|
 |
ced1f5 |
From 405f08eabf5017cc00891fb2090be80306c8aeae Mon Sep 17 00:00:00 2001
|
|
|
ced1f5 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
ced1f5 |
Date: Thu, 30 Nov 2017 12:01:51 +0100
|
|
|
ced1f5 |
Subject: [PATCH 70/83] LDAP: Only run the POSIX check with a GC connection
|
|
|
ced1f5 |
MIME-Version: 1.0
|
|
|
ced1f5 |
Content-Type: text/plain; charset=UTF-8
|
|
|
ced1f5 |
Content-Transfer-Encoding: 8bit
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Previously, we used to run the POSIX check also with an LDAP connection.
|
|
|
ced1f5 |
This was wasteful, but worked, so the waste wasn't the biggest problem
|
|
|
ced1f5 |
-- the approach would only cause problems with the following patch which
|
|
|
ced1f5 |
uses a NULL search base to search the Global Catalog, because searching
|
|
|
ced1f5 |
with a SUBTREE scope and a NULL base returns a referral with an LDAP
|
|
|
ced1f5 |
connection.
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Instead, this patch uses a heuristics (whether the connection ignores
|
|
|
ced1f5 |
the offline state) to check if the connection is a POSIX one and if it
|
|
|
ced1f5 |
is NOT, then skips the POSIX check.
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
ced1f5 |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
ced1f5 |
(cherry picked from commit dacfe74113dde62ddaaa7f9abf9d2b6448d89db6)
|
|
|
ced1f5 |
---
|
|
|
ced1f5 |
src/providers/ldap/ldap_common.c | 2 ++
|
|
|
ced1f5 |
src/providers/ldap/ldap_common.h | 1 +
|
|
|
ced1f5 |
src/providers/ldap/ldap_id.c | 2 ++
|
|
|
ced1f5 |
src/providers/ldap/sdap_async_enum.c | 1 +
|
|
|
ced1f5 |
4 files changed, 6 insertions(+)
|
|
|
ced1f5 |
|
|
|
ced1f5 |
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
|
|
|
ced1f5 |
index 3eff3515d95043d4b59cb0d9953cf050355a0ca5..36e79b9d6ca23ef5e21a8b0bedc7f05db8f4fc98 100644
|
|
|
ced1f5 |
--- a/src/providers/ldap/ldap_common.c
|
|
|
ced1f5 |
+++ b/src/providers/ldap/ldap_common.c
|
|
|
ced1f5 |
@@ -973,12 +973,14 @@ sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
|
|
|
ced1f5 |
bool should_run_posix_check(struct sdap_id_ctx *ctx,
|
|
|
ced1f5 |
+ struct sdap_id_conn_ctx *conn,
|
|
|
ced1f5 |
bool use_id_mapping,
|
|
|
ced1f5 |
bool posix_request)
|
|
|
ced1f5 |
{
|
|
|
ced1f5 |
if (use_id_mapping == false &&
|
|
|
ced1f5 |
posix_request == true &&
|
|
|
ced1f5 |
ctx->opts->schema_type == SDAP_SCHEMA_AD &&
|
|
|
ced1f5 |
+ conn->ignore_mark_offline == true &&
|
|
|
ced1f5 |
ctx->srv_opts &&
|
|
|
ced1f5 |
ctx->srv_opts->posix_checked == false) {
|
|
|
ced1f5 |
return true;
|
|
|
ced1f5 |
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
|
|
|
ced1f5 |
index fa7cda4df9d7334f6f0f5baccae0cba0478bfbea..44dbc3fb0678412f46366321e0be836313380949 100644
|
|
|
ced1f5 |
--- a/src/providers/ldap/ldap_common.h
|
|
|
ced1f5 |
+++ b/src/providers/ldap/ldap_common.h
|
|
|
ced1f5 |
@@ -305,6 +305,7 @@ char *get_enterprise_principal_string_filter(TALLOC_CTX *mem_ctx,
|
|
|
ced1f5 |
struct dp_option *sdap_basic_opts);
|
|
|
ced1f5 |
|
|
|
ced1f5 |
bool should_run_posix_check(struct sdap_id_ctx *ctx,
|
|
|
ced1f5 |
+ struct sdap_id_conn_ctx *conn,
|
|
|
ced1f5 |
bool id_mapping,
|
|
|
ced1f5 |
bool posix_request);
|
|
|
ced1f5 |
|
|
|
ced1f5 |
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
|
|
|
ced1f5 |
index 6ab9e0aa1db3eed32deb75211ded30a4cb48ca30..47969a9749253721334a20f46230f7aecea64882 100644
|
|
|
ced1f5 |
--- a/src/providers/ldap/ldap_id.c
|
|
|
ced1f5 |
+++ b/src/providers/ldap/ldap_id.c
|
|
|
ced1f5 |
@@ -412,6 +412,7 @@ static void users_get_connect_done(struct tevent_req *subreq)
|
|
|
ced1f5 |
* have no idea about POSIX attributes support, run a one-time check
|
|
|
ced1f5 |
*/
|
|
|
ced1f5 |
if (should_run_posix_check(state->ctx,
|
|
|
ced1f5 |
+ state->conn,
|
|
|
ced1f5 |
state->use_id_mapping,
|
|
|
ced1f5 |
!state->non_posix)) {
|
|
|
ced1f5 |
subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
|
|
|
ced1f5 |
@@ -957,6 +958,7 @@ static void groups_get_connect_done(struct tevent_req *subreq)
|
|
|
ced1f5 |
* have no idea about POSIX attributes support, run a one-time check
|
|
|
ced1f5 |
*/
|
|
|
ced1f5 |
if (should_run_posix_check(state->ctx,
|
|
|
ced1f5 |
+ state->conn,
|
|
|
ced1f5 |
state->use_id_mapping,
|
|
|
ced1f5 |
!state->non_posix)) {
|
|
|
ced1f5 |
subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
|
|
|
ced1f5 |
diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c
|
|
|
ced1f5 |
index 2cef4eb886f982ba388a34955bdd38468fe68200..baa039d63c71cc5054e6af6538d34d04cde6b858 100644
|
|
|
ced1f5 |
--- a/src/providers/ldap/sdap_async_enum.c
|
|
|
ced1f5 |
+++ b/src/providers/ldap/sdap_async_enum.c
|
|
|
ced1f5 |
@@ -197,6 +197,7 @@ static void sdap_dom_enum_ex_get_users(struct tevent_req *subreq)
|
|
|
ced1f5 |
* have no idea about POSIX attributes support, run a one-time check
|
|
|
ced1f5 |
*/
|
|
|
ced1f5 |
if (should_run_posix_check(state->ctx,
|
|
|
ced1f5 |
+ state->user_conn,
|
|
|
ced1f5 |
use_id_mapping,
|
|
|
ced1f5 |
true)) {
|
|
|
ced1f5 |
subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
|
|
|
ced1f5 |
--
|
|
|
ced1f5 |
2.14.3
|
|
|
ced1f5 |
|