summaryrefslogtreecommitdiffstats
path: root/daemons
diff options
context:
space:
mode:
Diffstat (limited to 'daemons')
-rw-r--r--daemons/ipa-kdb/ipa_kdb.c7
-rw-r--r--daemons/ipa-kdb/ipa_kdb.h1
-rw-r--r--daemons/ipa-kdb/ipa_kdb_pwdpolicy.c15
3 files changed, 17 insertions, 6 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
index e96353fe2..b0cc49808 100644
--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
@@ -50,6 +50,7 @@ static void ipadb_context_free(krb5_context kcontext,
free((*ctx)->uri);
free((*ctx)->base);
free((*ctx)->realm_base);
+ free((*ctx)->accounts_base);
free((*ctx)->kdc_hostname);
/* ldap free lcontext */
if ((*ctx)->lcontext) {
@@ -554,6 +555,12 @@ static krb5_error_code ipadb_init_module(krb5_context kcontext,
goto fail;
}
+ ret = asprintf(&ipactx->accounts_base, "cn=accounts,%s", ipactx->base);
+ if (ret == -1) {
+ ret = ENOMEM;
+ goto fail;
+ }
+
ret = uname(&uname_data);
if (ret) {
ret = EINVAL;
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index e1f46c69b..10aaee416 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -101,6 +101,7 @@ struct ipadb_context {
char *base;
char *realm;
char *realm_base;
+ char *accounts_base;
char *kdc_hostname;
LDAP *lcontext;
krb5_context kcontext;
diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
index 0c810af98..1ec584612 100644
--- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
+++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
@@ -137,10 +137,11 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name,
osa_policy_ent_t *policy)
{
struct ipadb_context *ipactx;
+ char *bases[3] = { NULL };
char *esc_name = NULL;
char *src_filter = NULL;
krb5_error_code kerr;
- LDAPMessage *res = NULL;
+ struct ipadb_multires *res;
LDAPMessage *lentry;
osa_policy_ent_t pentry = NULL;
uint32_t result;
@@ -150,6 +151,8 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name,
if (!ipactx) {
return KRB5_KDB_DBNOTINITED;
}
+ bases[0] = ipactx->realm_base;
+ bases[1] = ipactx->accounts_base;
esc_name = ipadb_filter_escape(name, true);
if (!esc_name) {
@@ -162,14 +165,14 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name,
goto done;
}
- kerr = ipadb_simple_search(ipactx,
- ipactx->base, LDAP_SCOPE_SUBTREE,
- src_filter, std_pwdpolicy_attrs, &res);
+ kerr = ipadb_multibase_search(ipactx, bases, LDAP_SCOPE_SUBTREE,
+ src_filter, std_pwdpolicy_attrs, &res,
+ true);
if (kerr) {
goto done;
}
- lentry = ldap_first_entry(ipactx->lcontext, res);
+ lentry = ipadb_multires_next_entry(res);
if (!lentry) {
kerr = KRB5_KDB_INTERNAL_ERROR;
goto done;
@@ -252,7 +255,7 @@ done:
}
free(esc_name);
free(src_filter);
- ldap_msgfree(res);
+ ipadb_multires_free(res);
return kerr;
}
generated by cgit (git 2.34.1) at 2024-06-07 13:27:08 +0000