From ada45cd38a73b1b196db459849fcc19781bc06fc Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 6 Dec 2017 16:26:15 +0100 Subject: [PATCH 72/83] SDAP: Rename sdap_posix_check to sdap_gc_posix_check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Because searching the LDAP port of Active Directory server with a NULL search base yields an error: https://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx we changed the POSIX check request to only run against a GC connection in a previous patch. To make it clearer to the caller that this request should only be used with a GC connection, this patch renames the request. There are no functional changes in this patch. Reviewed-by: Pavel Březina Reviewed-by: Sumit Bose (cherry picked from commit ba8a92bbd59f189bd1323dd0c4010cdfc694be35) --- src/providers/ldap/ldap_id.c | 20 +++++++-------- src/providers/ldap/sdap_async.c | 48 ++++++++++++++++++------------------ src/providers/ldap/sdap_async.h | 16 ++++++++---- src/providers/ldap/sdap_async_enum.c | 10 ++++---- 4 files changed, 50 insertions(+), 44 deletions(-) diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index b5ac3a749113a281fe8a5564ac341ced0570eded..3824f8f9aa8d2892664f1182376bedf6fb8627f6 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -415,10 +415,10 @@ static void users_get_connect_done(struct tevent_req *subreq) state->conn, state->use_id_mapping, !state->non_posix)) { - subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts, - sdap_id_op_handle(state->op), - dp_opt_get_int(state->ctx->opts->basic, - SDAP_SEARCH_TIMEOUT)); + subreq = sdap_gc_posix_check_send(state, state->ev, state->ctx->opts, + sdap_id_op_handle(state->op), + dp_opt_get_int(state->ctx->opts->basic, + SDAP_SEARCH_TIMEOUT)); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; @@ -441,7 +441,7 @@ static void users_get_posix_check_done(struct tevent_req *subreq) struct users_get_state *state = tevent_req_data(req, struct users_get_state); - ret = sdap_posix_check_recv(subreq, &has_posix); + ret = sdap_gc_posix_check_recv(subreq, &has_posix); talloc_zfree(subreq); if (ret != EOK) { /* We can only finish the id_op on error as the connection @@ -960,10 +960,10 @@ static void groups_get_connect_done(struct tevent_req *subreq) state->conn, state->use_id_mapping, !state->non_posix)) { - subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts, - sdap_id_op_handle(state->op), - dp_opt_get_int(state->ctx->opts->basic, - SDAP_SEARCH_TIMEOUT)); + subreq = sdap_gc_posix_check_send(state, state->ev, state->ctx->opts, + sdap_id_op_handle(state->op), + dp_opt_get_int(state->ctx->opts->basic, + SDAP_SEARCH_TIMEOUT)); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; @@ -985,7 +985,7 @@ static void groups_get_posix_check_done(struct tevent_req *subreq) struct groups_get_state *state = tevent_req_data(req, struct groups_get_state); - ret = sdap_posix_check_recv(subreq, &has_posix); + ret = sdap_gc_posix_check_recv(subreq, &has_posix); talloc_zfree(subreq); if (ret != EOK) { /* We can only finish the id_op on error as the connection diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 1df0b85f4bda6442d8da66784ad7424306b1f051..a9bea4f80903aeb9d0fdb4d2b8f2acb36d81d6fe 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -2573,12 +2573,12 @@ int sdap_asq_search_recv(struct tevent_req *req, } /* ==Posix attribute presence test================================= */ -static void sdap_posix_check_done(struct tevent_req *subreq); -static errno_t sdap_posix_check_parse(struct sdap_handle *sh, - struct sdap_msg *msg, - void *pvt); +static void sdap_gc_posix_check_done(struct tevent_req *subreq); +static errno_t sdap_gc_posix_check_parse(struct sdap_handle *sh, + struct sdap_msg *msg, + void *pvt); -struct sdap_posix_check_state { +struct sdap_gc_posix_check_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; @@ -2591,16 +2591,16 @@ struct sdap_posix_check_state { }; struct tevent_req * -sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev, - struct sdap_options *opts, struct sdap_handle *sh, - int timeout) +sdap_gc_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev, + struct sdap_options *opts, struct sdap_handle *sh, + int timeout) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; - struct sdap_posix_check_state *state; + struct sdap_gc_posix_check_state *state; errno_t ret; - req = tevent_req_create(memctx, &state, struct sdap_posix_check_state); + req = tevent_req_create(memctx, &state, struct sdap_gc_posix_check_state); if (req == NULL) { return NULL; } @@ -2636,13 +2636,13 @@ sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev, LDAP_SCOPE_SUBTREE, state->filter, state->attrs, NULL, NULL, 1, state->timeout, - sdap_posix_check_parse, state, + sdap_gc_posix_check_parse, state, SDAP_SRCH_FLG_SIZELIMIT_SILENT); if (subreq == NULL) { ret = ENOMEM; goto fail; } - tevent_req_set_callback(subreq, sdap_posix_check_done, req); + tevent_req_set_callback(subreq, sdap_gc_posix_check_done, req); return req; @@ -2652,13 +2652,13 @@ fail: return req; } -static errno_t sdap_posix_check_parse(struct sdap_handle *sh, - struct sdap_msg *msg, - void *pvt) +static errno_t sdap_gc_posix_check_parse(struct sdap_handle *sh, + struct sdap_msg *msg, + void *pvt) { struct berval **vals = NULL; - struct sdap_posix_check_state *state = - talloc_get_type(pvt, struct sdap_posix_check_state); + struct sdap_gc_posix_check_state *state = + talloc_get_type(pvt, struct sdap_gc_posix_check_state); char *dn; char *endptr; @@ -2700,12 +2700,12 @@ done: return EOK; } -static void sdap_posix_check_done(struct tevent_req *subreq) +static void sdap_gc_posix_check_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); - struct sdap_posix_check_state *state = - tevent_req_data(req, struct sdap_posix_check_state); + struct sdap_gc_posix_check_state *state = + tevent_req_data(req, struct sdap_gc_posix_check_state); errno_t ret; ret = sdap_get_generic_ext_recv(subreq, NULL, NULL, NULL); @@ -2730,11 +2730,11 @@ static void sdap_posix_check_done(struct tevent_req *subreq) tevent_req_done(req); } -int sdap_posix_check_recv(struct tevent_req *req, - bool *_has_posix) +int sdap_gc_posix_check_recv(struct tevent_req *req, + bool *_has_posix) { - struct sdap_posix_check_state *state = tevent_req_data(req, - struct sdap_posix_check_state); + struct sdap_gc_posix_check_state *state = tevent_req_data(req, + struct sdap_gc_posix_check_state); TEVENT_REQ_RETURN_ON_ERROR(req); diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 7216ba032e551196cf5258b4e58fbfc8cfe417ea..26f13e38bf6dff08a8cd0e6b3b5282effda80c9e 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -266,13 +266,19 @@ int sdap_deref_search_recv(struct tevent_req *req, size_t *reply_count, struct sdap_deref_attrs ***reply); +/* + * This request should only be ran against a Global Catalog connection + * because it uses a NULL search base to search all domains in the forest, + * which would return an error with an LDAP port: + * https://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx + */ struct tevent_req * -sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev, - struct sdap_options *opts, struct sdap_handle *sh, - int timeout); +sdap_gc_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev, + struct sdap_options *opts, struct sdap_handle *sh, + int timeout); -int sdap_posix_check_recv(struct tevent_req *req, - bool *_has_posix); +int sdap_gc_posix_check_recv(struct tevent_req *req, + bool *_has_posix); struct tevent_req * sdap_sd_search_send(TALLOC_CTX *memctx, diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c index ec0c679823a8cd9820bb978f77799a3f86621271..ea9d51adc7f94145cd7e689893bf7fd81028c5bb 100644 --- a/src/providers/ldap/sdap_async_enum.c +++ b/src/providers/ldap/sdap_async_enum.c @@ -200,10 +200,10 @@ static void sdap_dom_enum_ex_get_users(struct tevent_req *subreq) state->user_conn, use_id_mapping, true)) { - subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts, - sdap_id_op_handle(state->user_op), - dp_opt_get_int(state->ctx->opts->basic, - SDAP_SEARCH_TIMEOUT)); + subreq = sdap_gc_posix_check_send(state, state->ev, state->ctx->opts, + sdap_id_op_handle(state->user_op), + dp_opt_get_int(state->ctx->opts->basic, + SDAP_SEARCH_TIMEOUT)); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; @@ -233,7 +233,7 @@ static void sdap_dom_enum_ex_posix_check_done(struct tevent_req *subreq) struct sdap_dom_enum_ex_state *state = tevent_req_data(req, struct sdap_dom_enum_ex_state); - ret = sdap_posix_check_recv(subreq, &has_posix); + ret = sdap_gc_posix_check_recv(subreq, &has_posix); talloc_zfree(subreq); if (ret != EOK && ret != ERR_NO_POSIX) { /* We can only finish the id_op on error as the connection -- 2.14.3