|
|
ced1f5 |
From c7003e815aca1c28953c3dc55311ffc3f2d4ab28 Mon Sep 17 00:00:00 2001
|
|
|
ced1f5 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
ced1f5 |
Date: Sun, 12 Nov 2017 19:24:01 +0100
|
|
|
ced1f5 |
Subject: [PATCH 71/83] SDAP: Search with a NULL search base when looking up an
|
|
|
ced1f5 |
ID in the Global Catalog
|
|
|
ced1f5 |
MIME-Version: 1.0
|
|
|
ced1f5 |
Content-Type: text/plain; charset=UTF-8
|
|
|
ced1f5 |
Content-Transfer-Encoding: 8bit
|
|
|
ced1f5 |
|
|
|
ced1f5 |
The posix_check request is used to determine whether domains in the forest
|
|
|
ced1f5 |
replicate the POSIX attributes into the Global Catalog. And since the
|
|
|
ced1f5 |
schema modification that replicates the attributes is not per-domain, but
|
|
|
ced1f5 |
per-forest, we don't need to iterate over search bases when checking for
|
|
|
ced1f5 |
the POSIX attribute presence. It is OK to just search with a NULL search
|
|
|
ced1f5 |
base (and it's what Windows clients do, too).
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Additionally, searching over the whole GC will come handy when implementing
|
|
|
ced1f5 |
the request that located an account's domain.
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
ced1f5 |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
ced1f5 |
(cherry picked from commit 6ae22d9adc0b075361defc99b8f14480ba8e7b46)
|
|
|
ced1f5 |
---
|
|
|
ced1f5 |
src/providers/ldap/ldap_id.c | 2 --
|
|
|
ced1f5 |
src/providers/ldap/sdap_async.c | 51 +++++++-----------------------------
|
|
|
ced1f5 |
src/providers/ldap/sdap_async.h | 1 -
|
|
|
ced1f5 |
src/providers/ldap/sdap_async_enum.c | 1 -
|
|
|
ced1f5 |
4 files changed, 10 insertions(+), 45 deletions(-)
|
|
|
ced1f5 |
|
|
|
ced1f5 |
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
|
|
|
ced1f5 |
index 47969a9749253721334a20f46230f7aecea64882..b5ac3a749113a281fe8a5564ac341ced0570eded 100644
|
|
|
ced1f5 |
--- a/src/providers/ldap/ldap_id.c
|
|
|
ced1f5 |
+++ b/src/providers/ldap/ldap_id.c
|
|
|
ced1f5 |
@@ -417,7 +417,6 @@ static void users_get_connect_done(struct tevent_req *subreq)
|
|
|
ced1f5 |
!state->non_posix)) {
|
|
|
ced1f5 |
subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
|
|
|
ced1f5 |
sdap_id_op_handle(state->op),
|
|
|
ced1f5 |
- state->sdom->user_search_bases,
|
|
|
ced1f5 |
dp_opt_get_int(state->ctx->opts->basic,
|
|
|
ced1f5 |
SDAP_SEARCH_TIMEOUT));
|
|
|
ced1f5 |
if (subreq == NULL) {
|
|
|
ced1f5 |
@@ -963,7 +962,6 @@ static void groups_get_connect_done(struct tevent_req *subreq)
|
|
|
ced1f5 |
!state->non_posix)) {
|
|
|
ced1f5 |
subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
|
|
|
ced1f5 |
sdap_id_op_handle(state->op),
|
|
|
ced1f5 |
- state->sdom->user_search_bases,
|
|
|
ced1f5 |
dp_opt_get_int(state->ctx->opts->basic,
|
|
|
ced1f5 |
SDAP_SEARCH_TIMEOUT));
|
|
|
ced1f5 |
if (subreq == NULL) {
|
|
|
ced1f5 |
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
|
|
|
ced1f5 |
index 246e12a1f386da1841963d5c1d1c4d2870cc1b6b..1df0b85f4bda6442d8da66784ad7424306b1f051 100644
|
|
|
ced1f5 |
--- a/src/providers/ldap/sdap_async.c
|
|
|
ced1f5 |
+++ b/src/providers/ldap/sdap_async.c
|
|
|
ced1f5 |
@@ -2573,7 +2573,6 @@ int sdap_asq_search_recv(struct tevent_req *req,
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
|
|
|
ced1f5 |
/* ==Posix attribute presence test================================= */
|
|
|
ced1f5 |
-static errno_t sdap_posix_check_next(struct tevent_req *req);
|
|
|
ced1f5 |
static void sdap_posix_check_done(struct tevent_req *subreq);
|
|
|
ced1f5 |
static errno_t sdap_posix_check_parse(struct sdap_handle *sh,
|
|
|
ced1f5 |
struct sdap_msg *msg,
|
|
|
ced1f5 |
@@ -2583,12 +2582,10 @@ struct sdap_posix_check_state {
|
|
|
ced1f5 |
struct tevent_context *ev;
|
|
|
ced1f5 |
struct sdap_options *opts;
|
|
|
ced1f5 |
struct sdap_handle *sh;
|
|
|
ced1f5 |
- struct sdap_search_base **search_bases;
|
|
|
ced1f5 |
int timeout;
|
|
|
ced1f5 |
|
|
|
ced1f5 |
const char **attrs;
|
|
|
ced1f5 |
const char *filter;
|
|
|
ced1f5 |
- size_t base_iter;
|
|
|
ced1f5 |
|
|
|
ced1f5 |
bool has_posix;
|
|
|
ced1f5 |
};
|
|
|
ced1f5 |
@@ -2596,10 +2593,10 @@ struct sdap_posix_check_state {
|
|
|
ced1f5 |
struct tevent_req *
|
|
|
ced1f5 |
sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
|
|
|
ced1f5 |
struct sdap_options *opts, struct sdap_handle *sh,
|
|
|
ced1f5 |
- struct sdap_search_base **search_bases,
|
|
|
ced1f5 |
int timeout)
|
|
|
ced1f5 |
{
|
|
|
ced1f5 |
struct tevent_req *req = NULL;
|
|
|
ced1f5 |
+ struct tevent_req *subreq = NULL;
|
|
|
ced1f5 |
struct sdap_posix_check_state *state;
|
|
|
ced1f5 |
errno_t ret;
|
|
|
ced1f5 |
|
|
|
ced1f5 |
@@ -2610,7 +2607,6 @@ sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
|
|
|
ced1f5 |
state->ev = ev;
|
|
|
ced1f5 |
state->sh = sh;
|
|
|
ced1f5 |
state->opts = opts;
|
|
|
ced1f5 |
- state->search_bases = search_bases;
|
|
|
ced1f5 |
state->timeout = timeout;
|
|
|
ced1f5 |
|
|
|
ced1f5 |
state->attrs = talloc_array(state, const char *, 4);
|
|
|
ced1f5 |
@@ -2634,43 +2630,26 @@ sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
|
|
|
ced1f5 |
goto fail;
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
|
|
|
ced1f5 |
- ret = sdap_posix_check_next(req);
|
|
|
ced1f5 |
- if (ret != EOK) {
|
|
|
ced1f5 |
- goto fail;
|
|
|
ced1f5 |
- }
|
|
|
ced1f5 |
-
|
|
|
ced1f5 |
- return req;
|
|
|
ced1f5 |
-
|
|
|
ced1f5 |
-fail:
|
|
|
ced1f5 |
- tevent_req_error(req, ret);
|
|
|
ced1f5 |
- tevent_req_post(req, ev);
|
|
|
ced1f5 |
- return req;
|
|
|
ced1f5 |
-}
|
|
|
ced1f5 |
-
|
|
|
ced1f5 |
-static errno_t sdap_posix_check_next(struct tevent_req *req)
|
|
|
ced1f5 |
-{
|
|
|
ced1f5 |
- struct tevent_req *subreq = NULL;
|
|
|
ced1f5 |
- struct sdap_posix_check_state *state =
|
|
|
ced1f5 |
- tevent_req_data(req, struct sdap_posix_check_state);
|
|
|
ced1f5 |
-
|
|
|
ced1f5 |
- DEBUG(SSSDBG_TRACE_FUNC,
|
|
|
ced1f5 |
- "Searching for POSIX attributes with base [%s]\n",
|
|
|
ced1f5 |
- state->search_bases[state->base_iter]->basedn);
|
|
|
ced1f5 |
-
|
|
|
ced1f5 |
subreq = sdap_get_generic_ext_send(state, state->ev, state->opts,
|
|
|
ced1f5 |
state->sh,
|
|
|
ced1f5 |
- state->search_bases[state->base_iter]->basedn,
|
|
|
ced1f5 |
+ "",
|
|
|
ced1f5 |
LDAP_SCOPE_SUBTREE, state->filter,
|
|
|
ced1f5 |
state->attrs,
|
|
|
ced1f5 |
NULL, NULL, 1, state->timeout,
|
|
|
ced1f5 |
sdap_posix_check_parse, state,
|
|
|
ced1f5 |
SDAP_SRCH_FLG_SIZELIMIT_SILENT);
|
|
|
ced1f5 |
if (subreq == NULL) {
|
|
|
ced1f5 |
- return ENOMEM;
|
|
|
ced1f5 |
+ ret = ENOMEM;
|
|
|
ced1f5 |
+ goto fail;
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
tevent_req_set_callback(subreq, sdap_posix_check_done, req);
|
|
|
ced1f5 |
|
|
|
ced1f5 |
- return EOK;
|
|
|
ced1f5 |
+ return req;
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+fail:
|
|
|
ced1f5 |
+ tevent_req_error(req, ret);
|
|
|
ced1f5 |
+ tevent_req_post(req, ev);
|
|
|
ced1f5 |
+ return req;
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
|
|
|
ced1f5 |
static errno_t sdap_posix_check_parse(struct sdap_handle *sh,
|
|
|
ced1f5 |
@@ -2746,16 +2725,6 @@ static void sdap_posix_check_done(struct tevent_req *subreq)
|
|
|
ced1f5 |
return;
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
|
|
|
ced1f5 |
- state->base_iter++;
|
|
|
ced1f5 |
- if (state->search_bases[state->base_iter]) {
|
|
|
ced1f5 |
- /* There are more search bases to try */
|
|
|
ced1f5 |
- ret = sdap_posix_check_next(req);
|
|
|
ced1f5 |
- if (ret != EOK) {
|
|
|
ced1f5 |
- tevent_req_error(req, ret);
|
|
|
ced1f5 |
- }
|
|
|
ced1f5 |
- return;
|
|
|
ced1f5 |
- }
|
|
|
ced1f5 |
-
|
|
|
ced1f5 |
/* All bases done! */
|
|
|
ced1f5 |
DEBUG(SSSDBG_TRACE_LIBS, "Cycled through all bases\n");
|
|
|
ced1f5 |
tevent_req_done(req);
|
|
|
ced1f5 |
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
|
|
|
ced1f5 |
index 6e5800b42ba4a045fa7985b09a80b6b86b8c6055..7216ba032e551196cf5258b4e58fbfc8cfe417ea 100644
|
|
|
ced1f5 |
--- a/src/providers/ldap/sdap_async.h
|
|
|
ced1f5 |
+++ b/src/providers/ldap/sdap_async.h
|
|
|
ced1f5 |
@@ -269,7 +269,6 @@ int sdap_deref_search_recv(struct tevent_req *req,
|
|
|
ced1f5 |
struct tevent_req *
|
|
|
ced1f5 |
sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev,
|
|
|
ced1f5 |
struct sdap_options *opts, struct sdap_handle *sh,
|
|
|
ced1f5 |
- struct sdap_search_base **search_bases,
|
|
|
ced1f5 |
int timeout);
|
|
|
ced1f5 |
|
|
|
ced1f5 |
int sdap_posix_check_recv(struct tevent_req *req,
|
|
|
ced1f5 |
diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c
|
|
|
ced1f5 |
index baa039d63c71cc5054e6af6538d34d04cde6b858..ec0c679823a8cd9820bb978f77799a3f86621271 100644
|
|
|
ced1f5 |
--- a/src/providers/ldap/sdap_async_enum.c
|
|
|
ced1f5 |
+++ b/src/providers/ldap/sdap_async_enum.c
|
|
|
ced1f5 |
@@ -202,7 +202,6 @@ static void sdap_dom_enum_ex_get_users(struct tevent_req *subreq)
|
|
|
ced1f5 |
true)) {
|
|
|
ced1f5 |
subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
|
|
|
ced1f5 |
sdap_id_op_handle(state->user_op),
|
|
|
ced1f5 |
- state->sdom->user_search_bases,
|
|
|
ced1f5 |
dp_opt_get_int(state->ctx->opts->basic,
|
|
|
ced1f5 |
SDAP_SEARCH_TIMEOUT));
|
|
|
ced1f5 |
if (subreq == NULL) {
|
|
|
ced1f5 |
--
|
|
|
ced1f5 |
2.14.3
|
|
|
ced1f5 |
|