diff options
Diffstat (limited to 'daemons')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb.c | 7 | ||||
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb.h | 1 | ||||
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_pwdpolicy.c | 15 |
3 files changed, 17 insertions, 6 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index e96353fe2..b0cc49808 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -50,6 +50,7 @@ static void ipadb_context_free(krb5_context kcontext, free((*ctx)->uri); free((*ctx)->base); free((*ctx)->realm_base); + free((*ctx)->accounts_base); free((*ctx)->kdc_hostname); /* ldap free lcontext */ if ((*ctx)->lcontext) { @@ -554,6 +555,12 @@ static krb5_error_code ipadb_init_module(krb5_context kcontext, goto fail; } + ret = asprintf(&ipactx->accounts_base, "cn=accounts,%s", ipactx->base); + if (ret == -1) { + ret = ENOMEM; + goto fail; + } + ret = uname(&uname_data); if (ret) { ret = EINVAL; diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index e1f46c69b..10aaee416 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -101,6 +101,7 @@ struct ipadb_context { char *base; char *realm; char *realm_base; + char *accounts_base; char *kdc_hostname; LDAP *lcontext; krb5_context kcontext; diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c index 0c810af98..1ec584612 100644 --- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c +++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c @@ -137,10 +137,11 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name, osa_policy_ent_t *policy) { struct ipadb_context *ipactx; + char *bases[3] = { NULL }; char *esc_name = NULL; char *src_filter = NULL; krb5_error_code kerr; - LDAPMessage *res = NULL; + struct ipadb_multires *res; LDAPMessage *lentry; osa_policy_ent_t pentry = NULL; uint32_t result; @@ -150,6 +151,8 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name, if (!ipactx) { return KRB5_KDB_DBNOTINITED; } + bases[0] = ipactx->realm_base; + bases[1] = ipactx->accounts_base; esc_name = ipadb_filter_escape(name, true); if (!esc_name) { @@ -162,14 +165,14 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name, goto done; } - kerr = ipadb_simple_search(ipactx, - ipactx->base, LDAP_SCOPE_SUBTREE, - src_filter, std_pwdpolicy_attrs, &res); + kerr = ipadb_multibase_search(ipactx, bases, LDAP_SCOPE_SUBTREE, + src_filter, std_pwdpolicy_attrs, &res, + true); if (kerr) { goto done; } - lentry = ldap_first_entry(ipactx->lcontext, res); + lentry = ipadb_multires_next_entry(res); if (!lentry) { kerr = KRB5_KDB_INTERNAL_ERROR; goto done; @@ -252,7 +255,7 @@ done: } free(esc_name); free(src_filter); - ldap_msgfree(res); + ipadb_multires_free(res); return kerr; } |