diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-04 18:45:45 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-22 13:46:02 +0200 |
| commit | fb83de0699b16e7d8eca803305e2112795807b4c (patch) | |
| tree | 8becc37d1ca208ee3ee60dd274d421fb4344e6a1 /src/providers/ldap/sdap_async_groups.c | |
| parent | cf66c53e46fad46f47489f43265c58004e0e39d4 (diff) | |
| download | sssd-fb83de0699b16e7d8eca803305e2112795807b4c.tar.gz sssd-fb83de0699b16e7d8eca803305e2112795807b4c.tar.xz sssd-fb83de0699b16e7d8eca803305e2112795807b4c.zip | |
LDAP: Filter out multiple entries when searching overlapping domains
In case domain overlap, we might download multiple objects. To avoid
saving them all, we attempt to filter out the objects from foreign
domains.
We can only do this optimization for non-wildcard lookups.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/providers/ldap/sdap_async_groups.c')
| -rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 57a53af3f..653187b3a 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1905,6 +1905,9 @@ static errno_t sdap_get_groups_next_base(struct tevent_req *req) } static void sdap_nested_done(struct tevent_req *req); +static void sdap_search_group_copy_batch(struct sdap_get_groups_state *state, + struct sysdb_attrs **groups, + size_t count); static void sdap_ad_match_rule_members_process(struct tevent_req *subreq); static void sdap_get_groups_process(struct tevent_req *subreq) @@ -1950,15 +1953,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq) return; } - /* Copy the new groups into the list - */ - for (i = 0; i < count; i++) { - state->groups[state->count + i] = - talloc_steal(state->groups, groups[i]); - } - - state->count += count; - state->groups[state->count] = NULL; + sdap_search_group_copy_batch(state, groups, count); } if (next_base) { @@ -2093,6 +2088,26 @@ static void sdap_get_groups_process(struct tevent_req *subreq) } } +static void sdap_search_group_copy_batch(struct sdap_get_groups_state *state, + struct sysdb_attrs **groups, + size_t count) +{ + size_t copied; + bool filter; + + /* Always copy all objects for wildcard lookups. */ + filter = state->lookup_type == SDAP_LOOKUP_SINGLE ? true : false; + + copied = sdap_steal_objects_in_dom(state->opts, + state->groups, + state->count, + state->dom, + groups, count, filter); + + state->count += copied; + state->groups[state->count] = NULL; +} + static void sdap_get_groups_done(struct tevent_req *subreq) { struct tevent_req *req = |