From eaceb6a212c989613c228fcbf939cf00427fb543 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 12 Mar 2019 12:48:29 +0100
Subject: [PATCH 24/25] SDAP: Add sdap_has_deref_support_ex()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Related:
https://pagure.io/SSSD/sssd/issue/3979
In some cases, it makes sense for performance reasons to disable
dereference when processing user groups. But since processing of HBAC host
groups is not much of a performance sensitive operation, we can get away
with ignoring the client side setting and always using the dereference
branch if the server supports the dereference call.
This patch extends the sdap_has_deref_support call with a flag that
allows the caller to bypass the client side check.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 1eb3ae1c46314ccc9151dc271966584b3d0f39f5)
---
src/providers/ldap/sdap_async.c | 19 ++++++++++++++-----
src/providers/ldap/sdap_async.h | 6 +++++-
src/tests/cmocka/common_mock_sdap.c | 10 +++++++++-
3 files changed, 28 insertions(+), 7 deletions(-)
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index c9c633b44..822baf06a 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -2959,7 +2959,9 @@ int sdap_deref_search_recv(struct tevent_req *req,
return EOK;
}
-bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
+bool sdap_has_deref_support_ex(struct sdap_handle *sh,
+ struct sdap_options *opts,
+ bool ignore_client)
{
const char *deref_oids[][2] = { { LDAP_SERVER_ASQ_OID, "ASQ" },
{ LDAP_CONTROL_X_DEREF, "OpenLDAP" },
@@ -2972,18 +2974,25 @@ bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
return false;
}
- deref_threshold = dp_opt_get_int(opts->basic, SDAP_DEREF_THRESHOLD);
- if (deref_threshold == 0) {
- return false;
+ if (ignore_client == false) {
+ deref_threshold = dp_opt_get_int(opts->basic, SDAP_DEREF_THRESHOLD);
+ if (deref_threshold == 0) {
+ return false;
+ }
}
for (i=0; deref_oids[i][0]; i++) {
if (sdap_is_control_supported(sh, deref_oids[i][0])) {
DEBUG(SSSDBG_TRACE_FUNC, "The server supports deref method %s\n",
- deref_oids[i][1]);
+ deref_oids[i][1]);
return true;
}
}
return false;
}
+
+bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
+{
+ return sdap_has_deref_support_ex(sh, opts, false);
+}
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index cdf4e9e46..34940ad75 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -252,7 +252,11 @@ int sdap_get_generic_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx, size_t *reply_count,
struct sysdb_attrs ***reply_list);
-bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts);
+bool sdap_has_deref_support_ex(struct sdap_handle *sh,
+ struct sdap_options *opts,
+ bool ignore_client);
+bool sdap_has_deref_support(struct sdap_handle *sh,
+ struct sdap_options *opts);
enum sdap_deref_flags {
SDAP_DEREF_FLG_SILENT = 1 << 0, /* Do not warn if dereference fails */
diff --git a/src/tests/cmocka/common_mock_sdap.c b/src/tests/cmocka/common_mock_sdap.c
index fa4787c4b..9bbaaf4fb 100644
--- a/src/tests/cmocka/common_mock_sdap.c
+++ b/src/tests/cmocka/common_mock_sdap.c
@@ -76,7 +76,15 @@ struct sdap_handle *mock_sdap_handle(TALLOC_CTX *mem_ctx)
* their mock equivalent shall be used.
*/
-bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
+bool sdap_has_deref_support_ex(struct sdap_handle *sh,
+ struct sdap_options *opts,
+ bool ignore_client)
+{
+ return sss_mock_type(bool);
+}
+
+bool sdap_has_deref_support(struct sdap_handle *sh,
+ struct sdap_options *opts)
{
return sss_mock_type(bool);
}
--
2.19.1