|
 |
841ac7 |
From eaceb6a212c989613c228fcbf939cf00427fb543 Mon Sep 17 00:00:00 2001
|
|
|
841ac7 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
841ac7 |
Date: Tue, 12 Mar 2019 12:48:29 +0100
|
|
|
841ac7 |
Subject: [PATCH 24/25] SDAP: Add sdap_has_deref_support_ex()
|
|
|
841ac7 |
MIME-Version: 1.0
|
|
|
841ac7 |
Content-Type: text/plain; charset=UTF-8
|
|
|
841ac7 |
Content-Transfer-Encoding: 8bit
|
|
|
841ac7 |
|
|
|
841ac7 |
Related:
|
|
|
841ac7 |
https://pagure.io/SSSD/sssd/issue/3979
|
|
|
841ac7 |
|
|
|
841ac7 |
In some cases, it makes sense for performance reasons to disable
|
|
|
841ac7 |
dereference when processing user groups. But since processing of HBAC host
|
|
|
841ac7 |
groups is not much of a performance sensitive operation, we can get away
|
|
|
841ac7 |
with ignoring the client side setting and always using the dereference
|
|
|
841ac7 |
branch if the server supports the dereference call.
|
|
|
841ac7 |
|
|
|
841ac7 |
This patch extends the sdap_has_deref_support call with a flag that
|
|
|
841ac7 |
allows the caller to bypass the client side check.
|
|
|
841ac7 |
|
|
|
841ac7 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
841ac7 |
(cherry picked from commit 1eb3ae1c46314ccc9151dc271966584b3d0f39f5)
|
|
|
841ac7 |
---
|
|
|
841ac7 |
src/providers/ldap/sdap_async.c | 19 ++++++++++++++-----
|
|
|
841ac7 |
src/providers/ldap/sdap_async.h | 6 +++++-
|
|
|
841ac7 |
src/tests/cmocka/common_mock_sdap.c | 10 +++++++++-
|
|
|
841ac7 |
3 files changed, 28 insertions(+), 7 deletions(-)
|
|
|
841ac7 |
|
|
|
841ac7 |
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
|
|
|
841ac7 |
index c9c633b44..822baf06a 100644
|
|
|
841ac7 |
--- a/src/providers/ldap/sdap_async.c
|
|
|
841ac7 |
+++ b/src/providers/ldap/sdap_async.c
|
|
|
841ac7 |
@@ -2959,7 +2959,9 @@ int sdap_deref_search_recv(struct tevent_req *req,
|
|
|
841ac7 |
return EOK;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
-bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
|
|
|
841ac7 |
+bool sdap_has_deref_support_ex(struct sdap_handle *sh,
|
|
|
841ac7 |
+ struct sdap_options *opts,
|
|
|
841ac7 |
+ bool ignore_client)
|
|
|
841ac7 |
{
|
|
|
841ac7 |
const char *deref_oids[][2] = { { LDAP_SERVER_ASQ_OID, "ASQ" },
|
|
|
841ac7 |
{ LDAP_CONTROL_X_DEREF, "OpenLDAP" },
|
|
|
841ac7 |
@@ -2972,18 +2974,25 @@ bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
|
|
|
841ac7 |
return false;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
- deref_threshold = dp_opt_get_int(opts->basic, SDAP_DEREF_THRESHOLD);
|
|
|
841ac7 |
- if (deref_threshold == 0) {
|
|
|
841ac7 |
- return false;
|
|
|
841ac7 |
+ if (ignore_client == false) {
|
|
|
841ac7 |
+ deref_threshold = dp_opt_get_int(opts->basic, SDAP_DEREF_THRESHOLD);
|
|
|
841ac7 |
+ if (deref_threshold == 0) {
|
|
|
841ac7 |
+ return false;
|
|
|
841ac7 |
+ }
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
for (i=0; deref_oids[i][0]; i++) {
|
|
|
841ac7 |
if (sdap_is_control_supported(sh, deref_oids[i][0])) {
|
|
|
841ac7 |
DEBUG(SSSDBG_TRACE_FUNC, "The server supports deref method %s\n",
|
|
|
841ac7 |
- deref_oids[i][1]);
|
|
|
841ac7 |
+ deref_oids[i][1]);
|
|
|
841ac7 |
return true;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
}
|
|
|
841ac7 |
|
|
|
841ac7 |
return false;
|
|
|
841ac7 |
}
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
|
|
|
841ac7 |
+{
|
|
|
841ac7 |
+ return sdap_has_deref_support_ex(sh, opts, false);
|
|
|
841ac7 |
+}
|
|
|
841ac7 |
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
|
|
|
841ac7 |
index cdf4e9e46..34940ad75 100644
|
|
|
841ac7 |
--- a/src/providers/ldap/sdap_async.h
|
|
|
841ac7 |
+++ b/src/providers/ldap/sdap_async.h
|
|
|
841ac7 |
@@ -252,7 +252,11 @@ int sdap_get_generic_recv(struct tevent_req *req,
|
|
|
841ac7 |
TALLOC_CTX *mem_ctx, size_t *reply_count,
|
|
|
841ac7 |
struct sysdb_attrs ***reply_list);
|
|
|
841ac7 |
|
|
|
841ac7 |
-bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts);
|
|
|
841ac7 |
+bool sdap_has_deref_support_ex(struct sdap_handle *sh,
|
|
|
841ac7 |
+ struct sdap_options *opts,
|
|
|
841ac7 |
+ bool ignore_client);
|
|
|
841ac7 |
+bool sdap_has_deref_support(struct sdap_handle *sh,
|
|
|
841ac7 |
+ struct sdap_options *opts);
|
|
|
841ac7 |
|
|
|
841ac7 |
enum sdap_deref_flags {
|
|
|
841ac7 |
SDAP_DEREF_FLG_SILENT = 1 << 0, /* Do not warn if dereference fails */
|
|
|
841ac7 |
diff --git a/src/tests/cmocka/common_mock_sdap.c b/src/tests/cmocka/common_mock_sdap.c
|
|
|
841ac7 |
index fa4787c4b..9bbaaf4fb 100644
|
|
|
841ac7 |
--- a/src/tests/cmocka/common_mock_sdap.c
|
|
|
841ac7 |
+++ b/src/tests/cmocka/common_mock_sdap.c
|
|
|
841ac7 |
@@ -76,7 +76,15 @@ struct sdap_handle *mock_sdap_handle(TALLOC_CTX *mem_ctx)
|
|
|
841ac7 |
* their mock equivalent shall be used.
|
|
|
841ac7 |
*/
|
|
|
841ac7 |
|
|
|
841ac7 |
-bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
|
|
|
841ac7 |
+bool sdap_has_deref_support_ex(struct sdap_handle *sh,
|
|
|
841ac7 |
+ struct sdap_options *opts,
|
|
|
841ac7 |
+ bool ignore_client)
|
|
|
841ac7 |
+{
|
|
|
841ac7 |
+ return sss_mock_type(bool);
|
|
|
841ac7 |
+}
|
|
|
841ac7 |
+
|
|
|
841ac7 |
+bool sdap_has_deref_support(struct sdap_handle *sh,
|
|
|
841ac7 |
+ struct sdap_options *opts)
|
|
|
841ac7 |
{
|
|
|
841ac7 |
return sss_mock_type(bool);
|
|
|
841ac7 |
}
|
|
|
841ac7 |
--
|
|
|
841ac7 |
2.19.1
|
|
|
841ac7 |
|