diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-12-03 20:45:44 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-12-19 20:14:32 +0100 |
commit | 1dced7370e55be16154bbb649606f928765819d0 (patch) | |
tree | efb26b696f5e6ce8d86c0a79a8c5856ac4968efd /src/providers/ad/ad_id.c | |
parent | 402af69c0bb7ea8b84e36f3567de6086042cb152 (diff) | |
download | sssd-1dced7370e55be16154bbb649606f928765819d0.tar.gz sssd-1dced7370e55be16154bbb649606f928765819d0.tar.xz sssd-1dced7370e55be16154bbb649606f928765819d0.zip |
AD: Add a utility function to create list of connections
ad_id.c and ad_access.c used the same block of code. With the upcoming
option to disable GC lookups, we should unify the code in a function to
avoid breaking one of the code paths.
The same applies for the LDAP connection to the trusted AD DC.
Includes a unit test.
Diffstat (limited to 'src/providers/ad/ad_id.c')
-rw-r--r-- | src/providers/ad/ad_id.c | 29 |
1 files changed, 8 insertions, 21 deletions
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index cf71b172d..e47c41863 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -188,12 +188,6 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom, struct be_acct_req *ar) { struct sdap_id_conn_ctx **clist; - struct sdap_domain *sdom; - struct ad_id_ctx *subdom_id_ctx; - - /* LDAP, GC, sentinel */ - clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 3); - if (clist == NULL) return NULL; switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ @@ -201,24 +195,17 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, case BE_REQ_USER_AND_GROUP: /* get SID */ case BE_REQ_GROUP: /* group */ case BE_REQ_INITGROUPS: /* init groups for user */ - /* Always try GC first */ - clist[0] = ad_ctx->gc_ctx; - if (IS_SUBDOMAIN(dom) == true) { - clist[0]->ignore_mark_offline = false; - /* Subdomain users are only present in GC. */ - break; - } - /* fall back to ldap if gc is not available */ - clist[0]->ignore_mark_offline = true; - - /* With root domain users we have the option to - * fall back to LDAP in case ie POSIX attributes - * are used but not replicated to GC - */ - clist[1] = ad_ctx->ldap_ctx; + clist = ad_gc_conn_list(breq, ad_ctx, dom); + if (clist == NULL) return NULL; break; + default: + /* Requests for other object should only contact LDAP by default */ + clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 2); + if (clist == NULL) return NULL; + clist[0] = ad_ctx->ldap_ctx; + clist[1] = NULL; break; } |