[SSSD] [PATCH] Do not allow setting auth, access or chpass providers for LOCAL

Fri, 16 Oct 2009 11:20:33 -0700 

This patch addresses https://fedorahosted.org/sssd/ticket/216

The LOCAL provider does not have a mechanism to load alternate
auth, access or chpass backends, nor does it make sense to do so.

This will throw a configuration error if these values are
specified (unless they are explicitly also set to 'local')

-- 
Stephen Gallagher
RHCE 804006346421761

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

From 2b74cec075a12bd0dcac7e292ffd589fc0bc0414 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Fri, 16 Oct 2009 14:17:23 -0400
Subject: [PATCH] Do not allow setting auth, access or chpass providers for LOCAL

The LOCAL provider does not have a mechanism to load alternate
auth, access or chpass backends, nor does it make sense to do so.

This will throw a configuration error if these values are
specified (unless they are explicitly also set to 'local')
---
 server/confdb/confdb.c |   33 +++++++++++++++++++++++++++++++++
 1 files changed, 33 insertions(+), 0 deletions(-)

diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index 88bdd65..07d776c 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -810,6 +810,39 @@ static int confdb_get_domain_internal(struct confdb_ctx 
*cdb,
         goto done;
     }
 
+    if (strcasecmp(domain->provider, "local") == 0) {
+        /* If this is the local provider, we need to ensure that
+         * no other provider was specified for other types, since
+         * the local provider cannot load them.
+         */
+        tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+                                          CONFDB_DOMAIN_AUTH_PROVIDER,
+                                          NULL);
+        if (tmp && strcasecmp(tmp, "local") != 0) {
+            DEBUG(0, ("Local ID provider does not support [%s] as an AUTH 
provider.\n", tmp));
+            ret = EINVAL;
+            goto done;
+        }
+
+        tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+                                          CONFDB_DOMAIN_ACCESS_PROVIDER,
+                                          NULL);
+        if (tmp && strcasecmp(tmp, "local") != 0) {
+            DEBUG(0, ("Local ID provider does not support [%s] as an ACCESS 
provider.\n", tmp));
+            ret = EINVAL;
+            goto done;
+        }
+
+        tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+                                          CONFDB_DOMAIN_CHPASS_PROVIDER,
+                                          NULL);
+        if (tmp && strcasecmp(tmp, "local") != 0) {
+            DEBUG(0, ("Local ID provider does not support [%s] as a CHPASS 
provider.\n", tmp));
+            ret = EINVAL;
+            goto done;
+        }
+    }
+
     domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0],
                                                CONFDB_DOMAIN_TIMEOUT, 0);
 
-- 
1.6.2.5

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to