|
|
ced1f5 |
From 020d7f12f7c57e3a5c8f844de2b2d0cad020e662 Mon Sep 17 00:00:00 2001
|
|
|
ced1f5 |
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
|
ced1f5 |
Date: Wed, 18 Oct 2017 15:20:34 +0200
|
|
|
ced1f5 |
Subject: [PATCH 13/21] AD: Remember last site discovered
|
|
|
ced1f5 |
|
|
|
ced1f5 |
To discover Active Directory site for a client we must first contact any
|
|
|
ced1f5 |
directory controller for an LDAP ping. This is done by searching
|
|
|
ced1f5 |
domain-wide DNS tree which may however contain servers that are not
|
|
|
ced1f5 |
reachable from current site and than we face long timeouts or failure.
|
|
|
ced1f5 |
|
|
|
ced1f5 |
This patch makes sssd remember the last successfuly discovered site
|
|
|
ced1f5 |
and use this for DNS search to lookup a site and forest again similar
|
|
|
ced1f5 |
to what we do when ad_site option is set.
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Resolves:
|
|
|
ced1f5 |
https://pagure.io/SSSD/sssd/issue/3265
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
ced1f5 |
(cherry picked from commit f54d202db528207d7794870aabef0656b20369f1)
|
|
|
ced1f5 |
---
|
|
|
ced1f5 |
src/providers/ad/ad_srv.c | 44 +++++++++++++++++++++++++++++++++++++++++++-
|
|
|
ced1f5 |
1 file changed, 43 insertions(+), 1 deletion(-)
|
|
|
ced1f5 |
|
|
|
ced1f5 |
diff --git a/src/providers/ad/ad_srv.c b/src/providers/ad/ad_srv.c
|
|
|
ced1f5 |
index ff01ee95c4d2c6875a989394489f1a0495cc3003..be1ba0f237add894566ae713ce5e29fd202d414c 100644
|
|
|
ced1f5 |
--- a/src/providers/ad/ad_srv.c
|
|
|
ced1f5 |
+++ b/src/providers/ad/ad_srv.c
|
|
|
ced1f5 |
@@ -481,6 +481,7 @@ struct ad_srv_plugin_ctx {
|
|
|
ced1f5 |
const char *hostname;
|
|
|
ced1f5 |
const char *ad_domain;
|
|
|
ced1f5 |
const char *ad_site_override;
|
|
|
ced1f5 |
+ const char *current_site;
|
|
|
ced1f5 |
};
|
|
|
ced1f5 |
|
|
|
ced1f5 |
struct ad_srv_plugin_ctx *
|
|
|
ced1f5 |
@@ -518,6 +519,11 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
|
|
|
ced1f5 |
if (ctx->ad_site_override == NULL) {
|
|
|
ced1f5 |
goto fail;
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ ctx->current_site = talloc_strdup(ctx, ad_site_override);
|
|
|
ced1f5 |
+ if (ctx->current_site == NULL) {
|
|
|
ced1f5 |
+ goto fail;
|
|
|
ced1f5 |
+ }
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
|
|
|
ced1f5 |
return ctx;
|
|
|
ced1f5 |
@@ -527,6 +533,32 @@ fail:
|
|
|
ced1f5 |
return NULL;
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
|
|
|
ced1f5 |
+static errno_t
|
|
|
ced1f5 |
+ad_srv_plugin_ctx_switch_site(struct ad_srv_plugin_ctx *ctx,
|
|
|
ced1f5 |
+ const char *new_site)
|
|
|
ced1f5 |
+{
|
|
|
ced1f5 |
+ const char *site;
|
|
|
ced1f5 |
+ errno_t ret;
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ if (new_site == NULL) {
|
|
|
ced1f5 |
+ return EOK;
|
|
|
ced1f5 |
+ }
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ if (ctx->current_site != NULL && strcmp(ctx->current_site, new_site) == 0) {
|
|
|
ced1f5 |
+ return EOK;
|
|
|
ced1f5 |
+ }
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ site = talloc_strdup(ctx, new_site);
|
|
|
ced1f5 |
+ if (site == NULL) {
|
|
|
ced1f5 |
+ return ENOMEM;
|
|
|
ced1f5 |
+ }
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ talloc_zfree(ctx->current_site);
|
|
|
ced1f5 |
+ ctx->current_site = site;
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ return EOK;
|
|
|
ced1f5 |
+}
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
struct ad_srv_plugin_state {
|
|
|
ced1f5 |
struct tevent_context *ev;
|
|
|
ced1f5 |
struct ad_srv_plugin_ctx *ctx;
|
|
|
ced1f5 |
@@ -613,7 +645,7 @@ struct tevent_req *ad_srv_plugin_send(TALLOC_CTX *mem_ctx,
|
|
|
ced1f5 |
|
|
|
ced1f5 |
subreq = ad_get_dc_servers_send(state, ev, ctx->be_res->resolv,
|
|
|
ced1f5 |
state->discovery_domain,
|
|
|
ced1f5 |
- state->ctx->ad_site_override);
|
|
|
ced1f5 |
+ state->ctx->current_site);
|
|
|
ced1f5 |
if (subreq == NULL) {
|
|
|
ced1f5 |
ret = ENOMEM;
|
|
|
ced1f5 |
goto immediately;
|
|
|
ced1f5 |
@@ -709,6 +741,16 @@ static void ad_srv_plugin_site_done(struct tevent_req *subreq)
|
|
|
ced1f5 |
backup_domain = NULL;
|
|
|
ced1f5 |
|
|
|
ced1f5 |
if (ret == EOK) {
|
|
|
ced1f5 |
+ /* Remember current site so it can be used during next lookup so
|
|
|
ced1f5 |
+ * we can contact directory controllers within a known reachable
|
|
|
ced1f5 |
+ * site first. */
|
|
|
ced1f5 |
+ ret = ad_srv_plugin_ctx_switch_site(state->ctx, state->site);
|
|
|
ced1f5 |
+ if (ret != EOK) {
|
|
|
ced1f5 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set site [%d]: %s\n",
|
|
|
ced1f5 |
+ ret, sss_strerror(ret));
|
|
|
ced1f5 |
+ goto done;
|
|
|
ced1f5 |
+ }
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
if (strcmp(state->service, "gc") == 0) {
|
|
|
ced1f5 |
if (state->forest != NULL) {
|
|
|
ced1f5 |
if (state->site != NULL) {
|
|
|
ced1f5 |
--
|
|
|
ced1f5 |
2.13.5
|
|
|
ced1f5 |
|