diff options
| author | Simo Sorce <simo@redhat.com> | 2016-12-16 07:13:58 -0500 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2017-01-25 06:53:46 -0500 |
| commit | ace018d4cacee51b8b5c2e207cc1b3843cd92582 (patch) | |
| tree | c426640a9c5d5b9667d86dc9191a93230852c603 | |
| parent | a7213592a0b643a63dbdc8bff5bae08f30448b7b (diff) | |
| download | freeipa-pwdpolicy.tar.gz freeipa-pwdpolicy.tar.xz freeipa-pwdpolicy.zip | |
Add support for searching policies in cn=accountspwdpolicy
Use the new multibase search to collect policies from multiple subtrees.
The 'any' parameter is set to 'true' so the search stop when the first result
is found in any of the bases.
https://fedorahosted.org/freeipa/ticket/6568
Signed-off-by: Simo Sorce <simo@redhat.com>
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb.c | 7 | ||||
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb.h | 1 | ||||
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_pwdpolicy.c | 15 |
3 files changed, 17 insertions, 6 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index e96353fe2..b0cc49808 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -50,6 +50,7 @@ static void ipadb_context_free(krb5_context kcontext, free((*ctx)->uri); free((*ctx)->base); free((*ctx)->realm_base); + free((*ctx)->accounts_base); free((*ctx)->kdc_hostname); /* ldap free lcontext */ if ((*ctx)->lcontext) { @@ -554,6 +555,12 @@ static krb5_error_code ipadb_init_module(krb5_context kcontext, goto fail; } + ret = asprintf(&ipactx->accounts_base, "cn=accounts,%s", ipactx->base); + if (ret == -1) { + ret = ENOMEM; + goto fail; + } + ret = uname(&uname_data); if (ret) { ret = EINVAL; diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index e1f46c69b..10aaee416 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -101,6 +101,7 @@ struct ipadb_context { char *base; char *realm; char *realm_base; + char *accounts_base; char *kdc_hostname; LDAP *lcontext; krb5_context kcontext; diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c index 0c810af98..1ec584612 100644 --- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c +++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c @@ -137,10 +137,11 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name, osa_policy_ent_t *policy) { struct ipadb_context *ipactx; + char *bases[3] = { NULL }; char *esc_name = NULL; char *src_filter = NULL; krb5_error_code kerr; - LDAPMessage *res = NULL; + struct ipadb_multires *res; LDAPMessage *lentry; osa_policy_ent_t pentry = NULL; uint32_t result; @@ -150,6 +151,8 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name, if (!ipactx) { return KRB5_KDB_DBNOTINITED; } + bases[0] = ipactx->realm_base; + bases[1] = ipactx->accounts_base; esc_name = ipadb_filter_escape(name, true); if (!esc_name) { @@ -162,14 +165,14 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name, goto done; } - kerr = ipadb_simple_search(ipactx, - ipactx->base, LDAP_SCOPE_SUBTREE, - src_filter, std_pwdpolicy_attrs, &res); + kerr = ipadb_multibase_search(ipactx, bases, LDAP_SCOPE_SUBTREE, + src_filter, std_pwdpolicy_attrs, &res, + true); if (kerr) { goto done; } - lentry = ldap_first_entry(ipactx->lcontext, res); + lentry = ipadb_multires_next_entry(res); if (!lentry) { kerr = KRB5_KDB_INTERNAL_ERROR; goto done; @@ -252,7 +255,7 @@ done: } free(esc_name); free(src_filter); - ldap_msgfree(res); + ipadb_multires_free(res); return kerr; } |