dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0013-AD-Remember-last-site-discovered.patch

ced1f5
From 020d7f12f7c57e3a5c8f844de2b2d0cad020e662 Mon Sep 17 00:00:00 2001
ced1f5
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
ced1f5
Date: Wed, 18 Oct 2017 15:20:34 +0200
ced1f5
Subject: [PATCH 13/21] AD: Remember last site discovered
ced1f5
ced1f5
To discover Active Directory site for a client we must first contact any
ced1f5
directory controller for an LDAP ping. This is done by searching
ced1f5
domain-wide DNS tree which may however contain servers that are not
ced1f5
reachable from current site and than we face long timeouts or failure.
ced1f5
ced1f5
This patch makes sssd remember the last successfuly discovered site
ced1f5
and use this for DNS search to lookup a site and forest again similar
ced1f5
to what we do when ad_site option is set.
ced1f5
ced1f5
Resolves:
ced1f5
https://pagure.io/SSSD/sssd/issue/3265
ced1f5
ced1f5
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ced1f5
(cherry picked from commit f54d202db528207d7794870aabef0656b20369f1)
ced1f5
---
ced1f5
 src/providers/ad/ad_srv.c | 44 +++++++++++++++++++++++++++++++++++++++++++-
ced1f5
 1 file changed, 43 insertions(+), 1 deletion(-)
ced1f5
ced1f5
diff --git a/src/providers/ad/ad_srv.c b/src/providers/ad/ad_srv.c
ced1f5
index ff01ee95c4d2c6875a989394489f1a0495cc3003..be1ba0f237add894566ae713ce5e29fd202d414c 100644
ced1f5
--- a/src/providers/ad/ad_srv.c
ced1f5
+++ b/src/providers/ad/ad_srv.c
ced1f5
@@ -481,6 +481,7 @@ struct ad_srv_plugin_ctx {
ced1f5
     const char *hostname;
ced1f5
     const char *ad_domain;
ced1f5
     const char *ad_site_override;
ced1f5
+    const char *current_site;
ced1f5
 };
ced1f5
 
ced1f5
 struct ad_srv_plugin_ctx *
ced1f5
@@ -518,6 +519,11 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
ced1f5
         if (ctx->ad_site_override == NULL) {
ced1f5
             goto fail;
ced1f5
         }
ced1f5
+
ced1f5
+        ctx->current_site = talloc_strdup(ctx, ad_site_override);
ced1f5
+        if (ctx->current_site == NULL) {
ced1f5
+            goto fail;
ced1f5
+        }
ced1f5
     }
ced1f5
 
ced1f5
     return ctx;
ced1f5
@@ -527,6 +533,32 @@ fail:
ced1f5
     return NULL;
ced1f5
 }
ced1f5
 
ced1f5
+static errno_t
ced1f5
+ad_srv_plugin_ctx_switch_site(struct ad_srv_plugin_ctx *ctx,
ced1f5
+                              const char *new_site)
ced1f5
+{
ced1f5
+    const char *site;
ced1f5
+    errno_t ret;
ced1f5
+
ced1f5
+    if (new_site == NULL) {
ced1f5
+        return EOK;
ced1f5
+    }
ced1f5
+
ced1f5
+    if (ctx->current_site != NULL && strcmp(ctx->current_site, new_site) == 0) {
ced1f5
+        return EOK;
ced1f5
+    }
ced1f5
+
ced1f5
+    site = talloc_strdup(ctx, new_site);
ced1f5
+    if (site == NULL) {
ced1f5
+        return ENOMEM;
ced1f5
+    }
ced1f5
+
ced1f5
+    talloc_zfree(ctx->current_site);
ced1f5
+    ctx->current_site = site;
ced1f5
+
ced1f5
+    return EOK;
ced1f5
+}
ced1f5
+
ced1f5
 struct ad_srv_plugin_state {
ced1f5
     struct tevent_context *ev;
ced1f5
     struct ad_srv_plugin_ctx *ctx;
ced1f5
@@ -613,7 +645,7 @@ struct tevent_req *ad_srv_plugin_send(TALLOC_CTX *mem_ctx,
ced1f5
 
ced1f5
     subreq = ad_get_dc_servers_send(state, ev, ctx->be_res->resolv,
ced1f5
                                     state->discovery_domain,
ced1f5
-                                    state->ctx->ad_site_override);
ced1f5
+                                    state->ctx->current_site);
ced1f5
     if (subreq == NULL) {
ced1f5
         ret = ENOMEM;
ced1f5
         goto immediately;
ced1f5
@@ -709,6 +741,16 @@ static void ad_srv_plugin_site_done(struct tevent_req *subreq)
ced1f5
     backup_domain = NULL;
ced1f5
 
ced1f5
     if (ret == EOK) {
ced1f5
+        /* Remember current site so it can be used during next lookup so
ced1f5
+         * we can contact directory controllers within a known reachable
ced1f5
+         * site first. */
ced1f5
+        ret = ad_srv_plugin_ctx_switch_site(state->ctx, state->site);
ced1f5
+        if (ret != EOK) {
ced1f5
+            DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set site [%d]: %s\n",
ced1f5
+                  ret, sss_strerror(ret));
ced1f5
+            goto done;
ced1f5
+        }
ced1f5
+
ced1f5
         if (strcmp(state->service, "gc") == 0) {
ced1f5
             if (state->forest != NULL) {
ced1f5
                 if (state->site != NULL) {
ced1f5
-- 
ced1f5
2.13.5
ced1f5