summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2014-08-19 19:27:23 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-08-19 19:27:23 +0200
commit6c7e10cfa53c3bb1e80a7e440a44428992e973b1 (patch)
tree05b1312ba067032d562532e47bd4dc17873c7199
parentd37b8091a8f16e94c26e5eb2ddb922d51928deda (diff)
downloadsssd-6c7e10cfa53c3bb1e80a7e440a44428992e973b1.tar.gz
sssd-6c7e10cfa53c3bb1e80a7e440a44428992e973b1.tar.xz
sssd-6c7e10cfa53c3bb1e80a7e440a44428992e973b1.zip
Revert "IPA: process non-posix nested groups"
This reverts commit 4417c874595600cd93e12822fab54aa5753df74a.
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c75
1 files changed, 3 insertions, 72 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 6c10c4ce7..712811f83 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -709,7 +709,6 @@ struct sdap_initgr_nested_state {
struct ldb_message_element *memberof;
char *filter;
- char *np_grp_filter;
char **group_dns;
int cur;
@@ -717,11 +716,6 @@ struct sdap_initgr_nested_state {
struct sysdb_attrs **groups;
int groups_cur;
- /* state of resolving group:
- * try_as_non_posix => suppose the group is a non-posix group
- * !try_as_non_posix => suppose the group is a posix group
- */
- bool try_as_non_posix;
};
static errno_t sdap_initgr_nested_deref_search(struct tevent_req *req);
@@ -751,10 +745,6 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx,
state->dom = dom;
state->sh = sh;
state->grp_attrs = grp_attrs;
- state->np_grp_attrs = np_grp_attrs;
- /* initially suppose that group is posix group */
- state->try_as_non_posix = false;
-
state->user = user;
state->op = NULL;
@@ -840,15 +830,6 @@ static errno_t sdap_initgr_nested_noderef_search(struct tevent_req *req)
return ENOMEM;
}
- state->np_grp_filter = talloc_asprintf(
- state,"(&(objectclass=%s)(%s=*))",
- state->opts->np_group_map[SDAP_OC_NP_GROUP].name,
- state->opts->np_group_map[SDAP_AT_NP_GROUP_NAME].name);
-
- if (state->np_grp_filter == NULL) {
- return ENOMEM;
- }
-
subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
state->group_dns[state->cur],
LDAP_SCOPE_BASE,
@@ -979,56 +960,9 @@ static void sdap_initgr_nested_search(struct tevent_req *subreq)
groups[0]);
state->groups_cur++;
} else {
- if (count > 1) {
- /* Got more than 1 result which is wrong! */
- DEBUG(SSSDBG_OP_FAILURE,
- "Search for group %s, returned %zu results - "
- "expecting only 1. Skipping\n",
- state->group_dns[state->cur], count);
-
- } else {
- /* (count == 0) => failed to resolve group */
- if (state->try_as_non_posix) {
- /* Group was tried to be resolved as both posix and non-posix
- * group but both attempts failed. Succumb on this one and try
- * to continue with another group.
- */
- DEBUG(SSSDBG_MINOR_FAILURE,
- "Group %s, failed to be resolved as posix or non-posix "
- "group. Skipping\n.",
- state->group_dns[state->cur]);
- } else {
- /* Getting group as posix group failed, try to get the group as
- * non-posix one instead.
- */
- state->try_as_non_posix = true;
-
- DEBUG(SSSDBG_TRACE_FUNC,
- "The group %s failed to be resolved as posix. "
- "Trying to get it as non-posix\n",
- state->group_dns[state->cur]);
-
- subreq = sdap_get_generic_send(state, state->ev,
- state->opts, state->sh,
- state->group_dns[state->cur],
- LDAP_SCOPE_BASE,
- state->np_grp_filter,
- state->np_grp_attrs,
- state->opts->np_group_map,
- SDAP_OPTS_NP_GROUP,
- dp_opt_get_int(
- state->opts->basic,
- SDAP_SEARCH_TIMEOUT),
- false);
- if (!subreq) {
- tevent_req_error(req, ENOMEM);
- return;
- }
- tevent_req_set_callback(subreq,
- sdap_initgr_nested_search, req);
- return;
- }
- }
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Search for group %s, returned %zu results. Skipping\n",
+ state->group_dns[state->cur], count);
}
state->cur++;
@@ -1036,8 +970,6 @@ static void sdap_initgr_nested_search(struct tevent_req *subreq)
* memberOf which might not be only groups, but permissions, etc.
* Use state->groups_cur for group index cap */
if (state->cur < state->memberof->num_values) {
- /* first try to resolve group as posix group */
- state->try_as_non_posix = false;
subreq = sdap_get_generic_send(state, state->ev,
state->opts, state->sh,
state->group_dns[state->cur],
@@ -2721,7 +2653,6 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
state->conn = conn;
state->name = name;
state->grp_attrs = grp_attrs;
- state->np_grp_attrs = np_grp_attrs;
state->orig_user = NULL;
state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
state->user_base_iter = 0;