diff options
author | Sumit Bose <sbose@redhat.com> | 2013-10-24 11:45:57 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-25 15:31:15 +0200 |
commit | fdda4b659fa3be3027df91a2b053835186ec2c59 (patch) | |
tree | f5f579b9d36f38df405db0f8b3552e2b4d85d21b /src/providers/ldap | |
parent | 3cbbfb4b05d0eb0a0809704e83589d0075e117a0 (diff) | |
download | sssd-fdda4b659fa3be3027df91a2b053835186ec2c59.tar.gz sssd-fdda4b659fa3be3027df91a2b053835186ec2c59.tar.xz sssd-fdda4b659fa3be3027df91a2b053835186ec2c59.zip |
sdap_idmap_domain_has_algorithmic_mapping: add domain name argument
When libss_idmap was only used to algorithmically map a SID to a POSIX
ID a domain SID was strictly necessary and the only information needed
to find a domain.
With the introduction of external mappings there are cases where a
domain SID is not available. Currently we relied on the fact that
external mapping was always used as a default if not specific
information about the domain was found. The lead to extra CPU cycles and
potentially confusing debug messages. Adding the domain name as a search
parameter will avoid this.
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/ldap_id.c | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_enum.c | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 1 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 4 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 1 | ||||
-rw-r--r-- | src/providers/ldap/sdap_idmap.c | 12 | ||||
-rw-r--r-- | src/providers/ldap/sdap_idmap.h | 1 |
7 files changed, 22 insertions, 1 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 59dfd0a5d..9fd95ce79 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -105,6 +105,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( ctx->opts->idmap_ctx, + sdom->dom->name, sdom->dom->domain_id); switch (filter_type) { case BE_FILTER_NAME: @@ -471,6 +472,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( ctx->opts->idmap_ctx, + sdom->dom->name, sdom->dom->domain_id); switch(filter_type) { diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c index b03c19a50..a1bc0977c 100644 --- a/src/providers/ldap/sdap_async_enum.c +++ b/src/providers/ldap/sdap_async_enum.c @@ -366,6 +366,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, use_mapping = sdap_idmap_domain_has_algorithmic_mapping( ctx->opts->idmap_ctx, + sdom->dom->name, sdom->dom->domain_id); /* We always want to filter on objectclass and an available name */ @@ -540,6 +541,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, use_mapping = sdap_idmap_domain_has_algorithmic_mapping( ctx->opts->idmap_ctx, + sdom->dom->name, sdom->dom->domain_id); /* We always want to filter on objectclass and an available name */ diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index b11189507..00ac3e991 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -478,6 +478,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, } use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx, + dom->name, sid_str); if (use_id_mapping) { posix_group = true; diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index e8de8d5c2..c16d48495 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -100,6 +100,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, } use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx, + domain->name, domain->domain_id); ret = sysdb_transaction_start(sysdb); @@ -1542,6 +1543,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( opts->idmap_ctx, + sdom->dom->name, sdom->dom->domain_id); state->base_filter = @@ -2637,6 +2639,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( id_ctx->opts->idmap_ctx, + sdom->dom->name, sdom->dom->domain_id); ret = sss_filter_sanitize(state, name, &clean_name); @@ -2684,6 +2687,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, state->use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( state->opts->idmap_ctx, + state->dom->name, state->dom->domain_id); ret = sdap_get_initgr_next_base(req); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 860e8feaf..2807b0728 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -215,6 +215,7 @@ int sdap_save_user(TALLOC_CTX *memctx, use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx, + dom->name, sid_str); /* Retrieve or map the UID as appropriate */ diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c index af69ee12c..249201def 100644 --- a/src/providers/ldap/sdap_idmap.c +++ b/src/providers/ldap/sdap_idmap.c @@ -513,6 +513,7 @@ done: } bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx, + const char *dom_name, const char *dom_sid) { enum idmap_error_code err; @@ -529,6 +530,15 @@ bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx, return false; } + err = sss_idmap_domain_by_name_has_algorithmic_mapping(ctx->map, + dom_name, + &has_algorithmic_mapping); + if (err == IDMAP_SUCCESS) { + return has_algorithmic_mapping; + } else if (err != IDMAP_NAME_UNKNOWN && err != IDMAP_NO_DOMAIN) { + return false; + } + /* This is the first time we've seen this domain * Create a new domain for it. We'll use the dom-sid * as the domain name for now, since we don't have @@ -554,7 +564,7 @@ bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx, } } - ret = ctx->find_new_domain(ctx, new_dom_sid, new_dom_sid); + ret = ctx->find_new_domain(ctx, dom_name, new_dom_sid); talloc_free(tmp_ctx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, diff --git a/src/providers/ldap/sdap_idmap.h b/src/providers/ldap/sdap_idmap.h index c8bc4e29f..07499dc78 100644 --- a/src/providers/ldap/sdap_idmap.h +++ b/src/providers/ldap/sdap_idmap.h @@ -57,6 +57,7 @@ sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx, id_t *id); bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx, + const char *name, const char *dom_sid); #endif /* SDAP_IDMAP_H_ */ |