dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From c7003e815aca1c28953c3dc55311ffc3f2d4ab28 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Sun, 12 Nov 2017 19:24:01 +0100
Subject: [PATCH 71/83] SDAP: Search with a NULL search base when looking up an
 ID in the Global Catalog
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The posix_check request is used to determine whether domains in the forest
replicate the POSIX attributes into the Global Catalog. And since the
schema modification that replicates the attributes is not per-domain, but
per-forest, we don't need to iterate over search bases when checking for
the POSIX attribute presence. It is OK to just search with a NULL search
base (and it's what Windows clients do, too).

Additionally, searching over the whole GC will come handy when implementing
the request that located an account's domain.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 6ae22d9adc0b075361defc99b8f14480ba8e7b46)
---
 src/providers/ldap/ldap_id.c         |  2 --
 src/providers/ldap/sdap_async.c      | 51 +++++++-----------------------------
 src/providers/ldap/sdap_async.h      |  1 -
 src/providers/ldap/sdap_async_enum.c |  1 -
 4 files changed, 10 insertions(+), 45 deletions(-)

diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 47969a9749253721334a20f46230f7aecea64882..b5ac3a749113a281fe8a5564ac341ced0570eded 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -417,7 +417,6 @@ static void users_get_connect_done(struct tevent_req *subreq)
                                !state->non_posix)) {
         subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
                                        sdap_id_op_handle(state->op),
-                                       state->sdom->user_search_bases,
                                        dp_opt_get_int(state->ctx->opts->basic,
                                                       SDAP_SEARCH_TIMEOUT));
         if (subreq == NULL) {
@@ -963,7 +962,6 @@ static void groups_get_connect_done(struct tevent_req *subreq)
                                !state->non_posix)) {
         subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
                                        sdap_id_op_handle(state->op),
-                                       state->sdom->user_search_bases,
                                        dp_opt_get_int(state->ctx->opts->basic,
                                                       SDAP_SEARCH_TIMEOUT));
         if (subreq == NULL) {
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 246e12a1f386da1841963d5c1d1c4d2870cc1b6b..1df0b85f4bda6442d8da66784ad7424306b1f051 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -2573,7 +2573,6 @@ int sdap_asq_search_recv(struct tevent_req *req,
 }
 
 /* ==Posix attribute presence test================================= */
-static errno_t sdap_posix_check_next(struct tevent_req *req);
 static void sdap_posix_check_done(struct tevent_req *subreq);
 static errno_t sdap_posix_check_parse(struct sdap_handle *sh,
                                       struct sdap_msg *msg,
@@ -2583,12 +2582,10 @@ struct sdap_posix_check_state {
     struct tevent_context *ev;
     struct sdap_options *opts;
     struct sdap_handle *sh;
-    struct sdap_search_base **search_bases;
     int timeout;
 
     const char **attrs;
     const char *filter;
-    size_t base_iter;
 
     bool has_posix;
 };
@@ -2596,10 +2593,10 @@ struct sdap_posix_check_state {
 struct tevent_req *
 sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
                       struct sdap_options *opts, struct sdap_handle *sh,
-                      struct sdap_search_base **search_bases,
                       int timeout)
 {
     struct tevent_req *req = NULL;
+    struct tevent_req *subreq = NULL;
     struct sdap_posix_check_state *state;
     errno_t ret;
 
@@ -2610,7 +2607,6 @@ sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
     state->ev = ev;
     state->sh = sh;
     state->opts = opts;
-    state->search_bases = search_bases;
     state->timeout = timeout;
 
     state->attrs = talloc_array(state, const char *, 4);
@@ -2634,43 +2630,26 @@ sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
         goto fail;
     }
 
-    ret = sdap_posix_check_next(req);
-    if (ret != EOK) {
-        goto fail;
-    }
-
-    return req;
-
-fail:
-    tevent_req_error(req, ret);
-    tevent_req_post(req, ev);
-    return req;
-}
-
-static errno_t sdap_posix_check_next(struct tevent_req *req)
-{
-    struct tevent_req *subreq = NULL;
-    struct sdap_posix_check_state *state =
-        tevent_req_data(req, struct sdap_posix_check_state);
-
-    DEBUG(SSSDBG_TRACE_FUNC,
-          "Searching for POSIX attributes with base [%s]\n",
-           state->search_bases[state->base_iter]->basedn);
-
     subreq = sdap_get_generic_ext_send(state, state->ev, state->opts,
                                  state->sh,
-                                 state->search_bases[state->base_iter]->basedn,
+                                 "",
                                  LDAP_SCOPE_SUBTREE, state->filter,
                                  state->attrs,
                                  NULL, NULL, 1, state->timeout,
                                  sdap_posix_check_parse, state,
                                  SDAP_SRCH_FLG_SIZELIMIT_SILENT);
     if (subreq == NULL) {
-        return ENOMEM;
+        ret = ENOMEM;
+        goto fail;
     }
     tevent_req_set_callback(subreq, sdap_posix_check_done, req);
 
-    return EOK;
+    return req;
+
+fail:
+    tevent_req_error(req, ret);
+    tevent_req_post(req, ev);
+    return req;
 }
 
 static errno_t sdap_posix_check_parse(struct sdap_handle *sh,
@@ -2746,16 +2725,6 @@ static void sdap_posix_check_done(struct tevent_req *subreq)
         return;
     }
 
-    state->base_iter++;
-    if (state->search_bases[state->base_iter]) {
-        /* There are more search bases to try */
-        ret = sdap_posix_check_next(req);
-        if (ret != EOK) {
-            tevent_req_error(req, ret);
-        }
-        return;
-    }
-
     /* All bases done! */
     DEBUG(SSSDBG_TRACE_LIBS, "Cycled through all bases\n");
     tevent_req_done(req);
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 6e5800b42ba4a045fa7985b09a80b6b86b8c6055..7216ba032e551196cf5258b4e58fbfc8cfe417ea 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -269,7 +269,6 @@ int sdap_deref_search_recv(struct tevent_req *req,
 struct tevent_req *
 sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
                       struct sdap_options *opts, struct sdap_handle *sh,
-                      struct sdap_search_base **search_bases,
                       int timeout);
 
 int sdap_posix_check_recv(struct tevent_req *req,
diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c
index baa039d63c71cc5054e6af6538d34d04cde6b858..ec0c679823a8cd9820bb978f77799a3f86621271 100644
--- a/src/providers/ldap/sdap_async_enum.c
+++ b/src/providers/ldap/sdap_async_enum.c
@@ -202,7 +202,6 @@ static void sdap_dom_enum_ex_get_users(struct tevent_req *subreq)
                                true)) {
         subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
                                        sdap_id_op_handle(state->user_op),
-                                       state->sdom->user_search_bases,
                                        dp_opt_get_int(state->ctx->opts->basic,
                                                       SDAP_SEARCH_TIMEOUT));
         if (subreq == NULL) {
-- 
2.14.3