|
|
cdf651 |
From dcf8f47b85c0c93dd0c70d5a2093fff82f333e91 Mon Sep 17 00:00:00 2001
|
|
|
cdf651 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
cdf651 |
Date: Wed, 4 Jul 2018 20:10:30 +0200
|
|
|
cdf651 |
Subject: [PATCH] AD: Remove the legacy check from
|
|
|
cdf651 |
ad_get_account_domain_posix_check request
|
|
|
cdf651 |
MIME-Version: 1.0
|
|
|
cdf651 |
Content-Type: text/plain; charset=UTF-8
|
|
|
cdf651 |
Content-Transfer-Encoding: 8bit
|
|
|
cdf651 |
|
|
|
cdf651 |
Previously, the POSIX attribute presence check was run as part of the ID
|
|
|
cdf651 |
request, so it was necessary to also run the check as part of the
|
|
|
cdf651 |
get-domain-for-ID request.
|
|
|
cdf651 |
|
|
|
cdf651 |
Since moving the POSIX check to being a part of the subdomain provider,
|
|
|
cdf651 |
this is no longer needed as the subdomain provider disables the GC
|
|
|
cdf651 |
support on its own if required. Therefore we can just remove the POSIX
|
|
|
cdf651 |
check from the get-domain-for-ID request.
|
|
|
cdf651 |
|
|
|
cdf651 |
Related:
|
|
|
cdf651 |
https://pagure.io/SSSD/sssd/issue/3755
|
|
|
cdf651 |
|
|
|
cdf651 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
cdf651 |
(cherry picked from commit 4273ac0490eeef72d2daa0c7f6cee80d65b6b34d)
|
|
|
cdf651 |
---
|
|
|
cdf651 |
src/providers/ad/ad_id.c | 74 ----------------------------------------
|
|
|
cdf651 |
1 file changed, 74 deletions(-)
|
|
|
cdf651 |
|
|
|
cdf651 |
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
|
|
|
cdf651 |
index 96c5677c681e40419172c2e5aa3c32b8403147b1..1da48433eeb01b069ea6e2829122d93a696fb8a3 100644
|
|
|
cdf651 |
--- a/src/providers/ad/ad_id.c
|
|
|
cdf651 |
+++ b/src/providers/ad/ad_id.c
|
|
|
cdf651 |
@@ -1041,7 +1041,6 @@ ad_enumeration_recv(struct tevent_req *req)
|
|
|
cdf651 |
static errno_t ad_get_account_domain_prepare_search(struct tevent_req *req);
|
|
|
cdf651 |
static errno_t ad_get_account_domain_connect_retry(struct tevent_req *req);
|
|
|
cdf651 |
static void ad_get_account_domain_connect_done(struct tevent_req *subreq);
|
|
|
cdf651 |
-static void ad_get_account_domain_posix_check_done(struct tevent_req *subreq);
|
|
|
cdf651 |
static void ad_get_account_domain_search(struct tevent_req *req);
|
|
|
cdf651 |
static void ad_get_account_domain_search_done(struct tevent_req *subreq);
|
|
|
cdf651 |
static void ad_get_account_domain_evaluate(struct tevent_req *req);
|
|
|
cdf651 |
@@ -1264,79 +1263,6 @@ static void ad_get_account_domain_connect_done(struct tevent_req *subreq)
|
|
|
cdf651 |
return;
|
|
|
cdf651 |
}
|
|
|
cdf651 |
|
|
|
cdf651 |
- /* If POSIX attributes have been requested with an AD server and we
|
|
|
cdf651 |
- * have no idea about POSIX attributes support, run a one-time check
|
|
|
cdf651 |
- */
|
|
|
cdf651 |
- if (state->sdap_id_ctx->srv_opts &&
|
|
|
cdf651 |
- state->sdap_id_ctx->srv_opts->posix_checked == false) {
|
|
|
cdf651 |
- subreq = sdap_gc_posix_check_send(state,
|
|
|
cdf651 |
- state->ev,
|
|
|
cdf651 |
- state->sdap_id_ctx->opts,
|
|
|
cdf651 |
- sdap_id_op_handle(state->op),
|
|
|
cdf651 |
- dp_opt_get_int(
|
|
|
cdf651 |
- state->sdap_id_ctx->opts->basic,
|
|
|
cdf651 |
- SDAP_SEARCH_TIMEOUT));
|
|
|
cdf651 |
- if (subreq == NULL) {
|
|
|
cdf651 |
- tevent_req_error(req, ENOMEM);
|
|
|
cdf651 |
- return;
|
|
|
cdf651 |
- }
|
|
|
cdf651 |
- tevent_req_set_callback(subreq, ad_get_account_domain_posix_check_done, req);
|
|
|
cdf651 |
- return;
|
|
|
cdf651 |
- }
|
|
|
cdf651 |
-
|
|
|
cdf651 |
- ad_get_account_domain_search(req);
|
|
|
cdf651 |
-}
|
|
|
cdf651 |
-
|
|
|
cdf651 |
-static void ad_get_account_domain_posix_check_done(struct tevent_req *subreq)
|
|
|
cdf651 |
-{
|
|
|
cdf651 |
- struct tevent_req *req = tevent_req_callback_data(subreq,
|
|
|
cdf651 |
- struct tevent_req);
|
|
|
cdf651 |
- struct ad_get_account_domain_state *state = tevent_req_data(req,
|
|
|
cdf651 |
- struct ad_get_account_domain_state);
|
|
|
cdf651 |
- int dp_error = DP_ERR_FATAL;
|
|
|
cdf651 |
- bool has_posix;
|
|
|
cdf651 |
- errno_t ret;
|
|
|
cdf651 |
- errno_t ret2;
|
|
|
cdf651 |
-
|
|
|
cdf651 |
- ret = sdap_gc_posix_check_recv(subreq, &has_posix);
|
|
|
cdf651 |
- talloc_zfree(subreq);
|
|
|
cdf651 |
- if (ret != EOK) {
|
|
|
cdf651 |
- /* We can only finish the id_op on error as the connection
|
|
|
cdf651 |
- * is re-used by the real search
|
|
|
cdf651 |
- */
|
|
|
cdf651 |
- ret2 = sdap_id_op_done(state->op, ret, &dp_error);
|
|
|
cdf651 |
- if (dp_error == DP_ERR_OK && ret2 != EOK) {
|
|
|
cdf651 |
- /* retry */
|
|
|
cdf651 |
- ret = ad_get_account_domain_connect_retry(req);
|
|
|
cdf651 |
- if (ret != EOK) {
|
|
|
cdf651 |
- tevent_req_error(req, ret);
|
|
|
cdf651 |
- }
|
|
|
cdf651 |
- return;
|
|
|
cdf651 |
- }
|
|
|
cdf651 |
-
|
|
|
cdf651 |
- tevent_req_error(req, ret);
|
|
|
cdf651 |
- return;
|
|
|
cdf651 |
- }
|
|
|
cdf651 |
-
|
|
|
cdf651 |
- state->sdap_id_ctx->srv_opts->posix_checked = true;
|
|
|
cdf651 |
-
|
|
|
cdf651 |
- /*
|
|
|
cdf651 |
- * If the GC has no POSIX attributes, there is nothing we can do.
|
|
|
cdf651 |
- * Return an error and let the responders disable the functionality
|
|
|
cdf651 |
- * from now on.
|
|
|
cdf651 |
- */
|
|
|
cdf651 |
- if (has_posix == false) {
|
|
|
cdf651 |
- DEBUG(SSSDBG_CONF_SETTINGS,
|
|
|
cdf651 |
- "The Global Catalog has no POSIX attributes\n");
|
|
|
cdf651 |
-
|
|
|
cdf651 |
- disable_gc(state->id_ctx->ad_options);
|
|
|
cdf651 |
- dp_reply_std_set(&state->reply,
|
|
|
cdf651 |
- DP_ERR_DECIDE, ERR_GET_ACCT_DOM_NOT_SUPPORTED,
|
|
|
cdf651 |
- NULL);
|
|
|
cdf651 |
- tevent_req_done(req);
|
|
|
cdf651 |
- return;
|
|
|
cdf651 |
- }
|
|
|
cdf651 |
-
|
|
|
cdf651 |
ad_get_account_domain_search(req);
|
|
|
cdf651 |
}
|
|
|
cdf651 |
|
|
|
cdf651 |
--
|
|
|
cdf651 |
2.17.1
|
|
|
cdf651 |
|