summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile.am1
-rw-r--r--src/providers/ldap/ldap_access.c86
-rw-r--r--src/providers/ldap/sdap_access.c59
3 files changed, 87 insertions, 59 deletions
diff --git a/Makefile.am b/Makefile.am
index 5cc009154..b96ab0428 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1311,6 +1311,7 @@ libsss_krb5_common_la_SOURCES = \
libsss_ldap_la_SOURCES = \
src/util/find_uid.c \
src/providers/ldap/ldap_init.c \
+ src/providers/ldap/ldap_access.c \
src/providers/krb5/krb5_common.c \
src/providers/krb5/krb5_utils.c \
src/util/user_info_msg.c \
diff --git a/src/providers/ldap/ldap_access.c b/src/providers/ldap/ldap_access.c
new file mode 100644
index 000000000..186613356
--- /dev/null
+++ b/src/providers/ldap/ldap_access.c
@@ -0,0 +1,86 @@
+/*
+ SSSD
+
+ ldap_access.c
+
+ Authors:
+ Simo Sorce <ssorce@redhat.com>
+
+ Copyright (C) 2013 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <security/pam_modules.h>
+#include "src/util/util.h"
+#include "src/providers/data_provider.h"
+#include "src/providers/dp_backend.h"
+#include "src/providers/ldap/sdap_access.h"
+
+static void sdap_access_reply(struct be_req *be_req, int pam_status)
+{
+ struct pam_data *pd;
+ pd = talloc_get_type(be_req->req_data, struct pam_data);
+ pd->pam_status = pam_status;
+
+ if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED) {
+ be_req->fn(be_req, DP_ERR_OK, pam_status, NULL);
+ } else {
+ be_req->fn(be_req, DP_ERR_FATAL, pam_status, NULL);
+ }
+}
+
+static void sdap_access_done(struct tevent_req *req);
+void sdap_pam_access_handler(struct be_req *breq)
+{
+ struct pam_data *pd;
+ struct tevent_req *req;
+ struct sdap_access_ctx *access_ctx;
+
+ pd = talloc_get_type(breq->req_data, struct pam_data);
+
+ access_ctx =
+ talloc_get_type(breq->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
+ struct sdap_access_ctx);
+
+ req = sdap_access_send(breq,
+ breq->be_ctx->ev,
+ breq,
+ access_ctx,
+ pd);
+ if (req == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to start sdap_access request\n"));
+ sdap_access_reply(breq, PAM_SYSTEM_ERR);
+ return;
+ }
+
+ tevent_req_set_callback(req, sdap_access_done, breq);
+}
+
+static void sdap_access_done(struct tevent_req *req)
+{
+ errno_t ret;
+ int pam_status = PAM_SYSTEM_ERR;
+ struct be_req *breq =
+ tevent_req_callback_data(req, struct be_req);
+
+ ret = sdap_access_recv(req, &pam_status);
+ talloc_zfree(req);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Error retrieving access check result.\n"));
+ pam_status = PAM_SYSTEM_ERR;
+ }
+
+ sdap_access_reply(breq, pam_status);
+}
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index a703f8b05..42e321d2f 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -40,21 +40,6 @@
#include "providers/data_provider.h"
#include "providers/dp_backend.h"
-static void sdap_access_reply(struct be_req *be_req, int pam_status)
-{
- struct pam_data *pd;
- pd = talloc_get_type(be_req->req_data, struct pam_data);
- pd->pam_status = pam_status;
-
- if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED) {
- be_req->fn(be_req, DP_ERR_OK, pam_status, NULL);
- }
-
- else {
- be_req->fn(be_req, DP_ERR_FATAL, pam_status, NULL);
- }
-}
-
static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct be_req *be_req,
@@ -89,33 +74,6 @@ static struct tevent_req *sdap_access_host_send(
struct tevent_context *ev,
struct ldb_message *user_entry);
-static void sdap_access_done(struct tevent_req *req);
-void sdap_pam_access_handler(struct be_req *breq)
-{
- struct pam_data *pd;
- struct tevent_req *req;
- struct sdap_access_ctx *access_ctx;
-
- pd = talloc_get_type(breq->req_data, struct pam_data);
-
- access_ctx =
- talloc_get_type(breq->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
- struct sdap_access_ctx);
-
- req = sdap_access_send(breq,
- breq->be_ctx->ev,
- breq,
- access_ctx,
- pd);
- if (req == NULL) {
- DEBUG(1, ("Unable to start sdap_access request\n"));
- sdap_access_reply(breq, PAM_SYSTEM_ERR);
- return;
- }
-
- tevent_req_set_callback(req, sdap_access_done, breq);
-}
-
struct sdap_access_req_ctx {
struct pam_data *pd;
struct tevent_context *ev;
@@ -1388,20 +1346,3 @@ sdap_access_recv(struct tevent_req *req, int *pam_status)
return EOK;
}
-
-static void sdap_access_done(struct tevent_req *req)
-{
- errno_t ret;
- int pam_status = PAM_SYSTEM_ERR;
- struct be_req *breq =
- tevent_req_callback_data(req, struct be_req);
-
- ret = sdap_access_recv(req, &pam_status);
- talloc_zfree(req);
- if (ret != EOK) {
- DEBUG(1, ("Error retrieving access check result.\n"));
- pam_status = PAM_SYSTEM_ERR;
- }
-
- sdap_access_reply(breq, pam_status);
-}
generated by cgit (git 2.34.1) at 2024-04-28 12:03:27 +0000