diff options
| author | Simo Sorce <simo@redhat.com> | 2016-12-16 07:13:58 -0500 |
|---|---|---|
| committer | Martin Babinsky <mbabinsk@redhat.com> | 2017-03-10 09:17:28 +0100 |
| commit | 2e5cc369fd8b9d780697a9a286429cc2ca0f448a (patch) | |
| tree | 187f86791f771ee13e0883268168c35e2e16291d /daemons | |
| parent | 9f13b330aaec468a018472dce5fc77131277de94 (diff) | |
| download | freeipa-2e5cc369fd8b9d780697a9a286429cc2ca0f448a.tar.gz freeipa-2e5cc369fd8b9d780697a9a286429cc2ca0f448a.tar.xz freeipa-2e5cc369fd8b9d780697a9a286429cc2ca0f448a.zip | |
Add support for searching policies in cn=accounts
Use the new multibase search to collect policies from multiple subtrees.
The 'any' parameter is set to 'true' so the search stop when the first result
is found in any of the bases.
https://fedorahosted.org/freeipa/ticket/6568
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb.c | 7 | ||||
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb.h | 1 | ||||
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_pwdpolicy.c | 15 |
3 files changed, 17 insertions, 6 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index e74ab5627..c19b7c40e 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -50,6 +50,7 @@ static void ipadb_context_free(krb5_context kcontext, free((*ctx)->uri); free((*ctx)->base); free((*ctx)->realm_base); + free((*ctx)->accounts_base); free((*ctx)->kdc_hostname); /* ldap free lcontext */ if ((*ctx)->lcontext) { @@ -554,6 +555,12 @@ static krb5_error_code ipadb_init_module(krb5_context kcontext, goto fail; } + ret = asprintf(&ipactx->accounts_base, "cn=accounts,%s", ipactx->base); + if (ret == -1) { + ret = ENOMEM; + goto fail; + } + ret = uname(&uname_data); if (ret) { ret = EINVAL; diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index 3c62205aa..8a3f7d3c0 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -101,6 +101,7 @@ struct ipadb_context { char *base; char *realm; char *realm_base; + char *accounts_base; char *kdc_hostname; LDAP *lcontext; krb5_context kcontext; diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c index 0c810af98..1ec584612 100644 --- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c +++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c @@ -137,10 +137,11 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name, osa_policy_ent_t *policy) { struct ipadb_context *ipactx; + char *bases[3] = { NULL }; char *esc_name = NULL; char *src_filter = NULL; krb5_error_code kerr; - LDAPMessage *res = NULL; + struct ipadb_multires *res; LDAPMessage *lentry; osa_policy_ent_t pentry = NULL; uint32_t result; @@ -150,6 +151,8 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name, if (!ipactx) { return KRB5_KDB_DBNOTINITED; } + bases[0] = ipactx->realm_base; + bases[1] = ipactx->accounts_base; esc_name = ipadb_filter_escape(name, true); if (!esc_name) { @@ -162,14 +165,14 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name, goto done; } - kerr = ipadb_simple_search(ipactx, - ipactx->base, LDAP_SCOPE_SUBTREE, - src_filter, std_pwdpolicy_attrs, &res); + kerr = ipadb_multibase_search(ipactx, bases, LDAP_SCOPE_SUBTREE, + src_filter, std_pwdpolicy_attrs, &res, + true); if (kerr) { goto done; } - lentry = ldap_first_entry(ipactx->lcontext, res); + lentry = ipadb_multires_next_entry(res); if (!lentry) { kerr = KRB5_KDB_INTERNAL_ERROR; goto done; @@ -252,7 +255,7 @@ done: } free(esc_name); free(src_filter); - ldap_msgfree(res); + ipadb_multires_free(res); return kerr; } |