From ba23021935fcc984b1000bc007fcd3e52fa752cd Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Sat, 30 Jun 2018 12:31:13 +0200
Subject: [PATCH] LDAP/AD: Remove the legacy POSIX check from user, group and
enumeration searches
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This code is superseded by the POSIX check in the subdomains provider.
Related:
https://pagure.io/SSSD/sssd/issue/3755
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 8d78119811e2572bb1a05da5abb7c5a2d43d1f97)
---
src/providers/ad/ad_id.c | 43 +---------
src/providers/ldap/ldap_id.c | 121 ---------------------------
src/providers/ldap/sdap_async_enum.c | 105 +----------------------
3 files changed, 4 insertions(+), 265 deletions(-)
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
index 782d9bc402e71d6b20976367f6afbae82bd25750..96c5677c681e40419172c2e5aa3c32b8403147b1 100644
--- a/src/providers/ad/ad_id.c
+++ b/src/providers/ad/ad_id.c
@@ -29,28 +29,6 @@
#include "providers/ldap/sdap_idmap.h"
#include "providers/ldap/sdap_async.h"
-static void
-disable_gc(struct ad_options *ad_options)
-{
- errno_t ret;
-
- if (dp_opt_get_bool(ad_options->basic, AD_ENABLE_GC) == false) {
- return;
- }
-
- DEBUG(SSSDBG_IMPORTANT_INFO, "POSIX attributes were requested "
- "but are not present on the server side. Global Catalog "
- "lookups will be disabled\n");
-
- ret = dp_opt_set_bool(ad_options->basic,
- AD_ENABLE_GC, false);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- "Could not turn off GC support\n");
- /* Not fatal */
- }
-}
-
static bool ad_account_can_shortcut(struct sdap_idmap_ctx *idmap_ctx,
struct sss_domain_info *domain,
int filter_type,
@@ -296,14 +274,12 @@ ad_handle_acct_info_done(struct tevent_req *subreq)
if (sdap_err == EOK) {
tevent_req_done(req);
return;
- } else if (sdap_err == ERR_NO_POSIX) {
- disable_gc(state->ad_options);
} else if (sdap_err != ENOENT) {
ret = EIO;
goto fail;
}
- /* Ret is only ENOENT or ERR_NO_POSIX now. Try the next connection */
+ /* Ret is only ENOENT now. Try the next connection */
state->cindex++;
ret = ad_handle_acct_info_step(req);
if (ret != EAGAIN) {
@@ -710,22 +686,7 @@ ad_enumeration_done(struct tevent_req *subreq)
ret = sdap_dom_enum_ex_recv(subreq);
talloc_zfree(subreq);
- if (ret == ERR_NO_POSIX) {
- /* Retry enumerating the same domain again, this time w/o
- * connecting to GC
- */
- disable_gc(state->id_ctx->ad_options);
- ret = ad_enum_sdom(req, state->sditer, state->id_ctx);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE,
- "Could not retry domain %s\n", state->sditer->dom->name);
- tevent_req_error(req, ret);
- return;
- }
-
- /* Execution will resume in ad_enumeration_done */
- return;
- } else if (ret != EOK) {
+ if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
"Could not enumerate domain %s\n", state->sditer->dom->name);
tevent_req_error(req, ret);
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index ebf5d9cb2e2d1cc4b356d431965a00588a876444..9e8289904e60512e088aae77666bcd765bfe3392 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -66,7 +66,6 @@ struct users_get_state {
static int users_get_retry(struct tevent_req *req);
static void users_get_connect_done(struct tevent_req *subreq);
-static void users_get_posix_check_done(struct tevent_req *subreq);
static void users_get_search(struct tevent_req *req);
static void users_get_done(struct tevent_req *subreq);
@@ -408,66 +407,6 @@ static void users_get_connect_done(struct tevent_req *subreq)
return;
}
- /* If POSIX attributes have been requested with an AD server and we
- * have no idea about POSIX attributes support, run a one-time check
- */
- if (should_run_posix_check(state->ctx,
- state->conn,
- state->use_id_mapping,
- !state->non_posix)) {
- subreq = sdap_gc_posix_check_send(state, state->ev, state->ctx->opts,
- sdap_id_op_handle(state->op),
- dp_opt_get_int(state->ctx->opts->basic,
- SDAP_SEARCH_TIMEOUT));
- if (subreq == NULL) {
- tevent_req_error(req, ENOMEM);
- return;
- }
- tevent_req_set_callback(subreq, users_get_posix_check_done, req);
- return;
- }
-
- users_get_search(req);
-}
-
-static void users_get_posix_check_done(struct tevent_req *subreq)
-{
- errno_t ret;
- errno_t ret2;
- bool has_posix;
- int dp_error;
- struct tevent_req *req = tevent_req_callback_data(subreq,
- struct tevent_req);
- struct users_get_state *state = tevent_req_data(req,
- struct users_get_state);
-
- ret = sdap_gc_posix_check_recv(subreq, &has_posix);
- talloc_zfree(subreq);
- if (ret != EOK) {
- /* We can only finish the id_op on error as the connection
- * is re-used by the user search
- */
- ret2 = sdap_id_op_done(state->op, ret, &dp_error);
- if (dp_error == DP_ERR_OK && ret2 != EOK) {
- /* retry */
- ret = users_get_retry(req);
- if (ret != EOK) {
- tevent_req_error(req, ret);
- }
- return;
- }
- }
-
- state->ctx->srv_opts->posix_checked = true;
-
- /* If the check ran to completion, we know for certain about the attributes
- */
- if (ret == EOK && has_posix == false) {
- state->sdap_ret = ERR_NO_POSIX;
- tevent_req_done(req);
- return;
- }
-
users_get_search(req);
}
@@ -691,7 +630,6 @@ struct groups_get_state {
static int groups_get_retry(struct tevent_req *req);
static void groups_get_connect_done(struct tevent_req *subreq);
-static void groups_get_posix_check_done(struct tevent_req *subreq);
static void groups_get_mpg_done(struct tevent_req *subreq);
static errno_t groups_get_handle_no_group(struct tevent_req *req);
static void groups_get_search(struct tevent_req *req);
@@ -953,65 +891,6 @@ static void groups_get_connect_done(struct tevent_req *subreq)
return;
}
- /* If POSIX attributes have been requested with an AD server and we
- * have no idea about POSIX attributes support, run a one-time check
- */
- if (should_run_posix_check(state->ctx,
- state->conn,
- state->use_id_mapping,
- !state->non_posix)) {
- subreq = sdap_gc_posix_check_send(state, state->ev, state->ctx->opts,
- sdap_id_op_handle(state->op),
- dp_opt_get_int(state->ctx->opts->basic,
- SDAP_SEARCH_TIMEOUT));
- if (subreq == NULL) {
- tevent_req_error(req, ENOMEM);
- return;
- }
- tevent_req_set_callback(subreq, groups_get_posix_check_done, req);
- return;
- }
-
- groups_get_search(req);
-}
-
-static void groups_get_posix_check_done(struct tevent_req *subreq)
-{
- errno_t ret;
- bool has_posix;
- int dp_error;
- struct tevent_req *req = tevent_req_callback_data(subreq,
- struct tevent_req);
- struct groups_get_state *state = tevent_req_data(req,
- struct groups_get_state);
-
- ret = sdap_gc_posix_check_recv(subreq, &has_posix);
- talloc_zfree(subreq);
- if (ret != EOK) {
- /* We can only finish the id_op on error as the connection
- * is re-used by the group search
- */
- ret = sdap_id_op_done(state->op, ret, &dp_error);
- if (dp_error == DP_ERR_OK && ret != EOK) {
- /* retry */
- ret = groups_get_retry(req);
- if (ret != EOK) {
- tevent_req_error(req, ret);
- }
- return;
- }
- }
-
- state->ctx->srv_opts->posix_checked = true;
-
- /* If the check ran to completion, we know for certain about the attributes
- */
- if (has_posix == false) {
- state->sdap_ret = ERR_NO_POSIX;
- tevent_req_done(req);
- return;
- }
-
groups_get_search(req);
}
diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c
index ea9d51adc7f94145cd7e689893bf7fd81028c5bb..899d59d3831bf473a98b44a7bf4d2007fac84c5e 100644
--- a/src/providers/ldap/sdap_async_enum.c
+++ b/src/providers/ldap/sdap_async_enum.c
@@ -69,8 +69,6 @@ static errno_t sdap_dom_enum_ex_retry(struct tevent_req *req,
tevent_req_fn tcb);
static bool sdap_dom_enum_ex_connected(struct tevent_req *subreq);
static void sdap_dom_enum_ex_get_users(struct tevent_req *subreq);
-static void sdap_dom_enum_ex_posix_check_done(struct tevent_req *subreq);
-static errno_t sdap_dom_enum_search_users(struct tevent_req *req);
static void sdap_dom_enum_ex_users_done(struct tevent_req *subreq);
static void sdap_dom_enum_ex_get_groups(struct tevent_req *subreq);
static void sdap_dom_enum_ex_groups_done(struct tevent_req *subreq);
@@ -181,118 +179,19 @@ static void sdap_dom_enum_ex_get_users(struct tevent_req *subreq)
struct tevent_req);
struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
struct sdap_dom_enum_ex_state);
- bool use_id_mapping;
- errno_t ret;
if (sdap_dom_enum_ex_connected(subreq) == false) {
return;
}
- use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
- state->ctx->opts->idmap_ctx,
- state->sdom->dom->name,
- state->sdom->dom->domain_id);
-
- /* If POSIX attributes have been requested with an AD server and we
- * have no idea about POSIX attributes support, run a one-time check
- */
- if (should_run_posix_check(state->ctx,
- state->user_conn,
- use_id_mapping,
- true)) {
- subreq = sdap_gc_posix_check_send(state, state->ev, state->ctx->opts,
- sdap_id_op_handle(state->user_op),
- dp_opt_get_int(state->ctx->opts->basic,
- SDAP_SEARCH_TIMEOUT));
- if (subreq == NULL) {
- tevent_req_error(req, ENOMEM);
- return;
- }
- tevent_req_set_callback(subreq,
- sdap_dom_enum_ex_posix_check_done, req);
- return;
- }
-
-
- ret = sdap_dom_enum_search_users(req);
- if (ret != EOK) {
- tevent_req_error(req, ret);
- return;
- }
- /* Execution resumes in sdap_dom_enum_ex_users_done */
-}
-
-static void sdap_dom_enum_ex_posix_check_done(struct tevent_req *subreq)
-{
- errno_t ret;
- bool has_posix;
- int dp_error;
-
- struct tevent_req *req = tevent_req_callback_data(subreq,
- struct tevent_req);
- struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
- struct sdap_dom_enum_ex_state);
-
- ret = sdap_gc_posix_check_recv(subreq, &has_posix);
- talloc_zfree(subreq);
- if (ret != EOK && ret != ERR_NO_POSIX) {
- /* We can only finish the id_op on error as the connection
- * is re-used by the user search
- */
- ret = sdap_id_op_done(state->user_op, ret, &dp_error);
- if (dp_error == DP_ERR_OK && ret != EOK) {
- /* retry */
- ret = sdap_dom_enum_ex_retry(req, state->user_op,
- sdap_dom_enum_ex_get_users);
- if (ret != EOK) {
- tevent_req_error(req, ret);
- }
- return;
- } else if (dp_error == DP_ERR_OFFLINE) {
- DEBUG(SSSDBG_TRACE_FUNC, "Backend is offline, retrying later\n");
- tevent_req_done(req);
- return;
- } else {
- /* Non-recoverable error */
- DEBUG(SSSDBG_OP_FAILURE,
- "POSIX check failed: %d: %s\n", ret, sss_strerror(ret));
- tevent_req_error(req, ret);
- return;
- }
- }
-
- state->ctx->srv_opts->posix_checked = true;
-
- /* If the check ran to completion, we know for certain about the attributes
- */
- if (has_posix == false) {
- tevent_req_error(req, ERR_NO_POSIX);
- return;
- }
-
-
- ret = sdap_dom_enum_search_users(req);
- if (ret != EOK) {
- tevent_req_error(req, ret);
- return;
- }
- /* Execution resumes in sdap_dom_enum_ex_users_done */
-}
-
-static errno_t sdap_dom_enum_search_users(struct tevent_req *req)
-{
- struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
- struct sdap_dom_enum_ex_state);
- struct tevent_req *subreq;
-
subreq = enum_users_send(state, state->ev,
state->ctx, state->sdom,
state->user_op, state->purge);
if (subreq == NULL) {
- return ENOMEM;
+ tevent_req_error(req, ENOMEM);
+ return;
}
tevent_req_set_callback(subreq, sdap_dom_enum_ex_users_done, req);
- return EOK;
}
static void sdap_dom_enum_ex_users_done(struct tevent_req *subreq)
--
2.17.1