diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-10-05 16:11:14 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-10-07 12:42:03 +0200 |
commit | afb21fd06690a0bec288a7970abf74ed2ea7dfdc (patch) | |
tree | 80acbc6a5c4ecc4383eea36beb5f459b33652f6f /src/providers | |
parent | 309aa83d16b5919f727af04850bcd0799ba0962f (diff) | |
download | sssd-afb21fd06690a0bec288a7970abf74ed2ea7dfdc.tar.gz sssd-afb21fd06690a0bec288a7970abf74ed2ea7dfdc.tar.xz sssd-afb21fd06690a0bec288a7970abf74ed2ea7dfdc.zip |
AD: Consolidate connection list construction on ad_common.c
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ad/ad_common.c | 31 | ||||
-rw-r--r-- | src/providers/ad/ad_common.h | 5 | ||||
-rw-r--r-- | src/providers/ad/ad_id.c | 18 |
3 files changed, 37 insertions, 17 deletions
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 7d46af4a4..ffc135124 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -1287,3 +1287,34 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx, clist[1] = NULL; return clist; } + +struct sdap_id_conn_ctx ** +ad_user_conn_list(TALLOC_CTX *mem_ctx, + struct ad_id_ctx *ad_ctx, + struct sss_domain_info *dom) +{ + struct sdap_id_conn_ctx **clist; + int cindex = 0; + + clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3); + if (clist == NULL) { + return NULL; + } + + /* Try GC first for users from trusted domains, but go to LDAP + * for users from non-trusted domains to get all POSIX attrs + */ + if (dp_opt_get_bool(ad_ctx->ad_options->basic, AD_ENABLE_GC) + && IS_SUBDOMAIN(dom)) { + clist[cindex] = ad_ctx->gc_ctx; + clist[cindex]->ignore_mark_offline = true; + cindex++; + } + + /* Users from primary domain can be just downloaded from LDAP. + * The domain's LDAP connection also works as a fallback + */ + clist[cindex] = ad_get_dom_ldap_conn(ad_ctx, dom); + + return clist; +} diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index 701e46198..0cefa1859 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -153,6 +153,11 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom); +struct sdap_id_conn_ctx ** +ad_user_conn_list(TALLOC_CTX *mem_ctx, + struct ad_id_ctx *ad_ctx, + struct sss_domain_info *dom); + struct sdap_id_conn_ctx * ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom); diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index be0cb3b12..51d378863 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -244,25 +244,10 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom, struct be_acct_req *ar) { struct sdap_id_conn_ctx **clist; - int cindex = 0; switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ - clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3); - if (clist == NULL) return NULL; - - /* Try GC first for users from trusted domains */ - if (dp_opt_get_bool(ad_ctx->ad_options->basic, AD_ENABLE_GC) - && IS_SUBDOMAIN(dom)) { - clist[cindex] = ad_ctx->gc_ctx; - clist[cindex]->ignore_mark_offline = true; - cindex++; - } - - /* Users from primary domain can be just downloaded from LDAP. - * The domain's LDAP connection also works as a fallback - */ - clist[cindex] = ad_get_dom_ldap_conn(ad_ctx, dom); + clist = ad_user_conn_list(breq, ad_ctx, dom); break; case BE_REQ_BY_SECID: /* by SID */ case BE_REQ_USER_AND_GROUP: /* get SID */ @@ -270,7 +255,6 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, case BE_REQ_INITGROUPS: /* init groups for user */ clist = ad_gc_conn_list(breq, ad_ctx, dom); break; - default: /* Requests for other object should only contact LDAP by default */ clist = ad_ldap_conn_list(breq, ad_ctx, dom); |