diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-25 10:21:05 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-02 21:22:08 +0200 |
| commit | fbba3e56fa91e72f58b27a8b9fa8ccffd7ab5be0 (patch) | |
| tree | fffe30d4ae803c4ba653780a393c3e1578ae5327 /src/providers/ldap/ldap_id.c | |
| parent | 10d66d2ec03d0864cb7a006ef589a4bbbc1f48dc (diff) | |
| download | sssd-fbba3e56fa91e72f58b27a8b9fa8ccffd7ab5be0.tar.gz sssd-fbba3e56fa91e72f58b27a8b9fa8ccffd7ab5be0.tar.xz sssd-fbba3e56fa91e72f58b27a8b9fa8ccffd7ab5be0.zip | |
Skip enumeration requests in IPA and AD providers as well
Checking the enum request in the underlying LDAP provider to skip it
might be too late as the richer IPA or AD providers depend on having a
useful result when the sdap request finishes.
Move the enumeration check earlier instead and allow directly in the IPA
or AD handler.
Related:
https://fedorahosted.org/sssd/ticket/2659
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 40bc389bc79bc41429b5a92d5ce75955f8eefaf5)
Diffstat (limited to 'src/providers/ldap/ldap_id.c')
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 48 |
1 files changed, 19 insertions, 29 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 724990653..8ccb36092 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -1358,6 +1358,20 @@ void sdap_account_info_handler(struct be_req *breq) return sdap_handle_account_info(breq, ctx, ctx->conn); } +bool sdap_is_enum_request(struct be_acct_req *ar) +{ + switch (ar->entry_type & BE_REQ_TYPE_MASK) { + case BE_REQ_USER: + case BE_REQ_GROUP: + case BE_REQ_SERVICES: + if (ar->filter_type == BE_FILTER_ENUM) { + return true; + } + } + + return false; +} + /* A generic LDAP account info handler */ struct sdap_handle_acct_req_state { struct be_acct_req *ar; @@ -1398,16 +1412,6 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ - - /* skip enumerations on demand */ - if (ar->filter_type == BE_FILTER_ENUM) { - DEBUG(SSSDBG_TRACE_LIBS, - "Skipping user enumeration on demand\n"); - state->err = "Success"; - ret = EOK; - goto done; - } - subreq = users_get_send(state, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, @@ -1418,16 +1422,6 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, break; case BE_REQ_GROUP: /* group */ - - /* skip enumerations on demand */ - if (ar->filter_type == BE_FILTER_ENUM) { - DEBUG(SSSDBG_TRACE_LIBS, - "Skipping group enumeration on demand\n"); - state->err = "Success"; - ret = EOK; - goto done; - } - subreq = groups_get_send(state, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, @@ -1472,15 +1466,6 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, break; case BE_REQ_SERVICES: - /* skip enumerations on demand */ - if (ar->filter_type == BE_FILTER_ENUM) { - DEBUG(SSSDBG_TRACE_LIBS, - "Skipping service enumeration on demand\n"); - state->err = "Success"; - ret = EOK; - goto done; - } - if (ar->filter_type == BE_FILTER_SECID || ar->filter_type == BE_FILTER_UUID) { ret = EINVAL; @@ -1666,6 +1651,11 @@ void sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx, EINVAL, "Invalid private data"); } + if (sdap_is_enum_request(ar)) { + DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n"); + return sdap_handler_done(breq, DP_ERR_OK, EOK, "Success"); + } + req = sdap_handle_acct_req_send(breq, ctx->be, ar, ctx, ctx->opts->sdom, conn, true); if (req == NULL) { |