dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0033-AD-Remove-the-legacy-check-from-ad_get_account_domai.patch

cdf651
From dcf8f47b85c0c93dd0c70d5a2093fff82f333e91 Mon Sep 17 00:00:00 2001
cdf651
From: Jakub Hrozek <jhrozek@redhat.com>
cdf651
Date: Wed, 4 Jul 2018 20:10:30 +0200
cdf651
Subject: [PATCH] AD: Remove the legacy check from
cdf651
 ad_get_account_domain_posix_check request
cdf651
MIME-Version: 1.0
cdf651
Content-Type: text/plain; charset=UTF-8
cdf651
Content-Transfer-Encoding: 8bit
cdf651
cdf651
Previously, the POSIX attribute presence check was run as part of the ID
cdf651
request, so it was necessary to also run the check as part of the
cdf651
get-domain-for-ID request.
cdf651
cdf651
Since moving the POSIX check to being a part of the subdomain provider,
cdf651
this is no longer needed as the subdomain provider disables the GC
cdf651
support on its own if required. Therefore we can just remove the POSIX
cdf651
check from the get-domain-for-ID request.
cdf651
cdf651
Related:
cdf651
https://pagure.io/SSSD/sssd/issue/3755
cdf651
cdf651
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
cdf651
(cherry picked from commit 4273ac0490eeef72d2daa0c7f6cee80d65b6b34d)
cdf651
---
cdf651
 src/providers/ad/ad_id.c | 74 ----------------------------------------
cdf651
 1 file changed, 74 deletions(-)
cdf651
cdf651
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
cdf651
index 96c5677c681e40419172c2e5aa3c32b8403147b1..1da48433eeb01b069ea6e2829122d93a696fb8a3 100644
cdf651
--- a/src/providers/ad/ad_id.c
cdf651
+++ b/src/providers/ad/ad_id.c
cdf651
@@ -1041,7 +1041,6 @@ ad_enumeration_recv(struct tevent_req *req)
cdf651
 static errno_t ad_get_account_domain_prepare_search(struct tevent_req *req);
cdf651
 static errno_t ad_get_account_domain_connect_retry(struct tevent_req *req);
cdf651
 static void ad_get_account_domain_connect_done(struct tevent_req *subreq);
cdf651
-static void ad_get_account_domain_posix_check_done(struct tevent_req *subreq);
cdf651
 static void ad_get_account_domain_search(struct tevent_req *req);
cdf651
 static void ad_get_account_domain_search_done(struct tevent_req *subreq);
cdf651
 static void ad_get_account_domain_evaluate(struct tevent_req *req);
cdf651
@@ -1264,79 +1263,6 @@ static void ad_get_account_domain_connect_done(struct tevent_req *subreq)
cdf651
         return;
cdf651
     }
cdf651
 
cdf651
-    /* If POSIX attributes have been requested with an AD server and we
cdf651
-     * have no idea about POSIX attributes support, run a one-time check
cdf651
-     */
cdf651
-    if (state->sdap_id_ctx->srv_opts &&
cdf651
-        state->sdap_id_ctx->srv_opts->posix_checked == false) {
cdf651
-        subreq = sdap_gc_posix_check_send(state,
cdf651
-                                          state->ev,
cdf651
-                                          state->sdap_id_ctx->opts,
cdf651
-                                          sdap_id_op_handle(state->op),
cdf651
-                                          dp_opt_get_int(
cdf651
-                                              state->sdap_id_ctx->opts->basic,
cdf651
-                                              SDAP_SEARCH_TIMEOUT));
cdf651
-        if (subreq == NULL) {
cdf651
-            tevent_req_error(req, ENOMEM);
cdf651
-            return;
cdf651
-        }
cdf651
-        tevent_req_set_callback(subreq, ad_get_account_domain_posix_check_done, req);
cdf651
-        return;
cdf651
-    }
cdf651
-
cdf651
-    ad_get_account_domain_search(req);
cdf651
-}
cdf651
-
cdf651
-static void ad_get_account_domain_posix_check_done(struct tevent_req *subreq)
cdf651
-{
cdf651
-    struct tevent_req *req = tevent_req_callback_data(subreq,
cdf651
-                                                      struct tevent_req);
cdf651
-    struct ad_get_account_domain_state *state = tevent_req_data(req,
cdf651
-                                          struct ad_get_account_domain_state);
cdf651
-    int dp_error = DP_ERR_FATAL;
cdf651
-    bool has_posix;
cdf651
-    errno_t ret;
cdf651
-    errno_t ret2;
cdf651
-
cdf651
-    ret = sdap_gc_posix_check_recv(subreq, &has_posix);
cdf651
-    talloc_zfree(subreq);
cdf651
-    if (ret != EOK) {
cdf651
-        /* We can only finish the id_op on error as the connection
cdf651
-         * is re-used by the real search
cdf651
-         */
cdf651
-        ret2 = sdap_id_op_done(state->op, ret, &dp_error);
cdf651
-        if (dp_error == DP_ERR_OK && ret2 != EOK) {
cdf651
-            /* retry */
cdf651
-            ret = ad_get_account_domain_connect_retry(req);
cdf651
-            if (ret != EOK) {
cdf651
-                tevent_req_error(req, ret);
cdf651
-            }
cdf651
-            return;
cdf651
-        }
cdf651
-
cdf651
-        tevent_req_error(req, ret);
cdf651
-        return;
cdf651
-    }
cdf651
-
cdf651
-    state->sdap_id_ctx->srv_opts->posix_checked = true;
cdf651
-
cdf651
-    /*
cdf651
-     * If the GC has no POSIX attributes, there is nothing we can do.
cdf651
-     * Return an error and let the responders disable the functionality
cdf651
-     * from now on.
cdf651
-     */
cdf651
-    if (has_posix == false) {
cdf651
-        DEBUG(SSSDBG_CONF_SETTINGS,
cdf651
-              "The Global Catalog has no POSIX attributes\n");
cdf651
-
cdf651
-        disable_gc(state->id_ctx->ad_options);
cdf651
-        dp_reply_std_set(&state->reply,
cdf651
-                         DP_ERR_DECIDE, ERR_GET_ACCT_DOM_NOT_SUPPORTED,
cdf651
-                         NULL);
cdf651
-        tevent_req_done(req);
cdf651
-        return;
cdf651
-    }
cdf651
-
cdf651
     ad_get_account_domain_search(req);
cdf651
 }
cdf651
 
cdf651
-- 
cdf651
2.17.1
cdf651