|
|
bb7cd1 |
From 7c6fd66fa9ca942bc240b49f903d9d3d85340c4c Mon Sep 17 00:00:00 2001
|
|
|
bb7cd1 |
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
|
|
|
bb7cd1 |
Date: Tue, 11 Apr 2017 17:19:29 +0200
|
|
|
bb7cd1 |
Subject: [PATCH 107/110] CACHE_REQ: Allow configurationless shortname lookups
|
|
|
bb7cd1 |
MIME-Version: 1.0
|
|
|
bb7cd1 |
Content-Type: text/plain; charset=UTF-8
|
|
|
bb7cd1 |
Content-Transfer-Encoding: 8bit
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Configurationless shortnames lookups must be allowed when a domains'
|
|
|
bb7cd1 |
resolution order is present and the (head) domain is not enforcing the
|
|
|
bb7cd1 |
usage of fully-qualified-names.
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
With this patch SSSD does not require any kind of changes from client
|
|
|
bb7cd1 |
side for taking advantage of shortname lookups.
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Related:
|
|
|
bb7cd1 |
https://pagure.io/SSSD/sssd/issue/3001
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
bb7cd1 |
(cherry picked from commit dae798231fc2c575f213785768bc24ed765ba243)
|
|
|
bb7cd1 |
---
|
|
|
bb7cd1 |
src/responder/common/cache_req/cache_req.c | 2 +-
|
|
|
bb7cd1 |
src/responder/common/cache_req/cache_req_domain.c | 48 +++++++++++++++++++++++
|
|
|
bb7cd1 |
src/responder/common/cache_req/cache_req_domain.h | 1 +
|
|
|
bb7cd1 |
3 files changed, 50 insertions(+), 1 deletion(-)
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c
|
|
|
bb7cd1 |
index 3a5fecf34427437bbf95317e05c5bd8b07b4537d..797325a30e6c1ed5f1d4b4c147c65391d5204b52 100644
|
|
|
bb7cd1 |
--- a/src/responder/common/cache_req/cache_req.c
|
|
|
bb7cd1 |
+++ b/src/responder/common/cache_req/cache_req.c
|
|
|
bb7cd1 |
@@ -480,7 +480,7 @@ static errno_t cache_req_search_domains_next(struct tevent_req *req)
|
|
|
bb7cd1 |
* qualified names on domain less search. We do not descend into
|
|
|
bb7cd1 |
* subdomains here since those are implicitly qualified.
|
|
|
bb7cd1 |
*/
|
|
|
bb7cd1 |
- if (state->check_next && !allow_no_fqn && domain->fqnames) {
|
|
|
bb7cd1 |
+ if (state->check_next && !allow_no_fqn && state->cr_domain->fqnames) {
|
|
|
bb7cd1 |
state->cr_domain = state->cr_domain->next;
|
|
|
bb7cd1 |
continue;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
diff --git a/src/responder/common/cache_req/cache_req_domain.c b/src/responder/common/cache_req/cache_req_domain.c
|
|
|
bb7cd1 |
index 86a88efd54ca0f4a0748b44ece1b8515438d4628..bfdd2b7f640178f6d0a0d92f2fed329c856b478c 100644
|
|
|
bb7cd1 |
--- a/src/responder/common/cache_req/cache_req_domain.c
|
|
|
bb7cd1 |
+++ b/src/responder/common/cache_req/cache_req_domain.c
|
|
|
bb7cd1 |
@@ -60,6 +60,48 @@ void cache_req_domain_list_zfree(struct cache_req_domain **cr_domains)
|
|
|
bb7cd1 |
*cr_domains = NULL;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
+static bool
|
|
|
bb7cd1 |
+cache_req_domain_use_fqnames(struct sss_domain_info *domain,
|
|
|
bb7cd1 |
+ bool enforce_non_fqnames)
|
|
|
bb7cd1 |
+{
|
|
|
bb7cd1 |
+ struct sss_domain_info *head;
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ head = get_domains_head(domain);
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ /*
|
|
|
bb7cd1 |
+ * In order to decide whether fully_qualified_names must be used on the
|
|
|
bb7cd1 |
+ * lookups we have to take into consideration:
|
|
|
bb7cd1 |
+ * - use_fully_qualified_name value of the head of the domains;
|
|
|
bb7cd1 |
+ * (head->fqnames)
|
|
|
bb7cd1 |
+ * - the presence of a domains' resolution order list;
|
|
|
bb7cd1 |
+ * (non_fqnames_enforced)
|
|
|
bb7cd1 |
+ *
|
|
|
bb7cd1 |
+ * The relationship between those two can be described by:
|
|
|
bb7cd1 |
+ * - head->fqnames:
|
|
|
bb7cd1 |
+ * - true: in this case doesn't matter whether it's enforced or not,
|
|
|
bb7cd1 |
+ * fully-qualified-names will _always_ be used
|
|
|
bb7cd1 |
+ * - false: in this case (which is also the default case), the usage
|
|
|
bb7cd1 |
+ * depends on it being enforced;
|
|
|
bb7cd1 |
+ *
|
|
|
bb7cd1 |
+ * - enforce_non_fqnames:
|
|
|
bb7cd1 |
+ * - true: in this case, the usage of fully-qualified-names is not
|
|
|
bb7cd1 |
+ * needed;
|
|
|
bb7cd1 |
+ * - false: in this case, the usage of fully-qualified-names will be
|
|
|
bb7cd1 |
+ * done accordingly to what's set for the domain itself.
|
|
|
bb7cd1 |
+ */
|
|
|
bb7cd1 |
+ switch (head->fqnames) {
|
|
|
bb7cd1 |
+ case true:
|
|
|
bb7cd1 |
+ return true;
|
|
|
bb7cd1 |
+ case false:
|
|
|
bb7cd1 |
+ switch (enforce_non_fqnames) {
|
|
|
bb7cd1 |
+ case true:
|
|
|
bb7cd1 |
+ return false;
|
|
|
bb7cd1 |
+ case false:
|
|
|
bb7cd1 |
+ return domain->fqnames;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+}
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
static struct cache_req_domain *
|
|
|
bb7cd1 |
cache_req_domain_new_list_from_string_list(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
struct sss_domain_info *domains,
|
|
|
bb7cd1 |
@@ -71,9 +113,11 @@ cache_req_domain_new_list_from_string_list(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
char *name;
|
|
|
bb7cd1 |
int flag = SSS_GND_ALL_DOMAINS;
|
|
|
bb7cd1 |
int i;
|
|
|
bb7cd1 |
+ bool enforce_non_fqnames = false;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
if (resolution_order != NULL) {
|
|
|
bb7cd1 |
+ enforce_non_fqnames = true;
|
|
|
bb7cd1 |
for (i = 0; resolution_order[i] != NULL; i++) {
|
|
|
bb7cd1 |
name = resolution_order[i];
|
|
|
bb7cd1 |
for (dom = domains; dom; dom = get_next_domain(dom, flag)) {
|
|
|
bb7cd1 |
@@ -87,6 +131,8 @@ cache_req_domain_new_list_from_string_list(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
goto done;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
cr_domain->domain = dom;
|
|
|
bb7cd1 |
+ cr_domain->fqnames =
|
|
|
bb7cd1 |
+ cache_req_domain_use_fqnames(dom, enforce_non_fqnames);
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
DLIST_ADD_END(cr_domains, cr_domain,
|
|
|
bb7cd1 |
struct cache_req_domain *);
|
|
|
bb7cd1 |
@@ -106,6 +152,8 @@ cache_req_domain_new_list_from_string_list(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
goto done;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
cr_domain->domain = dom;
|
|
|
bb7cd1 |
+ cr_domain->fqnames =
|
|
|
bb7cd1 |
+ cache_req_domain_use_fqnames(dom, enforce_non_fqnames);
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
DLIST_ADD_END(cr_domains, cr_domain, struct cache_req_domain *);
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
diff --git a/src/responder/common/cache_req/cache_req_domain.h b/src/responder/common/cache_req/cache_req_domain.h
|
|
|
bb7cd1 |
index 000087e5ca2074f22169a4af627810f4f287e430..5bcbb9b493caf05bf71aac5cf7633ded91f22e73 100644
|
|
|
bb7cd1 |
--- a/src/responder/common/cache_req/cache_req_domain.h
|
|
|
bb7cd1 |
+++ b/src/responder/common/cache_req/cache_req_domain.h
|
|
|
bb7cd1 |
@@ -25,6 +25,7 @@
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
struct cache_req_domain {
|
|
|
bb7cd1 |
struct sss_domain_info *domain;
|
|
|
bb7cd1 |
+ bool fqnames;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
struct cache_req_domain *prev;
|
|
|
bb7cd1 |
struct cache_req_domain *next;
|
|
|
bb7cd1 |
--
|
|
|
bb7cd1 |
2.9.3
|
|
|
bb7cd1 |
|