summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-10-24 11:45:57 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-10-25 15:33:56 +0200
commit14b2def9b1bceb84ea20a49ba2f66815aac844c2 (patch)
tree11f993c1f1b00f9a380b64d605dbe1012bfb24c3
parenta5c75692c17498a61babb7045db2dc3f25b0d1af (diff)
downloadsssd-14b2def9b1bceb84ea20a49ba2f66815aac844c2.tar.gz
sssd-14b2def9b1bceb84ea20a49ba2f66815aac844c2.tar.xz
sssd-14b2def9b1bceb84ea20a49ba2f66815aac844c2.zip
sdap_idmap_domain_has_algorithmic_mapping: add domain name argument
When libss_idmap was only used to algorithmically map a SID to a POSIX ID a domain SID was strictly necessary and the only information needed to find a domain. With the introduction of external mappings there are cases where a domain SID is not available. Currently we relied on the fact that external mapping was always used as a default if not specific information about the domain was found. The lead to extra CPU cycles and potentially confusing debug messages. Adding the domain name as a search parameter will avoid this.
-rw-r--r--src/providers/ad/ad_subdomains.c1
-rw-r--r--src/providers/ipa/ipa_subdomains.c2
-rw-r--r--src/providers/ldap/ldap_id.c2
-rw-r--r--src/providers/ldap/sdap_async_enum.c2
-rw-r--r--src/providers/ldap/sdap_async_groups.c1
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c4
-rw-r--r--src/providers/ldap/sdap_async_users.c1
-rw-r--r--src/providers/ldap/sdap_idmap.c12
-rw-r--r--src/providers/ldap/sdap_idmap.h1
9 files changed, 24 insertions, 2 deletions
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index d8e9b26c3..30c510c97 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -162,6 +162,7 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx,
mpg = sdap_idmap_domain_has_algorithmic_mapping(
ctx->sdap_id_ctx->opts->idmap_ctx,
+ domain->name,
domain->domain_id);
/* AD subdomains are currently all mpg and do not enumerate */
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 49ac0b3e7..d873c5b27 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -577,7 +577,7 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent,
goto done;
}
- mpg = sdap_idmap_domain_has_algorithmic_mapping(sdap_idmap_ctx, id);
+ mpg = sdap_idmap_domain_has_algorithmic_mapping(sdap_idmap_ctx, name, id);
ret = ipa_subdom_get_forest(tmp_ctx, sysdb_ctx_get_ldb(parent->sysdb),
attrs, &forest);
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 59dfd0a5d..9fd95ce79 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -105,6 +105,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
ctx->opts->idmap_ctx,
+ sdom->dom->name,
sdom->dom->domain_id);
switch (filter_type) {
case BE_FILTER_NAME:
@@ -471,6 +472,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
ctx->opts->idmap_ctx,
+ sdom->dom->name,
sdom->dom->domain_id);
switch(filter_type) {
diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c
index 9a520ba5f..8487f9a13 100644
--- a/src/providers/ldap/sdap_async_enum.c
+++ b/src/providers/ldap/sdap_async_enum.c
@@ -365,6 +365,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
use_mapping = sdap_idmap_domain_has_algorithmic_mapping(
ctx->opts->idmap_ctx,
+ sdom->dom->name,
sdom->dom->domain_id);
/* We always want to filter on objectclass and an available name */
@@ -539,6 +540,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
use_mapping = sdap_idmap_domain_has_algorithmic_mapping(
ctx->opts->idmap_ctx,
+ sdom->dom->name,
sdom->dom->domain_id);
/* We always want to filter on objectclass and an available name */
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index b11189507..00ac3e991 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -478,6 +478,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
}
use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx,
+ dom->name,
sid_str);
if (use_id_mapping) {
posix_group = true;
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index e8de8d5c2..c16d48495 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -100,6 +100,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
}
use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx,
+ domain->name,
domain->domain_id);
ret = sysdb_transaction_start(sysdb);
@@ -1542,6 +1543,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send(
use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
opts->idmap_ctx,
+ sdom->dom->name,
sdom->dom->domain_id);
state->base_filter =
@@ -2637,6 +2639,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
id_ctx->opts->idmap_ctx,
+ sdom->dom->name,
sdom->dom->domain_id);
ret = sss_filter_sanitize(state, name, &clean_name);
@@ -2684,6 +2687,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
state->use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
state->opts->idmap_ctx,
+ state->dom->name,
state->dom->domain_id);
ret = sdap_get_initgr_next_base(req);
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index 860e8feaf..2807b0728 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -215,6 +215,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx,
+ dom->name,
sid_str);
/* Retrieve or map the UID as appropriate */
diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c
index af69ee12c..249201def 100644
--- a/src/providers/ldap/sdap_idmap.c
+++ b/src/providers/ldap/sdap_idmap.c
@@ -513,6 +513,7 @@ done:
}
bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx,
+ const char *dom_name,
const char *dom_sid)
{
enum idmap_error_code err;
@@ -529,6 +530,15 @@ bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx,
return false;
}
+ err = sss_idmap_domain_by_name_has_algorithmic_mapping(ctx->map,
+ dom_name,
+ &has_algorithmic_mapping);
+ if (err == IDMAP_SUCCESS) {
+ return has_algorithmic_mapping;
+ } else if (err != IDMAP_NAME_UNKNOWN && err != IDMAP_NO_DOMAIN) {
+ return false;
+ }
+
/* This is the first time we've seen this domain
* Create a new domain for it. We'll use the dom-sid
* as the domain name for now, since we don't have
@@ -554,7 +564,7 @@ bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx,
}
}
- ret = ctx->find_new_domain(ctx, new_dom_sid, new_dom_sid);
+ ret = ctx->find_new_domain(ctx, dom_name, new_dom_sid);
talloc_free(tmp_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
diff --git a/src/providers/ldap/sdap_idmap.h b/src/providers/ldap/sdap_idmap.h
index c8bc4e29f..07499dc78 100644
--- a/src/providers/ldap/sdap_idmap.h
+++ b/src/providers/ldap/sdap_idmap.h
@@ -57,6 +57,7 @@ sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx,
id_t *id);
bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx,
+ const char *name,
const char *dom_sid);
#endif /* SDAP_IDMAP_H_ */