From 9438cd7b8c8cca1e919afec6c5aa3a3233a31f8c Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Mon, 27 Jun 2016 11:51:30 +0200 Subject: [PATCH 106/108] AD_PROVIDER: ad_enabled_domains - other then master MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We can skip looking up other domains if option ad_enabled_domains doesn't contain them. Resolves: https://fedorahosted.org/sssd/ticket/2828 Reviewed-by: Jakub Hrozek Reviewed-by: Lukáš Slebodník --- src/providers/ad/ad_subdomains.c | 40 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 5fdfc63886457db02ea4edc430341b31c3e545ce..52bf5361fa8de02c7165cbc3513a923ec018fc15 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -130,6 +130,16 @@ done: return ret; } +static bool is_domain_enabled(const char *domain, + const char **enabled_doms) +{ + if (enabled_doms == NULL) { + return true; + } + + return string_in_list(domain, discard_const_p(char *, enabled_doms), false); +} + static errno_t ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, struct ad_id_ctx *id_ctx, @@ -492,6 +502,7 @@ done: static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, + const char **enabled_domains_list, size_t nsd, struct sysdb_attrs **sd, struct sysdb_attrs *root, size_t *_nsd_out, @@ -500,9 +511,10 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx, size_t i, sdi; struct sysdb_attrs **sd_out; const char *sd_name; + const char *root_name; errno_t ret; - if (root == NULL) { + if (root == NULL && enabled_domains_list == NULL) { /* We are connected directly to the root domain. The 'sd' * list is complete and we can just use it */ @@ -529,6 +541,13 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx, goto fail; } + if (is_domain_enabled(sd_name, enabled_domains_list) == false) { + DEBUG(SSSDBG_TRACE_FUNC, "Disabling subdomain %s\n", sd_name); + continue; + } else { + DEBUG(SSSDBG_TRACE_FUNC, "Enabling subdomain %s\n", sd_name); + } + if (strcasecmp(sd_name, domain->name) == 0) { DEBUG(SSSDBG_TRACE_INTERNAL, "Not including primary domain %s in the subdomain list\n", @@ -541,9 +560,23 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx, } /* Now include the root */ - sd_out[sdi] = talloc_steal(sd_out, root); + if (root != NULL) { + ret = sysdb_attrs_get_string(root, AD_AT_TRUST_PARTNER, &root_name); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n"); + goto fail; + } - *_nsd_out = sdi+1; + if (is_domain_enabled(root_name, enabled_domains_list) == true) { + sd_out[sdi] = talloc_steal(sd_out, root); + sdi++; + } else { + DEBUG(SSSDBG_TRACE_FUNC, "Disabling forest root domain %s\n", + root_name); + } + } + + *_nsd_out = sdi; *_sd_out = sd_out; return EOK; @@ -789,6 +822,7 @@ static void ad_get_slave_domain_done(struct tevent_req *subreq) * subdomains. */ ret = ad_subdomains_process(state, state->be_ctx->domain, + state->sd_ctx->ad_enabled_domains, reply_count, reply, state->root_attrs, &nsubdoms, &subdoms); if (ret != EOK) { -- 2.4.11