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
+static void sdap_access_filter_done(struct tevent_req *subreq)
{
int ret, tret, dp_error;
size_t num_results;
@@ -955,7 +975,6 @@ static errno_t sdap_access_filter_recv(struct tevent_req *req)
return EOK;
}
-
#define AUTHR_SRV_MISSING_MSG "Authorized service attribute missing, " \
"access denied"
#define AUTHR_SRV_DENY_MSG "Access denied by authorized service attribute"