dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0071-SDAP-Search-with-a-NULL-search-base-when-looking-up-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   ab1ddb1a1bb39484793bc7c20de8ffd3760a3442
  2.   SOURCES
  3.   0071-SDAP-Search-with-a-NULL-search-base-when-looking-up-.patch
Blob History Raw
9f2ebf 
From c7003e815aca1c28953c3dc55311ffc3f2d4ab28 Mon Sep 17 00:00:00 2001
9f2ebf 
From: Jakub Hrozek <jhrozek@redhat.com>
9f2ebf 
Date: Sun, 12 Nov 2017 19:24:01 +0100
9f2ebf 
Subject: [PATCH 71/83] SDAP: Search with a NULL search base when looking up an
9f2ebf 
 ID in the Global Catalog
9f2ebf 
MIME-Version: 1.0
9f2ebf 
Content-Type: text/plain; charset=UTF-8
9f2ebf 
Content-Transfer-Encoding: 8bit
9f2ebf
9f2ebf 
The posix_check request is used to determine whether domains in the forest
9f2ebf 
replicate the POSIX attributes into the Global Catalog. And since the
9f2ebf 
schema modification that replicates the attributes is not per-domain, but
9f2ebf 
per-forest, we don't need to iterate over search bases when checking for
9f2ebf 
the POSIX attribute presence. It is OK to just search with a NULL search
9f2ebf 
base (and it's what Windows clients do, too).
9f2ebf
9f2ebf 
Additionally, searching over the whole GC will come handy when implementing
9f2ebf 
the request that located an account's domain.
9f2ebf
9f2ebf 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
9f2ebf 
Reviewed-by: Sumit Bose <sbose@redhat.com>
9f2ebf 
(cherry picked from commit 6ae22d9adc0b075361defc99b8f14480ba8e7b46)
9f2ebf 
---
9f2ebf 
 src/providers/ldap/ldap_id.c         |  2 --
9f2ebf 
 src/providers/ldap/sdap_async.c      | 51 +++++++-----------------------------
9f2ebf 
 src/providers/ldap/sdap_async.h      |  1 -
9f2ebf 
 src/providers/ldap/sdap_async_enum.c |  1 -
9f2ebf 
 4 files changed, 10 insertions(+), 45 deletions(-)
9f2ebf
9f2ebf 
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
9f2ebf 
index 47969a9749253721334a20f46230f7aecea64882..b5ac3a749113a281fe8a5564ac341ced0570eded 100644
9f2ebf 
--- a/src/providers/ldap/ldap_id.c
9f2ebf 
+++ b/src/providers/ldap/ldap_id.c
9f2ebf 
@@ -417,7 +417,6 @@ static void users_get_connect_done(struct tevent_req *subreq)
9f2ebf 
                                !state->non_posix)) {
9f2ebf 
         subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
9f2ebf 
                                        sdap_id_op_handle(state->op),
9f2ebf 
-                                       state->sdom->user_search_bases,
9f2ebf 
                                        dp_opt_get_int(state->ctx->opts->basic,
9f2ebf 
                                                       SDAP_SEARCH_TIMEOUT));
9f2ebf 
         if (subreq == NULL) {
9f2ebf 
@@ -963,7 +962,6 @@ static void groups_get_connect_done(struct tevent_req *subreq)
9f2ebf 
                                !state->non_posix)) {
9f2ebf 
         subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
9f2ebf 
                                        sdap_id_op_handle(state->op),
9f2ebf 
-                                       state->sdom->user_search_bases,
9f2ebf 
                                        dp_opt_get_int(state->ctx->opts->basic,
9f2ebf 
                                                       SDAP_SEARCH_TIMEOUT));
9f2ebf 
         if (subreq == NULL) {
9f2ebf 
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
9f2ebf 
index 246e12a1f386da1841963d5c1d1c4d2870cc1b6b..1df0b85f4bda6442d8da66784ad7424306b1f051 100644
9f2ebf 
--- a/src/providers/ldap/sdap_async.c
9f2ebf 
+++ b/src/providers/ldap/sdap_async.c
9f2ebf 
@@ -2573,7 +2573,6 @@ int sdap_asq_search_recv(struct tevent_req *req,
9f2ebf 
 }
9f2ebf
9f2ebf 
 /* ==Posix attribute presence test================================= */
9f2ebf 
-static errno_t sdap_posix_check_next(struct tevent_req *req);
9f2ebf 
 static void sdap_posix_check_done(struct tevent_req *subreq);
9f2ebf 
 static errno_t sdap_posix_check_parse(struct sdap_handle *sh,
9f2ebf 
                                       struct sdap_msg *msg,
9f2ebf 
@@ -2583,12 +2582,10 @@ struct sdap_posix_check_state {
9f2ebf 
     struct tevent_context *ev;
9f2ebf 
     struct sdap_options *opts;
9f2ebf 
     struct sdap_handle *sh;
9f2ebf 
-    struct sdap_search_base **search_bases;
9f2ebf 
     int timeout;
9f2ebf
9f2ebf 
     const char **attrs;
9f2ebf 
     const char *filter;
9f2ebf 
-    size_t base_iter;
9f2ebf
9f2ebf 
     bool has_posix;
9f2ebf 
 };
9f2ebf 
@@ -2596,10 +2593,10 @@ struct sdap_posix_check_state {
9f2ebf 
 struct tevent_req *
9f2ebf 
 sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
9f2ebf 
                       struct sdap_options *opts, struct sdap_handle *sh,
9f2ebf 
-                      struct sdap_search_base **search_bases,
9f2ebf 
                       int timeout)
9f2ebf 
 {
9f2ebf 
     struct tevent_req *req = NULL;
9f2ebf 
+    struct tevent_req *subreq = NULL;
9f2ebf 
     struct sdap_posix_check_state *state;
9f2ebf 
     errno_t ret;
9f2ebf
9f2ebf 
@@ -2610,7 +2607,6 @@ sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
9f2ebf 
     state->ev = ev;
9f2ebf 
     state->sh = sh;
9f2ebf 
     state->opts = opts;
9f2ebf 
-    state->search_bases = search_bases;
9f2ebf 
     state->timeout = timeout;
9f2ebf
9f2ebf 
     state->attrs = talloc_array(state, const char *, 4);
9f2ebf 
@@ -2634,43 +2630,26 @@ sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
9f2ebf 
         goto fail;
9f2ebf 
     }
9f2ebf
9f2ebf 
-    ret = sdap_posix_check_next(req);
9f2ebf 
-    if (ret != EOK) {
9f2ebf 
-        goto fail;
9f2ebf 
-    }
9f2ebf 
-
9f2ebf 
-    return req;
9f2ebf 
-
9f2ebf 
-fail:
9f2ebf 
-    tevent_req_error(req, ret);
9f2ebf 
-    tevent_req_post(req, ev);
9f2ebf 
-    return req;
9f2ebf 
-}
9f2ebf 
-
9f2ebf 
-static errno_t sdap_posix_check_next(struct tevent_req *req)
9f2ebf 
-{
9f2ebf 
-    struct tevent_req *subreq = NULL;
9f2ebf 
-    struct sdap_posix_check_state *state =
9f2ebf 
-        tevent_req_data(req, struct sdap_posix_check_state);
9f2ebf 
-
9f2ebf 
-    DEBUG(SSSDBG_TRACE_FUNC,
9f2ebf 
-          "Searching for POSIX attributes with base [%s]\n",
9f2ebf 
-           state->search_bases[state->base_iter]->basedn);
9f2ebf 
-
9f2ebf 
     subreq = sdap_get_generic_ext_send(state, state->ev, state->opts,
9f2ebf 
                                  state->sh,
9f2ebf 
-                                 state->search_bases[state->base_iter]->basedn,
9f2ebf 
+                                 "",
9f2ebf 
                                  LDAP_SCOPE_SUBTREE, state->filter,
9f2ebf 
                                  state->attrs,
9f2ebf 
                                  NULL, NULL, 1, state->timeout,
9f2ebf 
                                  sdap_posix_check_parse, state,
9f2ebf 
                                  SDAP_SRCH_FLG_SIZELIMIT_SILENT);
9f2ebf 
     if (subreq == NULL) {
9f2ebf 
-        return ENOMEM;
9f2ebf 
+        ret = ENOMEM;
9f2ebf 
+        goto fail;
9f2ebf 
     }
9f2ebf 
     tevent_req_set_callback(subreq, sdap_posix_check_done, req);
9f2ebf
9f2ebf 
-    return EOK;
9f2ebf 
+    return req;
9f2ebf 
+
9f2ebf 
+fail:
9f2ebf 
+    tevent_req_error(req, ret);
9f2ebf 
+    tevent_req_post(req, ev);
9f2ebf 
+    return req;
9f2ebf 
 }
9f2ebf
9f2ebf 
 static errno_t sdap_posix_check_parse(struct sdap_handle *sh,
9f2ebf 
@@ -2746,16 +2725,6 @@ static void sdap_posix_check_done(struct tevent_req *subreq)
9f2ebf 
         return;
9f2ebf 
     }
9f2ebf
9f2ebf 
-    state->base_iter++;
9f2ebf 
-    if (state->search_bases[state->base_iter]) {
9f2ebf 
-        /* There are more search bases to try */
9f2ebf 
-        ret = sdap_posix_check_next(req);
9f2ebf 
-        if (ret != EOK) {
9f2ebf 
-            tevent_req_error(req, ret);
9f2ebf 
-        }
9f2ebf 
-        return;
9f2ebf 
-    }
9f2ebf 
-
9f2ebf 
     /* All bases done! */
9f2ebf 
     DEBUG(SSSDBG_TRACE_LIBS, "Cycled through all bases\n");
9f2ebf 
     tevent_req_done(req);
9f2ebf 
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
9f2ebf 
index 6e5800b42ba4a045fa7985b09a80b6b86b8c6055..7216ba032e551196cf5258b4e58fbfc8cfe417ea 100644
9f2ebf 
--- a/src/providers/ldap/sdap_async.h
9f2ebf 
+++ b/src/providers/ldap/sdap_async.h
9f2ebf 
@@ -269,7 +269,6 @@ int sdap_deref_search_recv(struct tevent_req *req,
9f2ebf 
 struct tevent_req *
9f2ebf 
 sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
9f2ebf 
                       struct sdap_options *opts, struct sdap_handle *sh,
9f2ebf 
-                      struct sdap_search_base **search_bases,
9f2ebf 
                       int timeout);
9f2ebf
9f2ebf 
 int sdap_posix_check_recv(struct tevent_req *req,
9f2ebf 
diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c
9f2ebf 
index baa039d63c71cc5054e6af6538d34d04cde6b858..ec0c679823a8cd9820bb978f77799a3f86621271 100644
9f2ebf 
--- a/src/providers/ldap/sdap_async_enum.c
9f2ebf 
+++ b/src/providers/ldap/sdap_async_enum.c
9f2ebf 
@@ -202,7 +202,6 @@ static void sdap_dom_enum_ex_get_users(struct tevent_req *subreq)
9f2ebf 
                                true)) {
9f2ebf 
         subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
9f2ebf 
                                        sdap_id_op_handle(state->user_op),
9f2ebf 
-                                       state->sdom->user_search_bases,
9f2ebf 
                                        dp_opt_get_int(state->ctx->opts->basic,
9f2ebf 
                                                       SDAP_SEARCH_TIMEOUT));
9f2ebf 
         if (subreq == NULL) {
9f2ebf 
--
9f2ebf 
2.14.3
9f2ebf

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation