dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0033-AD-Remove-the-legacy-check-from-ad_get_account_domai.patch

ca1eb8
From dcf8f47b85c0c93dd0c70d5a2093fff82f333e91 Mon Sep 17 00:00:00 2001
ca1eb8
From: Jakub Hrozek <jhrozek@redhat.com>
ca1eb8
Date: Wed, 4 Jul 2018 20:10:30 +0200
ca1eb8
Subject: [PATCH] AD: Remove the legacy check from
ca1eb8
 ad_get_account_domain_posix_check request
ca1eb8
MIME-Version: 1.0
ca1eb8
Content-Type: text/plain; charset=UTF-8
ca1eb8
Content-Transfer-Encoding: 8bit
ca1eb8
ca1eb8
Previously, the POSIX attribute presence check was run as part of the ID
ca1eb8
request, so it was necessary to also run the check as part of the
ca1eb8
get-domain-for-ID request.
ca1eb8
ca1eb8
Since moving the POSIX check to being a part of the subdomain provider,
ca1eb8
this is no longer needed as the subdomain provider disables the GC
ca1eb8
support on its own if required. Therefore we can just remove the POSIX
ca1eb8
check from the get-domain-for-ID request.
ca1eb8
ca1eb8
Related:
ca1eb8
https://pagure.io/SSSD/sssd/issue/3755
ca1eb8
ca1eb8
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
ca1eb8
(cherry picked from commit 4273ac0490eeef72d2daa0c7f6cee80d65b6b34d)
ca1eb8
---
ca1eb8
 src/providers/ad/ad_id.c | 74 ----------------------------------------
ca1eb8
 1 file changed, 74 deletions(-)
ca1eb8
ca1eb8
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
ca1eb8
index 96c5677c681e40419172c2e5aa3c32b8403147b1..1da48433eeb01b069ea6e2829122d93a696fb8a3 100644
ca1eb8
--- a/src/providers/ad/ad_id.c
ca1eb8
+++ b/src/providers/ad/ad_id.c
ca1eb8
@@ -1041,7 +1041,6 @@ ad_enumeration_recv(struct tevent_req *req)
ca1eb8
 static errno_t ad_get_account_domain_prepare_search(struct tevent_req *req);
ca1eb8
 static errno_t ad_get_account_domain_connect_retry(struct tevent_req *req);
ca1eb8
 static void ad_get_account_domain_connect_done(struct tevent_req *subreq);
ca1eb8
-static void ad_get_account_domain_posix_check_done(struct tevent_req *subreq);
ca1eb8
 static void ad_get_account_domain_search(struct tevent_req *req);
ca1eb8
 static void ad_get_account_domain_search_done(struct tevent_req *subreq);
ca1eb8
 static void ad_get_account_domain_evaluate(struct tevent_req *req);
ca1eb8
@@ -1264,79 +1263,6 @@ static void ad_get_account_domain_connect_done(struct tevent_req *subreq)
ca1eb8
         return;
ca1eb8
     }
ca1eb8
 
ca1eb8
-    /* If POSIX attributes have been requested with an AD server and we
ca1eb8
-     * have no idea about POSIX attributes support, run a one-time check
ca1eb8
-     */
ca1eb8
-    if (state->sdap_id_ctx->srv_opts &&
ca1eb8
-        state->sdap_id_ctx->srv_opts->posix_checked == false) {
ca1eb8
-        subreq = sdap_gc_posix_check_send(state,
ca1eb8
-                                          state->ev,
ca1eb8
-                                          state->sdap_id_ctx->opts,
ca1eb8
-                                          sdap_id_op_handle(state->op),
ca1eb8
-                                          dp_opt_get_int(
ca1eb8
-                                              state->sdap_id_ctx->opts->basic,
ca1eb8
-                                              SDAP_SEARCH_TIMEOUT));
ca1eb8
-        if (subreq == NULL) {
ca1eb8
-            tevent_req_error(req, ENOMEM);
ca1eb8
-            return;
ca1eb8
-        }
ca1eb8
-        tevent_req_set_callback(subreq, ad_get_account_domain_posix_check_done, req);
ca1eb8
-        return;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    ad_get_account_domain_search(req);
ca1eb8
-}
ca1eb8
-
ca1eb8
-static void ad_get_account_domain_posix_check_done(struct tevent_req *subreq)
ca1eb8
-{
ca1eb8
-    struct tevent_req *req = tevent_req_callback_data(subreq,
ca1eb8
-                                                      struct tevent_req);
ca1eb8
-    struct ad_get_account_domain_state *state = tevent_req_data(req,
ca1eb8
-                                          struct ad_get_account_domain_state);
ca1eb8
-    int dp_error = DP_ERR_FATAL;
ca1eb8
-    bool has_posix;
ca1eb8
-    errno_t ret;
ca1eb8
-    errno_t ret2;
ca1eb8
-
ca1eb8
-    ret = sdap_gc_posix_check_recv(subreq, &has_posix);
ca1eb8
-    talloc_zfree(subreq);
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        /* We can only finish the id_op on error as the connection
ca1eb8
-         * is re-used by the real search
ca1eb8
-         */
ca1eb8
-        ret2 = sdap_id_op_done(state->op, ret, &dp_error);
ca1eb8
-        if (dp_error == DP_ERR_OK && ret2 != EOK) {
ca1eb8
-            /* retry */
ca1eb8
-            ret = ad_get_account_domain_connect_retry(req);
ca1eb8
-            if (ret != EOK) {
ca1eb8
-                tevent_req_error(req, ret);
ca1eb8
-            }
ca1eb8
-            return;
ca1eb8
-        }
ca1eb8
-
ca1eb8
-        tevent_req_error(req, ret);
ca1eb8
-        return;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    state->sdap_id_ctx->srv_opts->posix_checked = true;
ca1eb8
-
ca1eb8
-    /*
ca1eb8
-     * If the GC has no POSIX attributes, there is nothing we can do.
ca1eb8
-     * Return an error and let the responders disable the functionality
ca1eb8
-     * from now on.
ca1eb8
-     */
ca1eb8
-    if (has_posix == false) {
ca1eb8
-        DEBUG(SSSDBG_CONF_SETTINGS,
ca1eb8
-              "The Global Catalog has no POSIX attributes\n");
ca1eb8
-
ca1eb8
-        disable_gc(state->id_ctx->ad_options);
ca1eb8
-        dp_reply_std_set(&state->reply,
ca1eb8
-                         DP_ERR_DECIDE, ERR_GET_ACCT_DOM_NOT_SUPPORTED,
ca1eb8
-                         NULL);
ca1eb8
-        tevent_req_done(req);
ca1eb8
-        return;
ca1eb8
-    }
ca1eb8
-
ca1eb8
     ad_get_account_domain_search(req);
ca1eb8
 }
ca1eb8
 
ca1eb8
-- 
ca1eb8
2.17.1
ca1eb8