diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-25 14:14:53 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-14 21:44:39 +0200 |
commit | 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 (patch) | |
tree | 2c1305c160c50585e6ecf3f9d3d7cfd2f6298778 /src/providers/ipa | |
parent | ad9ca94d0c793c2e30e77f4cc385bf10e42e382f (diff) | |
download | sssd-5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757.tar.gz sssd-5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757.tar.xz sssd-5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757.zip |
IPA: Check master domain record before subdomain records
For one-way trusts we need to know the flat name of the IPA domain when
we process subdomains, hence we need to swap the processing order and
read the master domain record sooner.
Previsouly the order was:
- ranges
- subdomains
- if on client, views
- master
Now the order is:
- ranges
- master
- subdomains
- if on client, views
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers/ipa')
-rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 42 |
1 files changed, 28 insertions, 14 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 82b7feedc..872f212c9 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -1223,13 +1223,7 @@ static void ipa_get_view_name_done(struct tevent_req *req) } - ret = ipa_check_master(ctx); - if (ret == EAGAIN) { - return; - } else if (ret != EOK) { - goto done; - } - + ret = EOK; done: if (ret == EOK) { dp_error = DP_ERR_OK; @@ -1322,13 +1316,7 @@ static void ipa_subdomains_handler_done(struct tevent_req *req) } } - ret = ipa_check_master(ctx); - if (ret == EAGAIN) { - return; - } else if (ret != EOK) { - goto done; - } - + ret = EOK; done: if (ret == EOK) { dp_error = DP_ERR_OK; @@ -1403,6 +1391,17 @@ static void ipa_subdomains_handler_ranges_done(struct tevent_req *req) goto done; } + ret = ipa_check_master(ctx); + if (ret == EAGAIN) { + DEBUG(SSSDBG_TRACE_ALL, "Checking master record..\n"); + return; + } else if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "ipa_check_master failed.\n"); + goto done; + } + /* Master domain is up-to-date. Continue checking subdomains */ + + DEBUG(SSSDBG_TRACE_ALL, "Master record up2date, checking subdomains\n"); ret = ipa_subdomains_handler_get_start(ctx, ctx->sd_ctx->search_bases, IPA_SUBDOMAINS_SLAVE); if (ret == EAGAIN) { @@ -1463,6 +1462,21 @@ static void ipa_subdomains_handler_master_done(struct tevent_req *req) ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain, realm, flat, id, NULL); + if (ret != EOK) { + goto done; + } + + /* There is only one master record. Don't bother checking other IPA + * search bases; move to checking subdomains instead + */ + ret = ipa_subdomains_handler_get_start(ctx, + ctx->sd_ctx->search_bases, + IPA_SUBDOMAINS_SLAVE); + if (ret == EAGAIN) { + return; + } + + /* Either no search bases or an error. End the request in both cases */ } else { ret = ipa_subdomains_handler_get_cont(ctx, IPA_SUBDOMAINS_MASTER); if (ret == EAGAIN) { |