dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0101-AD-Consolidate-connection-list-construction-on-ad_co.patch

6cf099
From 64b1b88acacf4004acdfca1a6cda9763e017dfbf Mon Sep 17 00:00:00 2001
6cf099
From: Jakub Hrozek <jhrozek@redhat.com>
6cf099
Date: Mon, 5 Oct 2015 16:11:14 +0200
6cf099
Subject: [PATCH 101/101] AD: Consolidate connection list construction on
6cf099
 ad_common.c
6cf099
6cf099
Reviewed-by: Sumit Bose <sbose@redhat.com>
6cf099
(cherry picked from commit afb21fd06690a0bec288a7970abf74ed2ea7dfdc)
6cf099
(cherry picked from commit f1742784d9b1cffd74f67beeb26375124183428a)
6cf099
---
6cf099
 src/providers/ad/ad_common.c      | 31 +++++++++++++++++++++++++++++++
6cf099
 src/providers/ad/ad_common.h      |  5 +++++
6cf099
 src/providers/ad/ad_id.c          | 18 +-----------------
6cf099
 src/tests/cmocka/test_ad_common.c | 34 ++++++++++++++++++++++++++++++++++
6cf099
 4 files changed, 71 insertions(+), 17 deletions(-)
6cf099
6cf099
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
6cf099
index df277e55e234d4d4efe34d5f5d8efdfe7267fb60..650ec41578297f7b3a59df118b71a6bb8bc6d6ed 100644
6cf099
--- a/src/providers/ad/ad_common.c
6cf099
+++ b/src/providers/ad/ad_common.c
6cf099
@@ -1286,3 +1286,34 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
6cf099
     clist[1] = NULL;
6cf099
     return clist;
6cf099
 }
6cf099
+
6cf099
+struct sdap_id_conn_ctx **
6cf099
+ad_user_conn_list(TALLOC_CTX *mem_ctx,
6cf099
+                  struct ad_id_ctx *ad_ctx,
6cf099
+                  struct sss_domain_info *dom)
6cf099
+{
6cf099
+    struct sdap_id_conn_ctx **clist;
6cf099
+    int cindex = 0;
6cf099
+
6cf099
+    clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3);
6cf099
+    if (clist == NULL) {
6cf099
+        return NULL;
6cf099
+    }
6cf099
+
6cf099
+    /* Try GC first for users from trusted domains, but go to LDAP
6cf099
+     * for users from non-trusted domains to get all POSIX attrs
6cf099
+     */
6cf099
+    if (dp_opt_get_bool(ad_ctx->ad_options->basic, AD_ENABLE_GC)
6cf099
+            && IS_SUBDOMAIN(dom)) {
6cf099
+        clist[cindex] = ad_ctx->gc_ctx;
6cf099
+        clist[cindex]->ignore_mark_offline = true;
6cf099
+        cindex++;
6cf099
+    }
6cf099
+
6cf099
+    /* Users from primary domain can be just downloaded from LDAP.
6cf099
+     * The domain's LDAP connection also works as a fallback
6cf099
+     */
6cf099
+    clist[cindex] = ad_get_dom_ldap_conn(ad_ctx, dom);
6cf099
+
6cf099
+    return clist;
6cf099
+}
6cf099
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
6cf099
index 701e461987cb286ca7add2766ffb4dc496bde01e..0cefa1859aaa75731267917e66ab9a1905528e91 100644
6cf099
--- a/src/providers/ad/ad_common.h
6cf099
+++ b/src/providers/ad/ad_common.h
6cf099
@@ -153,6 +153,11 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
6cf099
                   struct ad_id_ctx *ad_ctx,
6cf099
                   struct sss_domain_info *dom);
6cf099
 
6cf099
+struct sdap_id_conn_ctx **
6cf099
+ad_user_conn_list(TALLOC_CTX *mem_ctx,
6cf099
+                  struct ad_id_ctx *ad_ctx,
6cf099
+                  struct sss_domain_info *dom);
6cf099
+
6cf099
 struct sdap_id_conn_ctx *
6cf099
 ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom);
6cf099
 
6cf099
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
6cf099
index be0cb3b12f2e3a2b53d740ecf3befc07fd853f8b..51d378863a5c7394ca3a2b8bd72f8c131a2b02b1 100644
6cf099
--- a/src/providers/ad/ad_id.c
6cf099
+++ b/src/providers/ad/ad_id.c
6cf099
@@ -244,25 +244,10 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx,
6cf099
               struct sss_domain_info *dom, struct be_acct_req *ar)
6cf099
 {
6cf099
     struct sdap_id_conn_ctx **clist;
6cf099
-    int cindex = 0;
6cf099
 
6cf099
     switch (ar->entry_type & BE_REQ_TYPE_MASK) {
6cf099
     case BE_REQ_USER: /* user */
6cf099
-        clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3);
6cf099
-        if (clist == NULL) return NULL;
6cf099
-
6cf099
-        /* Try GC first for users from trusted domains */
6cf099
-        if (dp_opt_get_bool(ad_ctx->ad_options->basic, AD_ENABLE_GC)
6cf099
-                && IS_SUBDOMAIN(dom)) {
6cf099
-            clist[cindex] = ad_ctx->gc_ctx;
6cf099
-            clist[cindex]->ignore_mark_offline = true;
6cf099
-            cindex++;
6cf099
-        }
6cf099
-
6cf099
-        /* Users from primary domain can be just downloaded from LDAP.
6cf099
-         * The domain's LDAP connection also works as a fallback
6cf099
-         */
6cf099
-        clist[cindex] = ad_get_dom_ldap_conn(ad_ctx, dom);
6cf099
+        clist = ad_user_conn_list(breq, ad_ctx, dom);
6cf099
         break;
6cf099
     case BE_REQ_BY_SECID:   /* by SID */
6cf099
     case BE_REQ_USER_AND_GROUP: /* get SID */
6cf099
@@ -270,7 +255,6 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx,
6cf099
     case BE_REQ_INITGROUPS: /* init groups for user */
6cf099
         clist = ad_gc_conn_list(breq, ad_ctx, dom);
6cf099
         break;
6cf099
-
6cf099
     default:
6cf099
         /* Requests for other object should only contact LDAP by default */
6cf099
         clist = ad_ldap_conn_list(breq, ad_ctx, dom);
6cf099
diff --git a/src/tests/cmocka/test_ad_common.c b/src/tests/cmocka/test_ad_common.c
6cf099
index c7bcc0f7cfde7164672123a35940327ee3ca4aba..f6a4c0db413bbe9c79e6d41f3de5ac75d080c225 100644
6cf099
--- a/src/tests/cmocka/test_ad_common.c
6cf099
+++ b/src/tests/cmocka/test_ad_common.c
6cf099
@@ -433,6 +433,37 @@ void test_ldap_conn_list(void **state)
6cf099
     talloc_free(conn_list);
6cf099
 }
6cf099
 
6cf099
+void test_user_conn_list(void **state)
6cf099
+{
6cf099
+    struct sdap_id_conn_ctx **conn_list;
6cf099
+
6cf099
+    struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
6cf099
+                                                     struct ad_common_test_ctx);
6cf099
+    assert_non_null(test_ctx);
6cf099
+
6cf099
+    conn_list = ad_user_conn_list(test_ctx,
6cf099
+                                  test_ctx->ad_ctx,
6cf099
+                                  test_ctx->dom);
6cf099
+    assert_non_null(conn_list);
6cf099
+
6cf099
+    assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx);
6cf099
+    assert_false(conn_list[0]->ignore_mark_offline);
6cf099
+    assert_null(conn_list[1]);
6cf099
+    talloc_free(conn_list);
6cf099
+
6cf099
+    conn_list = ad_user_conn_list(test_ctx,
6cf099
+                                  test_ctx->ad_ctx,
6cf099
+                                  test_ctx->subdom);
6cf099
+    assert_non_null(conn_list);
6cf099
+
6cf099
+    assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx);
6cf099
+    assert_true(conn_list[0]->ignore_mark_offline);
6cf099
+    assert_true(conn_list[1] == test_ctx->subdom_ad_ctx->ldap_ctx);
6cf099
+    /* Subdomain error should not set the backend offline! */
6cf099
+    assert_true(conn_list[1]->ignore_mark_offline);
6cf099
+    talloc_free(conn_list);
6cf099
+}
6cf099
+
6cf099
 int main(int argc, const char *argv[])
6cf099
 {
6cf099
     poptContext pc;
6cf099
@@ -460,6 +491,9 @@ int main(int argc, const char *argv[])
6cf099
         cmocka_unit_test_setup_teardown(test_ldap_conn_list,
6cf099
                                         test_ldap_conn_setup,
6cf099
                                         test_ldap_conn_teardown),
6cf099
+        cmocka_unit_test_setup_teardown(test_user_conn_list,
6cf099
+                                        test_ldap_conn_setup,
6cf099
+                                        test_ldap_conn_teardown),
6cf099
     };
6cf099
 
6cf099
     /* Set debug level to invalid value so we can deside if -d 0 was used. */
6cf099
-- 
6cf099
2.4.3
6cf099