diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2017-05-30 12:31:57 +0200 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-09-01 20:25:52 +0200 |
| commit | 7a162ca3ea0bf8ef6b13795a00baa28d17f6131d (patch) | |
| tree | 885f80ddf4624612e7dd474c197769f8acce0a5c /src/responder/secrets/local.c | |
| parent | 9ef185255126b9ed415fa334f585a11c5be4fb1a (diff) | |
| download | sssd-7a162ca3ea0bf8ef6b13795a00baa28d17f6131d.tar.gz sssd-7a162ca3ea0bf8ef6b13795a00baa28d17f6131d.tar.xz sssd-7a162ca3ea0bf8ef6b13795a00baa28d17f6131d.zip | |
SECRETS: Store quotas in a per-hive configuration structure
Adds two new structures to hold the quotas and associate a quota with a hive.
This is just an internal change for now, but will allow us to read quota
configuration from per-hive sections later.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
Diffstat (limited to 'src/responder/secrets/local.c')
| -rw-r--r-- | src/responder/secrets/local.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c index 66401ef50..0b879939f 100644 --- a/src/responder/secrets/local.c +++ b/src/responder/secrets/local.c @@ -34,9 +34,8 @@ struct local_context { struct ldb_context *ldb; struct sec_data master_key; - int containers_nest_level; - int max_secrets; - int max_payload_size; + + struct sec_quota *quota_secrets; }; static int local_decrypt(struct local_context *lctx, TALLOC_CTX *mem_ctx, @@ -398,11 +397,11 @@ static int local_db_check_containers_nest_level(struct local_context *lctx, /* We need do not care for the synthetic containers that constitute the * base path (cn=<uidnumber>,cn=user,cn=secrets). */ nest_level = ldb_dn_get_comp_num(leaf_dn) - 3; - if (nest_level > lctx->containers_nest_level) { + if (nest_level > lctx->quota_secrets->containers_nest_level) { DEBUG(SSSDBG_OP_FAILURE, "Cannot create a nested container of depth %d as the maximum" "allowed number of nested containers is %d.\n", - nest_level, lctx->containers_nest_level); + nest_level, lctx->quota_secrets->containers_nest_level); return ERR_SEC_INVALID_CONTAINERS_NEST_LEVEL; } @@ -430,10 +429,10 @@ static int local_db_check_number_of_secrets(TALLOC_CTX *mem_ctx, ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE, attrs, LOCAL_SIMPLE_FILTER); - if (res->count >= lctx->max_secrets) { + if (res->count >= lctx->quota_secrets->max_secrets) { DEBUG(SSSDBG_OP_FAILURE, "Cannot store any more secrets as the maximum allowed limit (%d) " - "has been reached\n", lctx->max_secrets); + "has been reached\n", lctx->quota_secrets->max_secrets); ret = ERR_SEC_INVALID_TOO_MANY_SECRETS; goto done; @@ -451,14 +450,14 @@ static int local_check_max_payload_size(struct local_context *lctx, { int max_payload_size; - max_payload_size = lctx->max_payload_size * 1024; /* kb */ + max_payload_size = lctx->quota_secrets->max_payload_size * 1024; /* kb */ if (payload_size > max_payload_size) { DEBUG(SSSDBG_OP_FAILURE, "Secrets' payload size [%d kb (%d)] exceeds the maximum allowed " "payload size [%d kb (%d)]\n", payload_size * 1024, /* kb */ payload_size, - lctx->max_payload_size, /* kb */ + lctx->quota_secrets->max_payload_size, /* kb */ max_payload_size); return ERR_SEC_PAYLOAD_SIZE_IS_TOO_LARGE; @@ -1019,9 +1018,7 @@ int local_secrets_provider_handle(struct sec_ctx *sctx, return EIO; } - lctx->containers_nest_level = sctx->containers_nest_level; - lctx->max_secrets = sctx->max_secrets; - lctx->max_payload_size = sctx->max_payload_size; + lctx->quota_secrets = &sctx->sec_config.quota; lctx->master_key.data = talloc_size(lctx, MKEY_SIZE); if (!lctx->master_key.data) return ENOMEM; |