From 6d214009697fc861c24ae8abbf8b036c70e195df Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Fri, 16 Oct 2009 14:17:23 -0400 Subject: Do not allow setting auth, access or chpass providers for LOCAL The LOCAL provider does not have a mechanism to load alternate auth, access or chpass backends, nor does it make sense to do so. This will throw a configuration error if these values are specified (unless they are explicitly also set to 'local') --- server/confdb/confdb.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c index 88bdd65e4..07d776c88 100644 --- a/server/confdb/confdb.c +++ b/server/confdb/confdb.c @@ -810,6 +810,39 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } + if (strcasecmp(domain->provider, "local") == 0) { + /* If this is the local provider, we need to ensure that + * no other provider was specified for other types, since + * the local provider cannot load them. + */ + tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_DOMAIN_AUTH_PROVIDER, + NULL); + if (tmp && strcasecmp(tmp, "local") != 0) { + DEBUG(0, ("Local ID provider does not support [%s] as an AUTH provider.\n", tmp)); + ret = EINVAL; + goto done; + } + + tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_DOMAIN_ACCESS_PROVIDER, + NULL); + if (tmp && strcasecmp(tmp, "local") != 0) { + DEBUG(0, ("Local ID provider does not support [%s] as an ACCESS provider.\n", tmp)); + ret = EINVAL; + goto done; + } + + tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_DOMAIN_CHPASS_PROVIDER, + NULL); + if (tmp && strcasecmp(tmp, "local") != 0) { + DEBUG(0, ("Local ID provider does not support [%s] as a CHPASS provider.\n", tmp)); + ret = EINVAL; + goto done; + } + } + domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_TIMEOUT, 0); -- cgit