Tree - rpms/sssd - CentOS Git server

dpward / rpms / sssd

Forked from rpms/sssd 3 years ago

Source
Stats

Blame SOURCES/0117-SDAP-Fix-handling-of-search-bases.patch

Blob History Raw

		bb7cd1	`From ef6d1aaaa416bca3318e2961269620db7720a55b Mon Sep 17 00:00:00 2001`
		bb7cd1	`From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>`
		bb7cd1	`Date: Tue, 11 Apr 2017 19:56:37 +0200`
		bb7cd1	`Subject: [PATCH 117/118] SDAP: Fix handling of search bases`
		bb7cd1
		bb7cd1	`We were rewriting the sdap_domain's search bases for only the first`
		bb7cd1	`sdap_domain in the list, which does not work for subdomains.`
		bb7cd1
		bb7cd1	`Also when search bases were already initialized in sdap_domain_subdom_add,`
		bb7cd1	`we should only rewrite them when they were explicitly set in sssd.conf.`
		bb7cd1
		bb7cd1	`Resolves:`
		bb7cd1	`https://pagure.io/SSSD/sssd/issue/3351`
		bb7cd1
		bb7cd1	`Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>`
		bb7cd1	`(cherry picked from commit 4c49edbd8df651b1737c59459637962c117212c6)`
		bb7cd1	`---`
		bb7cd1	`src/providers/ad/ad_common.c \| 39 +++++++++++++++++++++----------`
		bb7cd1	`src/providers/ad/ad_common.h \| 3 ++-`
		bb7cd1	`src/providers/ipa/ipa_subdomains_server.c \| 2 +-`
		bb7cd1	`src/providers/ldap/ldap_options.c \| 2 --`
		bb7cd1	`4 files changed, 30 insertions(+), 16 deletions(-)`
		bb7cd1
		bb7cd1	`diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c`
		bb7cd1	`index f893b748a2ddcff1eab6e8d919d2aa950b825446..1a9d8dc0bfdf18e76e3c97a7ac7e297c4d24fd44 100644`
		bb7cd1	`--- a/src/providers/ad/ad_common.c`
		bb7cd1	`+++ b/src/providers/ad/ad_common.c`
		bb7cd1	`@@ -29,7 +29,8 @@ struct ad_server_data {`
		bb7cd1	`bool gc;`
		bb7cd1	`};`
		bb7cd1
		bb7cd1	`-errno_t ad_set_search_bases(struct sdap_options *id_opts);`
		bb7cd1	`+errno_t ad_set_search_bases(struct sdap_options *id_opts,`
		bb7cd1	`+ struct sdap_domain *sdap);`
		bb7cd1	`static errno_t ad_set_sdap_options(struct ad_options *ad_opts,`
		bb7cd1	`struct sdap_options *id_opts);`
		bb7cd1
		bb7cd1	`@@ -1074,7 +1075,7 @@ ad_get_id_options(struct ad_options *ad_opts,`
		bb7cd1	`}`
		bb7cd1
		bb7cd1	`/* Set up search bases if they were assigned explicitly */`
		bb7cd1	`- ret = ad_set_search_bases(id_opts);`
		bb7cd1	`+ ret = ad_set_search_bases(id_opts, NULL);`
		bb7cd1	`if (ret != EOK) {`
		bb7cd1	`talloc_free(id_opts);`
		bb7cd1	`return ret;`
		bb7cd1	`@@ -1116,11 +1117,14 @@ ad_get_autofs_options(struct ad_options *ad_opts,`
		bb7cd1	`}`
		bb7cd1
		bb7cd1	`errno_t`
		bb7cd1	`-ad_set_search_bases(struct sdap_options *id_opts)`
		bb7cd1	`+ad_set_search_bases(struct sdap_options *id_opts,`
		bb7cd1	`+ struct sdap_domain *sdom)`
		bb7cd1	`{`
		bb7cd1	`errno_t ret;`
		bb7cd1	`- char *default_search_base;`
		bb7cd1	`+ char *default_search_base = NULL;`
		bb7cd1	`size_t o;`
		bb7cd1	`+ struct sdap_domain *sdap_dom;`
		bb7cd1	`+ bool has_default;`
		bb7cd1	`const int search_base_options[] = { SDAP_USER_SEARCH_BASE,`
		bb7cd1	`SDAP_GROUP_SEARCH_BASE,`
		bb7cd1	`SDAP_NETGROUP_SEARCH_BASE,`
		bb7cd1	`@@ -1132,10 +1136,21 @@ ad_set_search_bases(struct sdap_options *id_opts)`
		bb7cd1	`* been specifically overridden.`
		bb7cd1	`*/`
		bb7cd1
		bb7cd1	`- default_search_base =`
		bb7cd1	`- dp_opt_get_string(id_opts->basic, SDAP_SEARCH_BASE);`
		bb7cd1	`+ if (sdom != NULL) {`
		bb7cd1	`+ sdap_dom = sdom;`
		bb7cd1	`+ } else {`
		bb7cd1	`+ /* If no specific sdom was given, use the first in the list. */`
		bb7cd1	`+ sdap_dom = id_opts->sdom;`
		bb7cd1	`+ }`
		bb7cd1
		bb7cd1	`- if (default_search_base) {`
		bb7cd1	`+ has_default = sdap_dom->search_bases != NULL;`
		bb7cd1	`+`
		bb7cd1	`+ if (has_default == false) {`
		bb7cd1	`+ default_search_base =`
		bb7cd1	`+ dp_opt_get_string(id_opts->basic, SDAP_SEARCH_BASE);`
		bb7cd1	`+ }`
		bb7cd1	`+`
		bb7cd1	`+ if (default_search_base && has_default == false) {`
		bb7cd1	`/* set search bases if they are not */`
		bb7cd1	`for (o = 0; search_base_options[o] != -1; o++) {`
		bb7cd1	`if (NULL == dp_opt_get_string(id_opts->basic,`
		bb7cd1	`@@ -1162,31 +1177,31 @@ ad_set_search_bases(struct sdap_options *id_opts)`
		bb7cd1	`/* Default search */`
		bb7cd1	`ret = sdap_parse_search_base(id_opts, id_opts->basic,`
		bb7cd1	`SDAP_SEARCH_BASE,`
		bb7cd1	`- &id_opts->sdom->search_bases);`
		bb7cd1	`+ &sdap_dom->search_bases);`
		bb7cd1	`if (ret != EOK && ret != ENOENT) goto done;`
		bb7cd1
		bb7cd1	`/* User search */`
		bb7cd1	`ret = sdap_parse_search_base(id_opts, id_opts->basic,`
		bb7cd1	`SDAP_USER_SEARCH_BASE,`
		bb7cd1	`- &id_opts->sdom->user_search_bases);`
		bb7cd1	`+ &sdap_dom->user_search_bases);`
		bb7cd1	`if (ret != EOK && ret != ENOENT) goto done;`
		bb7cd1
		bb7cd1	`/* Group search base */`
		bb7cd1	`ret = sdap_parse_search_base(id_opts, id_opts->basic,`
		bb7cd1	`SDAP_GROUP_SEARCH_BASE,`
		bb7cd1	`- &id_opts->sdom->group_search_bases);`
		bb7cd1	`+ &sdap_dom->group_search_bases);`
		bb7cd1	`if (ret != EOK && ret != ENOENT) goto done;`
		bb7cd1
		bb7cd1	`/* Netgroup search */`
		bb7cd1	`ret = sdap_parse_search_base(id_opts, id_opts->basic,`
		bb7cd1	`SDAP_NETGROUP_SEARCH_BASE,`
		bb7cd1	`- &id_opts->sdom->netgroup_search_bases);`
		bb7cd1	`+ &sdap_dom->netgroup_search_bases);`
		bb7cd1	`if (ret != EOK && ret != ENOENT) goto done;`
		bb7cd1
		bb7cd1	`/* Service search */`
		bb7cd1	`ret = sdap_parse_search_base(id_opts, id_opts->basic,`
		bb7cd1	`SDAP_SERVICE_SEARCH_BASE,`
		bb7cd1	`- &id_opts->sdom->service_search_bases);`
		bb7cd1	`+ &sdap_dom->service_search_bases);`
		bb7cd1	`if (ret != EOK && ret != ENOENT) goto done;`
		bb7cd1
		bb7cd1	`ret = EOK;`
		bb7cd1	`diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h`
		bb7cd1	`index 2981550f6c390929501ec8942e861b16ea0a5cb0..ce33b37c75f45ae72adb268858cce34759b8b02f 100644`
		bb7cd1	`--- a/src/providers/ad/ad_common.h`
		bb7cd1	`+++ b/src/providers/ad/ad_common.h`
		bb7cd1	`@@ -130,7 +130,8 @@ struct ad_options ad_create_1way_trust_options(TALLOC_CTX mem_ctx,`
		bb7cd1	`const char *keytab,`
		bb7cd1	`const char *sasl_authid);`
		bb7cd1
		bb7cd1	`-errno_t ad_set_search_bases(struct sdap_options *id_opts);`
		bb7cd1	`+errno_t ad_set_search_bases(struct sdap_options *id_opts,`
		bb7cd1	`+ struct sdap_domain *sdap);`
		bb7cd1
		bb7cd1	`errno_t`
		bb7cd1	`ad_failover_init(TALLOC_CTX mem_ctx, struct be_ctx ctx,`
		bb7cd1	`diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c`
		bb7cd1	`index e8ee30392d84f84e30bcdaa3d2110ba130b1ad73..b02ea67af964a03e5466067cdb2b3ba4498120eb 100644`
		bb7cd1	`--- a/src/providers/ipa/ipa_subdomains_server.c`
		bb7cd1	`+++ b/src/providers/ipa/ipa_subdomains_server.c`
		bb7cd1	`@@ -332,7 +332,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,`
		bb7cd1	`return EFAULT;`
		bb7cd1	`}`
		bb7cd1
		bb7cd1	`- ret = ad_set_search_bases(ad_options->id);`
		bb7cd1	`+ ret = ad_set_search_bases(ad_options->id, sdom);`
		bb7cd1	`if (ret != EOK) {`
		bb7cd1	`DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD search bases\n");`
		bb7cd1	`talloc_free(ad_options);`
		bb7cd1	`diff --git a/src/providers/ldap/ldap_options.c b/src/providers/ldap/ldap_options.c`
		bb7cd1	`index 15a2609f07506b6dd442b180651a7e25461976c0..eb4e177b456253ebdfa06ee52886a5dffe0d3351 100644`
		bb7cd1	`--- a/src/providers/ldap/ldap_options.c`
		bb7cd1	`+++ b/src/providers/ldap/ldap_options.c`
		bb7cd1	`@@ -581,8 +581,6 @@ errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx,`
		bb7cd1	`char *unparsed_base;`
		bb7cd1	`const char *old_filter = NULL;`
		bb7cd1
		bb7cd1	`- *_search_bases = NULL;`
		bb7cd1	`-`
		bb7cd1	`switch (class) {`
		bb7cd1	`case SDAP_SEARCH_BASE:`
		bb7cd1	`class_name = "DEFAULT";`
		bb7cd1	`--`
		bb7cd1	`2.9.3`
		bb7cd1

dpward / rpms / sssd

Source Code

Blame SOURCES/0117-SDAP-Fix-handling-of-search-bases.patch