From ba23021935fcc984b1000bc007fcd3e52fa752cd Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sat, 30 Jun 2018 12:31:13 +0200 Subject: [PATCH] LDAP/AD: Remove the legacy POSIX check from user, group and enumeration searches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This code is superseded by the POSIX check in the subdomains provider. Related: https://pagure.io/SSSD/sssd/issue/3755 Reviewed-by: Pavel Březina (cherry picked from commit 8d78119811e2572bb1a05da5abb7c5a2d43d1f97) --- src/providers/ad/ad_id.c | 43 +--------- src/providers/ldap/ldap_id.c | 121 --------------------------- src/providers/ldap/sdap_async_enum.c | 105 +---------------------- 3 files changed, 4 insertions(+), 265 deletions(-) diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index 782d9bc402e71d6b20976367f6afbae82bd25750..96c5677c681e40419172c2e5aa3c32b8403147b1 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -29,28 +29,6 @@ #include "providers/ldap/sdap_idmap.h" #include "providers/ldap/sdap_async.h" -static void -disable_gc(struct ad_options *ad_options) -{ - errno_t ret; - - if (dp_opt_get_bool(ad_options->basic, AD_ENABLE_GC) == false) { - return; - } - - DEBUG(SSSDBG_IMPORTANT_INFO, "POSIX attributes were requested " - "but are not present on the server side. Global Catalog " - "lookups will be disabled\n"); - - ret = dp_opt_set_bool(ad_options->basic, - AD_ENABLE_GC, false); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - "Could not turn off GC support\n"); - /* Not fatal */ - } -} - static bool ad_account_can_shortcut(struct sdap_idmap_ctx *idmap_ctx, struct sss_domain_info *domain, int filter_type, @@ -296,14 +274,12 @@ ad_handle_acct_info_done(struct tevent_req *subreq) if (sdap_err == EOK) { tevent_req_done(req); return; - } else if (sdap_err == ERR_NO_POSIX) { - disable_gc(state->ad_options); } else if (sdap_err != ENOENT) { ret = EIO; goto fail; } - /* Ret is only ENOENT or ERR_NO_POSIX now. Try the next connection */ + /* Ret is only ENOENT now. Try the next connection */ state->cindex++; ret = ad_handle_acct_info_step(req); if (ret != EAGAIN) { @@ -710,22 +686,7 @@ ad_enumeration_done(struct tevent_req *subreq) ret = sdap_dom_enum_ex_recv(subreq); talloc_zfree(subreq); - if (ret == ERR_NO_POSIX) { - /* Retry enumerating the same domain again, this time w/o - * connecting to GC - */ - disable_gc(state->id_ctx->ad_options); - ret = ad_enum_sdom(req, state->sditer, state->id_ctx); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Could not retry domain %s\n", state->sditer->dom->name); - tevent_req_error(req, ret); - return; - } - - /* Execution will resume in ad_enumeration_done */ - return; - } else if (ret != EOK) { + if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Could not enumerate domain %s\n", state->sditer->dom->name); tevent_req_error(req, ret); diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index ebf5d9cb2e2d1cc4b356d431965a00588a876444..9e8289904e60512e088aae77666bcd765bfe3392 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -66,7 +66,6 @@ struct users_get_state { static int users_get_retry(struct tevent_req *req); static void users_get_connect_done(struct tevent_req *subreq); -static void users_get_posix_check_done(struct tevent_req *subreq); static void users_get_search(struct tevent_req *req); static void users_get_done(struct tevent_req *subreq); @@ -408,66 +407,6 @@ static void users_get_connect_done(struct tevent_req *subreq) return; } - /* If POSIX attributes have been requested with an AD server and we - * have no idea about POSIX attributes support, run a one-time check - */ - if (should_run_posix_check(state->ctx, - state->conn, - state->use_id_mapping, - !state->non_posix)) { - subreq = sdap_gc_posix_check_send(state, state->ev, state->ctx->opts, - sdap_id_op_handle(state->op), - dp_opt_get_int(state->ctx->opts->basic, - SDAP_SEARCH_TIMEOUT)); - if (subreq == NULL) { - tevent_req_error(req, ENOMEM); - return; - } - tevent_req_set_callback(subreq, users_get_posix_check_done, req); - return; - } - - users_get_search(req); -} - -static void users_get_posix_check_done(struct tevent_req *subreq) -{ - errno_t ret; - errno_t ret2; - bool has_posix; - int dp_error; - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct users_get_state *state = tevent_req_data(req, - struct users_get_state); - - ret = sdap_gc_posix_check_recv(subreq, &has_posix); - talloc_zfree(subreq); - if (ret != EOK) { - /* We can only finish the id_op on error as the connection - * is re-used by the user search - */ - ret2 = sdap_id_op_done(state->op, ret, &dp_error); - if (dp_error == DP_ERR_OK && ret2 != EOK) { - /* retry */ - ret = users_get_retry(req); - if (ret != EOK) { - tevent_req_error(req, ret); - } - return; - } - } - - state->ctx->srv_opts->posix_checked = true; - - /* If the check ran to completion, we know for certain about the attributes - */ - if (ret == EOK && has_posix == false) { - state->sdap_ret = ERR_NO_POSIX; - tevent_req_done(req); - return; - } - users_get_search(req); } @@ -691,7 +630,6 @@ struct groups_get_state { static int groups_get_retry(struct tevent_req *req); static void groups_get_connect_done(struct tevent_req *subreq); -static void groups_get_posix_check_done(struct tevent_req *subreq); static void groups_get_mpg_done(struct tevent_req *subreq); static errno_t groups_get_handle_no_group(struct tevent_req *req); static void groups_get_search(struct tevent_req *req); @@ -953,65 +891,6 @@ static void groups_get_connect_done(struct tevent_req *subreq) return; } - /* If POSIX attributes have been requested with an AD server and we - * have no idea about POSIX attributes support, run a one-time check - */ - if (should_run_posix_check(state->ctx, - state->conn, - state->use_id_mapping, - !state->non_posix)) { - subreq = sdap_gc_posix_check_send(state, state->ev, state->ctx->opts, - sdap_id_op_handle(state->op), - dp_opt_get_int(state->ctx->opts->basic, - SDAP_SEARCH_TIMEOUT)); - if (subreq == NULL) { - tevent_req_error(req, ENOMEM); - return; - } - tevent_req_set_callback(subreq, groups_get_posix_check_done, req); - return; - } - - groups_get_search(req); -} - -static void groups_get_posix_check_done(struct tevent_req *subreq) -{ - errno_t ret; - bool has_posix; - int dp_error; - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct groups_get_state *state = tevent_req_data(req, - struct groups_get_state); - - ret = sdap_gc_posix_check_recv(subreq, &has_posix); - talloc_zfree(subreq); - if (ret != EOK) { - /* We can only finish the id_op on error as the connection - * is re-used by the group search - */ - ret = sdap_id_op_done(state->op, ret, &dp_error); - if (dp_error == DP_ERR_OK && ret != EOK) { - /* retry */ - ret = groups_get_retry(req); - if (ret != EOK) { - tevent_req_error(req, ret); - } - return; - } - } - - state->ctx->srv_opts->posix_checked = true; - - /* If the check ran to completion, we know for certain about the attributes - */ - if (has_posix == false) { - state->sdap_ret = ERR_NO_POSIX; - tevent_req_done(req); - return; - } - groups_get_search(req); } diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c index ea9d51adc7f94145cd7e689893bf7fd81028c5bb..899d59d3831bf473a98b44a7bf4d2007fac84c5e 100644 --- a/src/providers/ldap/sdap_async_enum.c +++ b/src/providers/ldap/sdap_async_enum.c @@ -69,8 +69,6 @@ static errno_t sdap_dom_enum_ex_retry(struct tevent_req *req, tevent_req_fn tcb); static bool sdap_dom_enum_ex_connected(struct tevent_req *subreq); static void sdap_dom_enum_ex_get_users(struct tevent_req *subreq); -static void sdap_dom_enum_ex_posix_check_done(struct tevent_req *subreq); -static errno_t sdap_dom_enum_search_users(struct tevent_req *req); static void sdap_dom_enum_ex_users_done(struct tevent_req *subreq); static void sdap_dom_enum_ex_get_groups(struct tevent_req *subreq); static void sdap_dom_enum_ex_groups_done(struct tevent_req *subreq); @@ -181,118 +179,19 @@ static void sdap_dom_enum_ex_get_users(struct tevent_req *subreq) struct tevent_req); struct sdap_dom_enum_ex_state *state = tevent_req_data(req, struct sdap_dom_enum_ex_state); - bool use_id_mapping; - errno_t ret; if (sdap_dom_enum_ex_connected(subreq) == false) { return; } - use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( - state->ctx->opts->idmap_ctx, - state->sdom->dom->name, - state->sdom->dom->domain_id); - - /* If POSIX attributes have been requested with an AD server and we - * have no idea about POSIX attributes support, run a one-time check - */ - if (should_run_posix_check(state->ctx, - state->user_conn, - use_id_mapping, - true)) { - subreq = sdap_gc_posix_check_send(state, state->ev, state->ctx->opts, - sdap_id_op_handle(state->user_op), - dp_opt_get_int(state->ctx->opts->basic, - SDAP_SEARCH_TIMEOUT)); - if (subreq == NULL) { - tevent_req_error(req, ENOMEM); - return; - } - tevent_req_set_callback(subreq, - sdap_dom_enum_ex_posix_check_done, req); - return; - } - - - ret = sdap_dom_enum_search_users(req); - if (ret != EOK) { - tevent_req_error(req, ret); - return; - } - /* Execution resumes in sdap_dom_enum_ex_users_done */ -} - -static void sdap_dom_enum_ex_posix_check_done(struct tevent_req *subreq) -{ - errno_t ret; - bool has_posix; - int dp_error; - - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct sdap_dom_enum_ex_state *state = tevent_req_data(req, - struct sdap_dom_enum_ex_state); - - ret = sdap_gc_posix_check_recv(subreq, &has_posix); - talloc_zfree(subreq); - if (ret != EOK && ret != ERR_NO_POSIX) { - /* We can only finish the id_op on error as the connection - * is re-used by the user search - */ - ret = sdap_id_op_done(state->user_op, ret, &dp_error); - if (dp_error == DP_ERR_OK && ret != EOK) { - /* retry */ - ret = sdap_dom_enum_ex_retry(req, state->user_op, - sdap_dom_enum_ex_get_users); - if (ret != EOK) { - tevent_req_error(req, ret); - } - return; - } else if (dp_error == DP_ERR_OFFLINE) { - DEBUG(SSSDBG_TRACE_FUNC, "Backend is offline, retrying later\n"); - tevent_req_done(req); - return; - } else { - /* Non-recoverable error */ - DEBUG(SSSDBG_OP_FAILURE, - "POSIX check failed: %d: %s\n", ret, sss_strerror(ret)); - tevent_req_error(req, ret); - return; - } - } - - state->ctx->srv_opts->posix_checked = true; - - /* If the check ran to completion, we know for certain about the attributes - */ - if (has_posix == false) { - tevent_req_error(req, ERR_NO_POSIX); - return; - } - - - ret = sdap_dom_enum_search_users(req); - if (ret != EOK) { - tevent_req_error(req, ret); - return; - } - /* Execution resumes in sdap_dom_enum_ex_users_done */ -} - -static errno_t sdap_dom_enum_search_users(struct tevent_req *req) -{ - struct sdap_dom_enum_ex_state *state = tevent_req_data(req, - struct sdap_dom_enum_ex_state); - struct tevent_req *subreq; - subreq = enum_users_send(state, state->ev, state->ctx, state->sdom, state->user_op, state->purge); if (subreq == NULL) { - return ENOMEM; + tevent_req_error(req, ENOMEM); + return; } tevent_req_set_callback(subreq, sdap_dom_enum_ex_users_done, req); - return EOK; } static void sdap_dom_enum_ex_users_done(struct tevent_req *subreq) -- 2.17.1