From 7dfe969cb2c9e116eaeb1813e2c1adb80195944e Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 5 Dec 2014 11:12:42 +0100 Subject: [PATCH 166/167] IPA: resolve missing members Reviewed-by: Jakub Hrozek (cherry picked from commit 3cd287313d93e29f9754feb46017dba2a039affd) --- src/providers/ipa/ipa_s2n_exop.c | 62 +++++++++++++++++++++++++++++++--------- 1 file changed, 48 insertions(+), 14 deletions(-) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 505c2325f2a74e26816bb59ad3c7d4810cc64dbf..0aa12f371e8aa0d58311391a27c668aa929a5b80 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -886,6 +886,8 @@ struct ipa_s2n_get_fqlist_state { char **fqname_list; size_t fqname_idx; int exop_timeout; + int entry_type; + enum request_types request_type; struct resp_attrs *attrs; struct sss_domain_info *obj_domain; struct sysdb_attrs *override_attrs; @@ -897,12 +899,14 @@ static void ipa_s2n_get_fqlist_next(struct tevent_req *subreq); static errno_t ipa_s2n_get_fqlist_save_step(struct tevent_req *req); static struct tevent_req *ipa_s2n_get_fqlist_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct ipa_id_ctx *ipa_ctx, - struct sss_domain_info *dom, - struct sdap_handle *sh, - int exop_timeout, - char **fqname_list) + struct tevent_context *ev, + struct ipa_id_ctx *ipa_ctx, + struct sss_domain_info *dom, + struct sdap_handle *sh, + int exop_timeout, + int entry_type, + enum request_types request_type, + char **fqname_list) { int ret; struct ipa_s2n_get_fqlist_state *state; @@ -922,6 +926,8 @@ static struct tevent_req *ipa_s2n_get_fqlist_send(TALLOC_CTX *mem_ctx, state->req_input.type = REQ_INP_NAME; state->req_input.inp.name = NULL; state->exop_timeout = exop_timeout; + state->entry_type = entry_type; + state->request_type = request_type; state->attrs = NULL; state->override_attrs = NULL; @@ -976,8 +982,8 @@ static errno_t ipa_s2n_get_fqlist_step(struct tevent_req *req) state->req_input.inp.name = short_name; - ret = s2n_encode_request(state, state->obj_domain->name, BE_REQ_GROUP, - REQ_FULL_WITH_MEMBERS, + ret = s2n_encode_request(state, state->obj_domain->name, state->entry_type, + state->request_type, &state->req_input, &bv_req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "s2n_encode_request failed.\n"); @@ -1439,7 +1445,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) struct berval *retdata = NULL; struct resp_attrs *attrs = NULL; struct berval *bv_req = NULL; - char **missing_groups = NULL; + char **missing_list = NULL; struct ldb_dn **group_dn_list = NULL; const char *sid_str; struct be_acct_req *ar; @@ -1478,17 +1484,46 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) if (attrs->response_type == RESP_USER_GROUPLIST) { ret = get_group_dn_list(state, state->dom, attrs->ngroups, attrs->groups, - &group_dn_list, &missing_groups); + &group_dn_list, &missing_list); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "get_group_dn_list failed.\n"); goto done; } - if (missing_groups != NULL) { + if (missing_list != NULL) { subreq = ipa_s2n_get_fqlist_send(state, state->ev, state->ipa_ctx, state->dom, state->sh, state->exop_timeout, - missing_groups); + BE_REQ_GROUP, + REQ_FULL_WITH_MEMBERS, + missing_list); + if (subreq == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "ipa_s2n_get_fqlist_send failed.\n"); + ret = ENOMEM; + goto done; + } + tevent_req_set_callback(subreq, ipa_s2n_get_fqlist_done, + req); + + return; + } + break; + } else if (attrs->response_type == RESP_GROUP_MEMBERS) { + ret = process_members(state->dom, NULL, attrs->a.group.gr_mem, + state, &missing_list); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "process_members failed.\n"); + goto done; + } + + if (missing_list != NULL) { + subreq = ipa_s2n_get_fqlist_send(state, state->ev, + state->ipa_ctx, state->dom, + state->sh, state->exop_timeout, + BE_REQ_USER, + REQ_FULL_WITH_MEMBERS, + missing_list); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_fqlist_send failed.\n"); @@ -1503,8 +1538,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) break; } - if (state->req_input->type == REQ_INP_SECID - || attrs->response_type == RESP_GROUP_MEMBERS) { + if (state->req_input->type == REQ_INP_SECID) { /* We already know the SID, we do not have to read it. */ break; } -- 2.1.0