summaryrefslogtreecommitdiffstats
path: root/src/providers
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-05-27 08:48:02 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-07 00:14:13 +0200
commit749cfb5d3270b5daf389d51a0dbd3fd2aec6e05d (patch)
tree65abb8438d2d31bd627861ff2fdc8cda6c07c960 /src/providers
parent9aa117a93e315f790a1922d9ac7bd484878b621e (diff)
downloadsssd-749cfb5d3270b5daf389d51a0dbd3fd2aec6e05d.tar.gz
sssd-749cfb5d3270b5daf389d51a0dbd3fd2aec6e05d.tar.xz
sssd-749cfb5d3270b5daf389d51a0dbd3fd2aec6e05d.zip
LDAP: new SDAP domain structure
Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain.
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ad/ad_common.c17
-rw-r--r--src/providers/ad/ad_subdomains.c4
-rw-r--r--src/providers/ipa/ipa_common.c21
-rw-r--r--src/providers/ipa/ipa_netgroups.c10
-rw-r--r--src/providers/ldap/ldap_common.c86
-rw-r--r--src/providers/ldap/ldap_common.h16
-rw-r--r--src/providers/ldap/ldap_id.c68
-rw-r--r--src/providers/ldap/ldap_id_enum.c38
-rw-r--r--src/providers/ldap/ldap_id_netgroup.c9
-rw-r--r--src/providers/ldap/ldap_id_services.c9
-rw-r--r--src/providers/ldap/ldap_init.c2
-rw-r--r--src/providers/ldap/sdap.c58
-rw-r--r--src/providers/ldap/sdap.h28
-rw-r--r--src/providers/ldap/sdap_async.h5
-rw-r--r--src/providers/ldap/sdap_async_autofs.c2
-rw-r--r--src/providers/ldap/sdap_async_connection.c3
-rw-r--r--src/providers/ldap/sdap_async_groups.c16
-rw-r--r--src/providers/ldap/sdap_async_groups_ad.c2
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c18
-rw-r--r--src/providers/ldap/sdap_async_initgroups_ad.c2
-rw-r--r--src/providers/ldap/sdap_async_nested_groups.c37
-rw-r--r--src/providers/ldap/sdap_async_netgroups.c2
-rw-r--r--src/providers/ldap/sdap_async_private.h3
-rw-r--r--src/providers/ldap/sdap_async_services.c2
-rw-r--r--src/providers/ldap/sdap_async_sudo.c2
25 files changed, 315 insertions, 145 deletions
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index 4a6343f73..713f31947 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -448,6 +448,13 @@ ad_get_id_options(struct ad_options *ad_opts,
goto done;
}
+ ret = sdap_domain_add(id_opts,
+ ad_opts->id_ctx->sdap_id_ctx->be->domain,
+ NULL);
+ if (ret != EOK) {
+ goto done;
+ }
+
ret = dp_get_options(id_opts, cdb, conf_path,
ad_def_ldap_opts,
SDAP_OPTS_BASIC,
@@ -619,31 +626,31 @@ ad_set_search_bases(struct sdap_options *id_opts)
/* Default search */
ret = sdap_parse_search_base(id_opts, id_opts->basic,
SDAP_SEARCH_BASE,
- &id_opts->search_bases);
+ &id_opts->sdom->search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* User search */
ret = sdap_parse_search_base(id_opts, id_opts->basic,
SDAP_USER_SEARCH_BASE,
- &id_opts->user_search_bases);
+ &id_opts->sdom->user_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* Group search base */
ret = sdap_parse_search_base(id_opts, id_opts->basic,
SDAP_GROUP_SEARCH_BASE,
- &id_opts->group_search_bases);
+ &id_opts->sdom->group_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* Netgroup search */
ret = sdap_parse_search_base(id_opts, id_opts->basic,
SDAP_NETGROUP_SEARCH_BASE,
- &id_opts->netgroup_search_bases);
+ &id_opts->sdom->netgroup_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* Service search */
ret = sdap_parse_search_base(id_opts, id_opts->basic,
SDAP_SERVICE_SEARCH_BASE,
- &id_opts->service_search_bases);
+ &id_opts->sdom->service_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
ret = EOK;
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index da0c85e76..098663cc8 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -44,6 +44,7 @@
struct ad_subdomains_ctx {
struct be_ctx *be_ctx;
struct sdap_id_ctx *sdap_id_ctx;
+ struct sdap_domain *sdom;
struct sss_idmap_ctx *idmap_ctx;
char *domain_name;
@@ -164,7 +165,7 @@ static errno_t ad_subdomains_get_master_sid(struct ad_subdomains_req_ctx *ctx)
const char *master_sid_attrs[] = {AD_AT_OBJECT_SID, NULL};
- base = ctx->sd_ctx->sdap_id_ctx->opts->search_bases[ctx->base_iter];
+ base = ctx->sd_ctx->sdom->search_bases[ctx->base_iter];
if (base == NULL) {
return EOK;
}
@@ -497,6 +498,7 @@ int ad_subdom_init(struct be_ctx *be_ctx,
}
ctx->be_ctx = be_ctx;
+ ctx->sdom = id_ctx->sdap_id_ctx->opts->sdom;
ctx->sdap_id_ctx = id_ctx->sdap_id_ctx;
ctx->domain_name = talloc_strdup(ctx, ad_domain);
if (ctx->domain_name == NULL) {
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index ec36b57d7..76da6c1e1 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -187,6 +187,13 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
goto done;
}
+ ret = sdap_domain_add(ipa_opts->id,
+ ipa_opts->id_ctx->sdap_id_ctx->be->domain,
+ NULL);
+ if (ret != EOK) {
+ goto done;
+ }
+
/* get sdap options */
ret = dp_get_options(ipa_opts->id, cdb, conf_path,
ipa_def_ldap_opts,
@@ -223,7 +230,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
SDAP_SEARCH_BASE,
- &ipa_opts->id->search_bases);
+ &ipa_opts->id->sdom->search_bases);
if (ret != EOK) goto done;
/* set krb realm */
@@ -277,7 +284,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
SDAP_USER_SEARCH_BASE,
- &ipa_opts->id->user_search_bases);
+ &ipa_opts->id->sdom->user_search_bases);
if (ret != EOK) goto done;
if (NULL == dp_opt_get_string(ipa_opts->id->basic,
@@ -296,7 +303,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
SDAP_GROUP_SEARCH_BASE,
- &ipa_opts->id->group_search_bases);
+ &ipa_opts->id->sdom->group_search_bases);
if (ret != EOK) goto done;
if (NULL == dp_opt_get_string(ipa_opts->id->basic,
@@ -334,7 +341,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
SDAP_SUDO_SEARCH_BASE,
- &ipa_opts->id->sudo_search_bases);
+ &ipa_opts->id->sdom->sudo_search_bases);
if (ret != EOK) goto done;
if (NULL == dp_opt_get_string(ipa_opts->id->basic,
@@ -357,7 +364,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
SDAP_NETGROUP_SEARCH_BASE,
- &ipa_opts->id->netgroup_search_bases);
+ &ipa_opts->id->sdom->netgroup_search_bases);
if (ret != EOK) goto done;
if (NULL == dp_opt_get_string(ipa_opts->basic,
@@ -450,7 +457,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
SDAP_SERVICE_SEARCH_BASE,
- &ipa_opts->id->service_search_bases);
+ &ipa_opts->id->sdom->service_search_bases);
if (ret != EOK) goto done;
if (NULL == dp_opt_get_string(ipa_opts->basic,
@@ -992,7 +999,7 @@ int ipa_get_autofs_options(struct ipa_options *ipa_opts,
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
SDAP_AUTOFS_SEARCH_BASE,
- &ipa_opts->id->autofs_search_bases);
+ &ipa_opts->id->sdom->autofs_search_bases);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not parse autofs search base\n"));
goto done;
diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c
index f9e43b87f..0f36fc9f5 100644
--- a/src/providers/ipa/ipa_netgroups.c
+++ b/src/providers/ipa/ipa_netgroups.c
@@ -215,7 +215,7 @@ struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx,
state->netgr_base_iter = 0;
state->dom = dom;
- if (!ipa_options->id->netgroup_search_bases) {
+ if (!ipa_options->id->sdom->netgroup_search_bases) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Netgroup lookup request without a search base\n"));
ret = EINVAL;
@@ -248,7 +248,7 @@ static errno_t ipa_netgr_next_base(struct tevent_req *req)
struct sdap_search_base **netgr_bases;
state = tevent_req_data(req, struct ipa_get_netgroups_state);
- netgr_bases = state->ipa_opts->id->netgroup_search_bases;
+ netgr_bases = state->ipa_opts->id->sdom->netgroup_search_bases;
talloc_zfree(state->filter);
state->filter = sdap_get_id_specific_filter(
@@ -307,7 +307,7 @@ static void ipa_get_netgroups_process(struct tevent_req *subreq)
hash_key_t key;
hash_value_t value;
- netgr_bases = state->ipa_opts->id->netgroup_search_bases;
+ netgr_bases = state->ipa_opts->id->sdom->netgroup_search_bases;
ret = sdap_get_generic_recv(subreq, state, &netgroups_count, &netgroups);
talloc_zfree(subreq);
@@ -432,7 +432,7 @@ static int ipa_netgr_fetch_netgroups(struct ipa_get_netgroups_state *state,
struct tevent_req *subreq;
struct sdap_search_base **bases;
- bases = state->ipa_opts->id->netgroup_search_bases;
+ bases = state->ipa_opts->id->sdom->netgroup_search_bases;
if (bases[state->netgr_base_iter] == NULL) {
/* No more bases to try */
return ENOENT;
@@ -473,7 +473,7 @@ static int ipa_netgr_fetch_users(struct ipa_get_netgroups_state *state,
struct tevent_req *subreq;
struct sdap_search_base **bases;
- bases = state->ipa_opts->id->user_search_bases;
+ bases = state->ipa_opts->id->sdom->user_search_bases;
if (bases[state->user_base_iter] == NULL) {
return ENOENT;
}
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 856c57e43..3e7ab9da9 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -39,8 +39,75 @@
/* a fd the child process would log into */
int ldap_child_debug_fd = -1;
+int
+sdap_domain_destructor(void *mem)
+{
+ struct sdap_domain *dom =
+ talloc_get_type(mem, struct sdap_domain);
+ DLIST_REMOVE(*(dom->head), dom);
+ return 0;
+}
+
+struct sdap_domain *
+sdap_domain_get(struct sdap_options *opts,
+ struct sss_domain_info *dom)
+{
+ struct sdap_domain *sditer = NULL;
+
+ DLIST_FOR_EACH(sditer, opts->sdom) {
+ if (sditer->dom == dom) {
+ break;
+ }
+ }
+
+ return sditer;
+}
+
+errno_t
+sdap_domain_add(struct sdap_options *opts,
+ struct sss_domain_info *dom,
+ struct sdap_domain **_sdom)
+{
+ struct sdap_domain *sdom;
+
+ sdom = talloc_zero(opts, struct sdap_domain);
+ if (sdom == NULL) {
+ return ENOMEM;
+ }
+ sdom->dom = dom;
+ sdom->head = &opts->sdom;
+
+ if (opts->sdom) {
+ /* Only allow subdomains of the parent domain */
+ if (dom->parent == NULL ||
+ dom->parent != opts->sdom->dom) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Domain %s is not a subdomain of %s\n",
+ dom->name, opts->sdom->dom->name));
+ return EINVAL;
+ }
+ }
+
+ talloc_set_destructor((TALLOC_CTX *)sdom, sdap_domain_destructor);
+ DLIST_ADD_END(opts->sdom, sdom, struct sdap_domain *);
+
+ if (_sdom) *_sdom = sdom;
+ return EOK;
+}
+
+void
+sdap_domain_remove(struct sdap_options *opts,
+ struct sss_domain_info *dom)
+{
+ struct sdap_domain *sdom;
+
+ sdom = sdap_domain_get(opts, dom);
+ if (sdom == NULL) return;
+
+ DLIST_REMOVE(*(sdom->head), sdom);
+}
int ldap_get_options(TALLOC_CTX *memctx,
+ struct sss_domain_info *dom,
struct confdb_ctx *cdb,
const char *conf_path,
struct sdap_options **_opts)
@@ -72,6 +139,11 @@ int ldap_get_options(TALLOC_CTX *memctx,
opts = talloc_zero(memctx, struct sdap_options);
if (!opts) return ENOMEM;
+ ret = sdap_domain_add(opts, dom, NULL);
+ if (ret != EOK) {
+ goto done;
+ }
+
ret = dp_get_options(opts, cdb, conf_path,
default_basic_opts,
SDAP_OPTS_BASIC,
@@ -105,31 +177,31 @@ int ldap_get_options(TALLOC_CTX *memctx,
/* Default search */
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_SEARCH_BASE,
- &opts->search_bases);
+ &opts->sdom->search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* User search */
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_USER_SEARCH_BASE,
- &opts->user_search_bases);
+ &opts->sdom->user_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* Group search base */
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_GROUP_SEARCH_BASE,
- &opts->group_search_bases);
+ &opts->sdom->group_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* Netgroup search */
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_NETGROUP_SEARCH_BASE,
- &opts->netgroup_search_bases);
+ &opts->sdom->netgroup_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* Service search */
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_SERVICE_SEARCH_BASE,
- &opts->service_search_bases);
+ &opts->sdom->service_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY);
@@ -377,7 +449,7 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx,
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_SUDO_SEARCH_BASE,
- &opts->sudo_search_bases);
+ &opts->sdom->sudo_search_bases);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not parse SUDO search base\n"));
return ret;
@@ -435,7 +507,7 @@ int ldap_get_autofs_options(TALLOC_CTX *memctx,
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_AUTOFS_SEARCH_BASE,
- &opts->autofs_search_bases);
+ &opts->sdom->autofs_search_bases);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not parse autofs search base\n"));
return ret;
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index 5dfa60049..331e90d26 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -102,6 +102,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
struct be_req *breq,
struct be_acct_req *ar,
struct sdap_id_ctx *id_ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn);
errno_t
sdap_handle_acct_req_recv(struct tevent_req *req,
@@ -146,6 +147,7 @@ void sdap_remove_kdcinfo_files_callback(void *pvt);
/* options parser */
int ldap_get_options(TALLOC_CTX *memctx,
+ struct sss_domain_info *dom,
struct confdb_ctx *cdb,
const char *conf_path,
struct sdap_options **_opts);
@@ -174,6 +176,7 @@ void sdap_mark_offline(struct sdap_id_ctx *ctx);
struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
const char *name,
int filter_type,
@@ -183,6 +186,7 @@ int groups_get_recv(struct tevent_req *req, int *dp_error_out);
struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
const char *name);
int ldap_netgroup_get_recv(struct tevent_req *req, int *dp_error_out);
@@ -191,6 +195,7 @@ struct tevent_req *
services_get_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sdap_id_ctx *id_ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
const char *name,
const char *protocol,
@@ -227,6 +232,17 @@ errno_t msgs2attrs_array(TALLOC_CTX *mem_ctx, size_t count,
struct ldb_message **msgs,
struct sysdb_attrs ***attrs);
+errno_t sdap_domain_add(struct sdap_options *opts,
+ struct sss_domain_info *dom,
+ struct sdap_domain **_sdom);
+
+void
+sdap_domain_remove(struct sdap_options *opts,
+ struct sss_domain_info *dom);
+
+struct sdap_domain *sdap_domain_get(struct sdap_options *opts,
+ struct sss_domain_info *dom);
+
errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx,
struct dp_option *opts, int class,
struct sdap_search_base ***_search_bases);
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 1f3c62bb2..6fe5f5995 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -39,6 +39,7 @@
struct users_get_state {
struct tevent_context *ev;
struct sdap_id_ctx *ctx;
+ struct sdap_domain *sdom;
struct sdap_id_conn_ctx *conn;
struct sdap_id_op *op;
struct sysdb_ctx *sysdb;
@@ -60,6 +61,7 @@ static void users_get_done(struct tevent_req *subreq);
struct tevent_req *users_get_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
const char *name,
int filter_type,
@@ -80,6 +82,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
state->ev = ev;
state->ctx = ctx;
+ state->sdom = sdom;
state->conn = conn;
state->dp_error = DP_ERR_FATAL;
@@ -90,8 +93,8 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
goto fail;
}
- state->sysdb = ctx->be->domain->sysdb;
- state->domain = state->ctx->be->domain;
+ state->domain = sdom->dom;
+ state->sysdb = sdom->dom->sysdb;
state->name = name;
state->filter_type = filter_type;
@@ -223,7 +226,7 @@ static void users_get_connect_done(struct tevent_req *subreq)
subreq = sdap_get_users_send(state, state->ev,
state->domain, state->sysdb,
state->ctx->opts,
- state->ctx->opts->user_search_bases,
+ state->sdom->user_search_bases,
sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
@@ -341,6 +344,7 @@ static void users_get_done(struct tevent_req *subreq)
}
state->dp_error = DP_ERR_OK;
+ /* FIXME - return sdap error so that we know the user was not found */
tevent_req_done(req);
}
@@ -363,6 +367,7 @@ int users_get_recv(struct tevent_req *req, int *dp_error_out)
struct groups_get_state {
struct tevent_context *ev;
struct sdap_id_ctx *ctx;
+ struct sdap_domain *sdom;
struct sdap_id_conn_ctx *conn;
struct sdap_id_op *op;
struct sysdb_ctx *sysdb;
@@ -384,6 +389,7 @@ static void groups_get_done(struct tevent_req *subreq);
struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
const char *name,
int filter_type,
@@ -406,6 +412,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
state->ev = ev;
state->ctx = ctx;
+ state->sdom = sdom;
state->conn = conn;
state->dp_error = DP_ERR_FATAL;
@@ -416,8 +423,8 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
goto fail;
}
- state->sysdb = ctx->be->domain->sysdb;
- state->domain = state->ctx->be->domain;
+ state->domain = sdom->dom;
+ state->sysdb = sdom->dom->sysdb;
state->name = name;
state->filter_type = filter_type;
@@ -571,9 +578,8 @@ static void groups_get_connect_done(struct tevent_req *subreq)
}
subreq = sdap_get_groups_send(state, state->ev,
- state->domain, state->sysdb,
+ state->sdom,
state->ctx->opts,
- state->ctx->opts->group_search_bases,
sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
@@ -677,8 +683,12 @@ int groups_get_recv(struct tevent_req *req, int *dp_error_out)
struct groups_by_user_state {
struct tevent_context *ev;
struct sdap_id_ctx *ctx;
+ struct sdap_domain *sdom;
struct sdap_id_conn_ctx *conn;
struct sdap_id_op *op;
+ struct sysdb_ctx *sysdb;
+ struct sss_domain_info *domain;
+
const char *name;
const char **attrs;
@@ -692,6 +702,7 @@ static void groups_by_user_done(struct tevent_req *subreq);
static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
const char *name)
{
@@ -706,6 +717,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx,
state->ctx = ctx;
state->dp_error = DP_ERR_FATAL;
state->conn = conn;
+ state->sdom = sdom;
state->op = sdap_id_op_create(state, state->conn->conn_cache);
if (!state->op) {
@@ -715,6 +727,8 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx,
}
state->name = name;
+ state->domain = sdom->dom;
+ state->sysdb = sdom->dom->sysdb;
ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP,
NULL, &state->attrs, NULL);
@@ -769,6 +783,7 @@ static void groups_by_user_connect_done(struct tevent_req *subreq)
subreq = sdap_get_initgr_send(state,
state->ev,
+ state->sdom,
sdap_id_op_handle(state->op),
state->ctx,
state->conn,
@@ -987,6 +1002,7 @@ void sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx,
static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
const char *name,
int filter_type,
@@ -1023,6 +1039,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
struct be_req *breq,
struct be_acct_req *ar,
struct sdap_id_ctx *id_ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn)
{
struct tevent_req *req;
@@ -1059,7 +1076,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
goto done;
}
- subreq = users_get_send(breq, be_ctx->ev, id_ctx, conn,
+ subreq = users_get_send(breq, be_ctx->ev, id_ctx,
+ sdom, conn,
ar->filter_value,
ar->filter_type,
ar->attr_type);
@@ -1076,7 +1094,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
goto done;
}
- subreq = groups_get_send(breq, be_ctx->ev, id_ctx, conn,
+ subreq = groups_get_send(breq, be_ctx->ev, id_ctx,
+ sdom, conn,
ar->filter_value,
ar->filter_type,
ar->attr_type);
@@ -1094,7 +1113,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
goto done;
}
- subreq = groups_by_user_send(breq, be_ctx->ev, id_ctx, conn,
+ subreq = groups_by_user_send(breq, be_ctx->ev, id_ctx,
+ sdom, conn,
ar->filter_value);
break;
@@ -1105,7 +1125,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
goto done;
}
- subreq = ldap_netgroup_get_send(breq, be_ctx->ev, id_ctx, conn,
+ subreq = ldap_netgroup_get_send(breq, be_ctx->ev, id_ctx,
+ sdom, conn,
ar->filter_value);
break;
@@ -1125,7 +1146,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
goto done;
}
- subreq = services_get_send(breq, be_ctx->ev, id_ctx, conn,
+ subreq = services_get_send(breq, be_ctx->ev, id_ctx,
+ sdom, conn,
ar->filter_value,
ar->extra_value,
ar->filter_type);
@@ -1138,7 +1160,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
goto done;
}
- subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, conn,
+ subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx,
+ sdom, conn,
ar->filter_value,
ar->filter_type,
ar->attr_type);
@@ -1152,7 +1175,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
goto done;
}
- subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, conn,
+ subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx,
+ sdom, conn,
ar->filter_value,
ar->filter_type,
ar->attr_type);
@@ -1274,7 +1298,8 @@ void sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx,
EINVAL, "Invalid private data");
}
- req = sdap_handle_acct_req_send(breq, breq, ar, ctx, conn);
+ req = sdap_handle_acct_req_send(breq, breq, ar, ctx,
+ ctx->opts->sdom, conn);
if (req == NULL) {
return sdap_handler_done(breq, DP_ERR_FATAL, ENOMEM, "Out of memory");
}
@@ -1313,6 +1338,7 @@ static void sdap_account_info_complete(struct tevent_req *req)
struct get_user_and_group_state {
struct tevent_context *ev;
struct sdap_id_ctx *id_ctx;
+ struct sdap_domain *sdom;
struct sdap_id_conn_ctx *conn;
struct sdap_id_op *op;
struct sysdb_ctx *sysdb;
@@ -1334,6 +1360,7 @@ static void get_user_and_group_groups_done(struct tevent_req *subreq);
static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *id_ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
const char *filter_val,
int filter_type,
@@ -1352,6 +1379,7 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx,
state->ev = ev;
state->id_ctx = id_ctx;
+ state->sdom = sdom;
state->conn = conn;
state->dp_error = DP_ERR_FATAL;
@@ -1362,13 +1390,14 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx,
goto fail;
}
- state->sysdb = state->id_ctx->be->domain->sysdb;
- state->domain = state->id_ctx->be->domain;
+ state->domain = sdom->dom;
+ state->sysdb = sdom->dom->sysdb;
state->filter_val = filter_val;
state->filter_type = filter_type;
state->attrs_type = attrs_type;
- subreq = users_get_send(req, state->ev, state->id_ctx, state->conn,
+ subreq = users_get_send(req, state->ev, state->id_ctx,
+ state->sdom, state->conn,
state->filter_val, state->filter_type,
state->attrs_type);
if (subreq == NULL) {
@@ -1403,7 +1432,8 @@ static void get_user_and_group_users_done(struct tevent_req *subreq)
return;
}
- subreq = groups_get_send(req, state->ev, state->id_ctx, state->conn,
+ subreq = groups_get_send(req, state->ev, state->id_ctx,
+ state->sdom, state->conn,
state->filter_val, state->filter_type,
state->attrs_type);
if (subreq == NULL) {
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index 7a2129d97..719b13010 100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -188,12 +188,14 @@ struct global_enum_state {
static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *ctx,
+ struct sdap_domain *sdom,
struct sdap_id_op *op,
bool purge);
static void ldap_id_enum_users_done(struct tevent_req *subreq);
static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *ctx,
+ struct sdap_domain *sdom,
struct sdap_id_op *op,
bool purge);
static void ldap_id_enum_groups_done(struct tevent_req *subreq);
@@ -277,8 +279,8 @@ static void ldap_id_enumerate_connect_done(struct tevent_req *subreq)
}
subreq = enum_users_send(state, state->ev,
- state->ctx, state->op,
- state->purge);
+ state->ctx, state->ctx->opts->sdom,
+ state->op, state->purge);
if(!subreq) {
tevent_req_error(req, ENOMEM);
return;
@@ -332,7 +334,9 @@ static void ldap_id_enum_users_done(struct tevent_req *subreq)
return;
}
- subreq = enum_groups_send(state, state->ev, state->ctx, state->op, state->purge);
+ subreq = enum_groups_send(state, state->ev, state->ctx,
+ state->ctx->opts->sdom,
+ state->op, state->purge);
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
@@ -465,6 +469,7 @@ static void ldap_id_enum_cleanup_done(struct tevent_req *subreq)
struct enum_users_state {
struct tevent_context *ev;
struct sdap_id_ctx *ctx;
+ struct sdap_domain *sdom;
struct sdap_id_op *op;
char *filter;
@@ -476,6 +481,7 @@ static void enum_users_op_done(struct tevent_req *subreq);
static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *ctx,
+ struct sdap_domain *sdom,
struct sdap_id_op *op,
bool purge)
{
@@ -488,6 +494,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
if (!req) return NULL;
state->ev = ev;
+ state->sdom = sdom;
state->ctx = ctx;
state->op = op;
@@ -564,10 +571,10 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
*/
subreq = sdap_get_users_send(state, state->ev,
- state->ctx->be->domain,
- state->ctx->be->domain->sysdb,
+ state->sdom->dom,
+ state->sdom->dom->sysdb,
state->ctx->opts,
- state->ctx->opts->user_search_bases,
+ state->sdom->user_search_bases,
sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
@@ -627,6 +634,7 @@ static void enum_users_op_done(struct tevent_req *subreq)
struct enum_groups_state {
struct tevent_context *ev;
struct sdap_id_ctx *ctx;
+ struct sdap_domain *sdom;
struct sdap_id_op *op;
char *filter;
@@ -638,6 +646,7 @@ static void enum_groups_op_done(struct tevent_req *subreq);
static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *ctx,
+ struct sdap_domain *sdom,
struct sdap_id_op *op,
bool purge)
{
@@ -650,6 +659,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
if (!req) return NULL;
state->ev = ev;
+ state->sdom = sdom;
state->ctx = ctx;
state->op = op;
@@ -723,15 +733,13 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
*/
subreq = sdap_get_groups_send(state, state->ev,
- state->ctx->be->domain,
- state->ctx->be->domain->sysdb,
- state->ctx->opts,
- state->ctx->opts->group_search_bases,
- sdap_id_op_handle(state->op),
- state->attrs, state->filter,
- dp_opt_get_int(state->ctx->opts->basic,
- SDAP_ENUM_SEARCH_TIMEOUT),
- true);
+ state->sdom,
+ state->ctx->opts,
+ sdap_id_op_handle(state->op),
+ state->attrs, state->filter,
+ dp_opt_get_int(state->ctx->opts->basic,
+ SDAP_ENUM_SEARCH_TIMEOUT),
+ true);
if (!subreq) {
ret = ENOMEM;
goto fail;
diff --git a/src/providers/ldap/ldap_id_netgroup.c b/src/providers/ldap/ldap_id_netgroup.c
index 5f44c0a9b..759a9353b 100644
--- a/src/providers/ldap/ldap_id_netgroup.c
+++ b/src/providers/ldap/ldap_id_netgroup.c
@@ -33,6 +33,7 @@
struct ldap_netgroup_get_state {
struct tevent_context *ev;
struct sdap_id_ctx *ctx;
+ struct sdap_domain *sdom;
struct sdap_id_op *op;
struct sdap_id_conn_ctx *conn;
struct sysdb_ctx *sysdb;
@@ -57,6 +58,7 @@ static void ldap_netgroup_get_done(struct tevent_req *subreq);
struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_id_ctx *ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
const char *name)
{
@@ -70,6 +72,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx,
state->ev = ev;
state->ctx = ctx;
+ state->sdom = sdom;
state->conn = conn;
state->dp_error = DP_ERR_FATAL;
@@ -80,8 +83,8 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx,
goto fail;
}
- state->sysdb = ctx->be->domain->sysdb;
- state->domain = state->ctx->be->domain;
+ state->domain = sdom->dom;
+ state->sysdb = sdom->dom->sysdb;
state->name = name;
state->timeout = dp_opt_get_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT);
@@ -155,7 +158,7 @@ static void ldap_netgroup_get_connect_done(struct tevent_req *subreq)
subreq = sdap_get_netgroups_send(state, state->ev,
state->domain, state->sysdb,
state->ctx->opts,
- state->ctx->opts->netgroup_search_bases,
+ state->sdom->netgroup_search_bases,
sdap_id_op_handle(state->op),
state->attrs, state->filter,
state->timeout);
diff --git a/src/providers/ldap/ldap_id_services.c b/src/providers/ldap/ldap_id_services.c
index 2a3f104c7..8b331cac4 100644
--- a/src/providers/ldap/ldap_id_services.c
+++ b/src/providers/ldap/ldap_id_services.c
@@ -33,6 +33,7 @@
struct sdap_services_get_state {
struct tevent_context *ev;
struct sdap_id_ctx *id_ctx;
+ struct sdap_domain *sdom;
struct sdap_id_op *op;
struct sysdb_ctx *sysdb;
struct sss_domain_info *domain;
@@ -60,6 +61,7 @@ struct tevent_req *
services_get_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sdap_id_ctx *id_ctx,
+ struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
const char *name,
const char *protocol,
@@ -77,10 +79,11 @@ services_get_send(TALLOC_CTX *mem_ctx,
state->ev = ev;
state->id_ctx = id_ctx;
+ state->sdom = sdom;
state->conn = conn;
state->dp_error = DP_ERR_FATAL;
- state->sysdb = id_ctx->be->domain->sysdb;
- state->domain = state->id_ctx->be->domain;
+ state->domain = sdom->dom;
+ state->sysdb = sdom->dom->sysdb;
state->name = name;
state->protocol = protocol;
state->filter_type = filter_type;
@@ -192,7 +195,7 @@ services_get_connect_done(struct tevent_req *subreq)
subreq = sdap_get_services_send(state, state->ev,
state->domain, state->sysdb,
state->id_ctx->opts,
- state->id_ctx->opts->service_search_bases,
+ state->sdom->service_search_bases,
sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->id_ctx->opts->basic,
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index 56339961d..76167ad45 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -105,7 +105,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
return EOK;
}
- ret = ldap_get_options(bectx, bectx->cdb,
+ ret = ldap_get_options(bectx, bectx->domain, bectx->cdb,
bectx->conf_path, &opts);
if (ret != EOK) {
goto done;
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index daa081ce7..0492be05d 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -732,6 +732,7 @@ static char *get_naming_context(TALLOC_CTX *mem_ctx,
}
static errno_t sdap_set_search_base(struct sdap_options *opts,
+ struct sdap_domain *sdom,
enum sdap_basic_opt class,
char *naming_context)
{
@@ -740,25 +741,25 @@ static errno_t sdap_set_search_base(struct sdap_options *opts,
switch(class) {
case SDAP_SEARCH_BASE:
- bases = &opts->search_bases;
+ bases = &sdom->search_bases;
break;
case SDAP_USER_SEARCH_BASE:
- bases = &opts->user_search_bases;
+ bases = &sdom->user_search_bases;
break;
case SDAP_GROUP_SEARCH_BASE:
- bases = &opts->group_search_bases;
+ bases = &sdom->group_search_bases;
break;
case SDAP_NETGROUP_SEARCH_BASE:
- bases = &opts->netgroup_search_bases;
+ bases = &sdom->netgroup_search_bases;
break;
case SDAP_SUDO_SEARCH_BASE:
- bases = &opts->sudo_search_bases;
+ bases = &sdom->sudo_search_bases;
break;
case SDAP_SERVICE_SEARCH_BASE:
- bases = &opts->service_search_bases;
+ bases = &sdom->service_search_bases;
break;
case SDAP_AUTOFS_SEARCH_BASE:
- bases = &opts->autofs_search_bases;
+ bases = &sdom->autofs_search_bases;
break;
default:
return EINVAL;
@@ -783,17 +784,18 @@ done:
}
errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse,
- struct sdap_options *opts)
+ struct sdap_options *opts,
+ struct sdap_domain *sdom)
{
int ret;
char *naming_context = NULL;
- if (!opts->search_bases
- ||!opts->user_search_bases
- || !opts->group_search_bases
- || !opts->netgroup_search_bases
- || !opts->sudo_search_bases
- || !opts->autofs_search_bases) {
+ if (!sdom->search_bases
+ || !sdom->user_search_bases
+ || !sdom->group_search_bases
+ || !sdom->netgroup_search_bases
+ || !sdom->sudo_search_bases
+ || !sdom->autofs_search_bases) {
naming_context = get_naming_context(opts->basic, rootdse);
if (naming_context == NULL) {
DEBUG(1, ("get_naming_context failed.\n"));
@@ -808,56 +810,56 @@ errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse,
}
/* Default */
- if (!opts->search_bases) {
- ret = sdap_set_search_base(opts,
+ if (!sdom->search_bases) {
+ ret = sdap_set_search_base(opts, sdom,
SDAP_SEARCH_BASE,
naming_context);
if (ret != EOK) goto done;
}
/* Users */
- if (!opts->user_search_bases) {
- ret = sdap_set_search_base(opts,
+ if (!sdom->user_search_bases) {
+ ret = sdap_set_search_base(opts, sdom,
SDAP_USER_SEARCH_BASE,
naming_context);
if (ret != EOK) goto done;
}
/* Groups */
- if (!opts->group_search_bases) {
- ret = sdap_set_search_base(opts,
+ if (!sdom->group_search_bases) {
+ ret = sdap_set_search_base(opts, sdom,
SDAP_GROUP_SEARCH_BASE,
naming_context);
if (ret != EOK) goto done;
}
/* Netgroups */
- if (!opts->netgroup_search_bases) {
- ret = sdap_set_search_base(opts,
+ if (!sdom->netgroup_search_bases) {
+ ret = sdap_set_search_base(opts, sdom,
SDAP_NETGROUP_SEARCH_BASE,
naming_context);
if (ret != EOK) goto done;
}
/* Sudo */
- if (!opts->sudo_search_bases) {
- ret = sdap_set_search_base(opts,
+ if (!sdom->sudo_search_bases) {
+ ret = sdap_set_search_base(opts, sdom,
SDAP_SUDO_SEARCH_BASE,
naming_context);
if (ret != EOK) goto done;
}
/* Services */
- if (!opts->service_search_bases) {
- ret = sdap_set_search_base(opts,
+ if (!sdom->service_search_bases) {
+ ret = sdap_set_search_base(opts, sdom,
SDAP_SERVICE_SEARCH_BASE,
naming_context);
if (ret != EOK) goto done;
}
/* autofs */
- if (!opts->autofs_search_bases) {
- ret = sdap_set_search_base(opts,
+ if (!sdom->autofs_search_bases) {
+ ret = sdap_set_search_base(opts, sdom,
SDAP_AUTOFS_SEARCH_BASE,
naming_context);
if (ret != EOK) goto done;
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 162250fff..f77636b3c 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -366,6 +366,22 @@ enum dc_functional_level {
DS_BEHAVIOR_WIN2012 = 5
};
+struct sdap_domain {
+ struct sss_domain_info *dom;
+
+ struct sdap_search_base **search_bases;
+ struct sdap_search_base **user_search_bases;
+ struct sdap_search_base **group_search_bases;
+ struct sdap_search_base **netgroup_search_bases;
+ struct sdap_search_base **sudo_search_bases;
+ struct sdap_search_base **service_search_bases;
+ struct sdap_search_base **autofs_search_bases;
+
+ struct sdap_domain *next, *prev;
+ /* Need to modify the list from a talloc destructor */
+ struct sdap_domain **head;
+};
+
struct sdap_options {
struct dp_option *basic;
struct sdap_attr_map *gen_map;
@@ -390,13 +406,8 @@ struct sdap_options {
SDAP_SCHEMA_AD = 4 /* AD's member/memberof */
} schema_type;
- struct sdap_search_base **search_bases;
- struct sdap_search_base **user_search_bases;
- struct sdap_search_base **group_search_bases;
- struct sdap_search_base **netgroup_search_bases;
- struct sdap_search_base **sudo_search_bases;
- struct sdap_search_base **service_search_bases;
- struct sdap_search_base **autofs_search_bases;
+ /* The search bases for the domain or its subdomain */
+ struct sdap_domain *sdom;
bool support_matching_rule;
enum dc_functional_level dc_functional_level;
@@ -474,7 +485,8 @@ int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical,
int sdap_replace_id(struct sysdb_attrs *entry, const char *attr, id_t val);
errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse,
- struct sdap_options *opts);
+ struct sdap_options *opts,
+ struct sdap_domain *sdom);
int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx,
const char *server,
struct sysdb_attrs *rootdse,
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 38c8302dc..38d94d8b4 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -74,10 +74,8 @@ int sdap_get_users_recv(struct tevent_req *req,
struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
- struct sss_domain_info *dom,
- struct sysdb_ctx *sysdb,
+ struct sdap_domain *sdom,
struct sdap_options *opts,
- struct sdap_search_base **search_bases,
struct sdap_handle *sh,
const char **attrs,
const char *filter,
@@ -115,6 +113,7 @@ errno_t sdap_auth_recv(struct tevent_req *req,
struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
+ struct sdap_domain *sdom,
struct sdap_handle *sh,
struct sdap_id_ctx *id_ctx,
struct sdap_id_conn_ctx *conn,
diff --git a/src/providers/ldap/sdap_async_autofs.c b/src/providers/ldap/sdap_async_autofs.c
index 8e874d64b..ae70e7035 100644
--- a/src/providers/ldap/sdap_async_autofs.c
+++ b/src/providers/ldap/sdap_async_autofs.c
@@ -716,7 +716,7 @@ sdap_autofs_setautomntent_send(TALLOC_CTX *memctx,
subreq = sdap_get_automntmap_send(state, ev, dom,
sysdb, state->opts,
- state->opts->autofs_search_bases,
+ state->opts->sdom->autofs_search_bases,
state->sh,
state->attrs, state->filter,
dp_opt_get_int(state->opts->basic,
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 4f6986fcf..e97bcf15e 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -1666,7 +1666,8 @@ static errno_t sdap_cli_use_rootdse(struct sdap_cli_connect_state *state)
return ret;
}
- ret = sdap_set_config_options_with_rootdse(state->rootdse, state->opts);
+ ret = sdap_set_config_options_with_rootdse(state->rootdse, state->opts,
+ state->opts->sdom);
if (ret) {
DEBUG(SSSDBG_OP_FAILURE,
("sdap_set_config_options_with_rootdse failed.\n"));
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index dc7fba426..5a5bedc8f 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -1451,6 +1451,7 @@ struct sdap_get_groups_state {
struct sdap_options *opts;
struct sdap_handle *sh;
struct sss_domain_info *dom;
+ struct sdap_domain *sdom;
struct sysdb_ctx *sysdb;
const char **attrs;
const char *base_filter;
@@ -1476,10 +1477,8 @@ static void sdap_get_groups_done(struct tevent_req *subreq);
struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
- struct sss_domain_info *dom,
- struct sysdb_ctx *sysdb,
+ struct sdap_domain *sdom,
struct sdap_options *opts,
- struct sdap_search_base **search_bases,
struct sdap_handle *sh,
const char **attrs,
const char *filter,
@@ -1495,9 +1494,10 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
state->ev = ev;
state->opts = opts;
- state->dom = dom;
+ state->sdom = sdom;
+ state->dom = sdom->dom;
state->sh = sh;
- state->sysdb = sysdb;
+ state->sysdb = sdom->dom->sysdb;
state->attrs = attrs;
state->higher_usn = NULL;
state->groups = NULL;
@@ -1506,9 +1506,9 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
state->enumeration = enumeration;
state->base_filter = filter;
state->base_iter = 0;
- state->search_bases = search_bases;
+ state->search_bases = sdom->group_search_bases;
- if (!search_bases) {
+ if (!state->search_bases) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Group lookup request without a search base\n"));
ret = EINVAL;
@@ -1653,7 +1653,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
if ((state->opts->schema_type != SDAP_SCHEMA_RFC2307)
&& (dp_opt_get_int(state->opts->basic, SDAP_NESTING_LEVEL) != 0)
&& !dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_GROUPS)) {
- subreq = sdap_nested_group_send(state, state->ev, state->dom,
+ subreq = sdap_nested_group_send(state, state->ev, state->sdom,
state->opts, state->sh,
state->groups[0]);
if (!subreq) {
diff --git a/src/providers/ldap/sdap_async_groups_ad.c b/src/providers/ldap/sdap_async_groups_ad.c
index 1082957f9..1268f7e7d 100644
--- a/src/providers/ldap/sdap_async_groups_ad.c
+++ b/src/providers/ldap/sdap_async_groups_ad.c
@@ -69,7 +69,7 @@ sdap_get_ad_match_rule_members_send(TALLOC_CTX *mem_ctx,
state->timeout = timeout;
state->count = 0;
state->base_iter = 0;
- state->search_bases = opts->user_search_bases;
+ state->search_bases = opts->sdom->user_search_bases;
/* Request all of the user attributes that we know about. */
ret = build_attrs_from_map(state, opts->user_map, SDAP_OPTS_USER,
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 57193f71d..68647cfa7 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -352,7 +352,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
state->ldap_groups = NULL;
state->ldap_groups_count = 0;
state->base_iter = 0;
- state->search_bases = opts->group_search_bases;
+ state->search_bases = opts->sdom->group_search_bases;
if (!state->search_bases) {
DEBUG(SSSDBG_CRIT_FAILURE,
@@ -1486,7 +1486,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send(
state->num_direct_parents = 0;
state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
state->base_iter = 0;
- state->search_bases = opts->group_search_bases;
+ state->search_bases = opts->sdom->group_search_bases;
state->orig_dn = orig_dn;
if (!state->search_bases) {
@@ -2118,7 +2118,7 @@ struct tevent_req *rfc2307bis_nested_groups_send(
state->timeout = dp_opt_get_int(state->opts->basic,
SDAP_SEARCH_TIMEOUT);
state->base_iter = 0;
- state->search_bases = opts->group_search_bases;
+ state->search_bases = opts->sdom->group_search_bases;
if (!state->search_bases) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Initgroups nested lookup request "
@@ -2530,6 +2530,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq);
struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
+ struct sdap_domain *sdom,
struct sdap_handle *sh,
struct sdap_id_ctx *id_ctx,
struct sdap_id_conn_ctx *conn,
@@ -2548,8 +2549,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
state->ev = ev;
state->opts = id_ctx->opts;
- state->sysdb = id_ctx->be->domain->sysdb;
- state->dom = id_ctx->be->domain;
+ state->dom = sdom->dom;
+ state->sysdb = sdom->dom->sysdb;
state->sh = sh;
state->id_ctx = id_ctx;
state->conn = conn;
@@ -2558,7 +2559,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
state->orig_user = NULL;
state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
state->user_base_iter = 0;
- state->user_search_bases = id_ctx->opts->user_search_bases;
+ state->user_search_bases = sdom->user_search_bases;
if (!state->user_search_bases) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Initgroups lookup request without a user search base\n"));
@@ -2950,8 +2951,9 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
goto fail;
}
- subreq = groups_get_send(req, state->ev, state->id_ctx, state->conn, gid,
- BE_FILTER_IDNUM, BE_ATTR_ALL);
+ subreq = groups_get_send(req, state->ev, state->id_ctx,
+ state->id_ctx->opts->sdom, state->conn,
+ gid, BE_FILTER_IDNUM, BE_ATTR_ALL);
if (!subreq) {
ret = ENOMEM;
goto fail;
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index c2dec3736..89789204a 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -82,7 +82,7 @@ sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx,
state->name = name;
state->orig_dn = orig_dn;
state->base_iter = 0;
- state->search_bases = opts->group_search_bases;
+ state->search_bases = opts->sdom->group_search_bases;
/* Request all of the group attributes that we know
* about, except for 'member' because that wastes a
diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c
index 9e8df99be..e8d5295cc 100644
--- a/src/providers/ldap/sdap_async_nested_groups.c
+++ b/src/providers/ldap/sdap_async_nested_groups.c
@@ -56,6 +56,8 @@ struct sdap_nested_group_member {
struct sdap_nested_group_ctx {
struct sss_domain_info *domain;
struct sdap_options *opts;
+ struct sdap_search_base **user_search_bases;
+ struct sdap_search_base **group_search_bases;
struct sdap_handle *sh;
hash_table_t *users;
hash_table_t *groups;
@@ -466,10 +468,12 @@ sdap_nested_group_split_members(TALLOC_CTX *mem_ctx,
if (type == SDAP_NESTED_GROUP_DN_UNKNOWN) {
/* user */
is_user = sss_ldap_dn_in_search_bases(tmp_ctx, dn,
- group_ctx->opts->user_search_bases, &user_filter);
+ group_ctx->user_search_bases,
+ &user_filter);
is_group = sss_ldap_dn_in_search_bases(tmp_ctx, dn,
- group_ctx->opts->group_search_bases, &group_filter);
+ group_ctx->group_search_bases,
+ &group_filter);
if (is_user && is_group) {
/* search bases overlap */
@@ -551,12 +555,13 @@ struct sdap_nested_group_state {
static void sdap_nested_group_done(struct tevent_req *subreq);
-struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct sss_domain_info *domain,
- struct sdap_options *opts,
- struct sdap_handle *sh,
- struct sysdb_attrs *group)
+struct tevent_req *
+sdap_nested_group_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct sdap_domain *sdom,
+ struct sdap_options *opts,
+ struct sdap_handle *sh,
+ struct sysdb_attrs *group)
{
struct sdap_nested_group_state *state = NULL;
struct tevent_req *req = NULL;
@@ -596,8 +601,10 @@ struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx,
SDAP_DEREF_THRESHOLD);
state->group_ctx->max_nesting_level = dp_opt_get_int(opts->basic,
SDAP_NESTING_LEVEL);
- state->group_ctx->domain = domain;
+ state->group_ctx->domain = sdom->dom;
state->group_ctx->opts = opts;
+ state->group_ctx->user_search_bases = sdom->user_search_bases;
+ state->group_ctx->group_search_bases = sdom->group_search_bases;
state->group_ctx->sh = sh;
state->group_ctx->try_deref = sdap_has_deref_support(sh, opts);
@@ -608,8 +615,8 @@ struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx,
/* if any search base contains filter, disable dereference. */
if (state->group_ctx->try_deref) {
- for (i = 0; opts->user_search_bases[i] != NULL; i++) {
- if (opts->user_search_bases[i]->filter != NULL) {
+ for (i = 0; opts->sdom->user_search_bases[i] != NULL; i++) {
+ if (opts->sdom->user_search_bases[i]->filter != NULL) {
DEBUG(SSSDBG_TRACE_FUNC, ("User search base contains filter, "
"dereference will be disabled\n"));
state->group_ctx->try_deref = false;
@@ -619,8 +626,8 @@ struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx,
}
if (state->group_ctx->try_deref) {
- for (i = 0; opts->group_search_bases[i] != NULL; i++) {
- if (opts->group_search_bases[i]->filter != NULL) {
+ for (i = 0; opts->sdom->group_search_bases[i] != NULL; i++) {
+ if (opts->sdom->group_search_bases[i]->filter != NULL) {
DEBUG(SSSDBG_TRACE_FUNC, ("Group search base contains filter, "
"dereference will be disabled\n"));
state->group_ctx->try_deref = false;
@@ -2092,7 +2099,7 @@ sdap_nested_group_deref_direct_process(struct tevent_req *subreq)
/* skip the user if it is not amongst configured search bases */
bret = sss_ldap_dn_in_search_bases(state, orig_dn,
- opts->user_search_bases, NULL);
+ opts->sdom->user_search_bases, NULL);
if (!bret) {
continue;
}
@@ -2119,7 +2126,7 @@ sdap_nested_group_deref_direct_process(struct tevent_req *subreq)
/* skip the group if it is not amongst configured search bases */
bret = sss_ldap_dn_in_search_bases(state, orig_dn,
- opts->group_search_bases, NULL);
+ opts->sdom->group_search_bases, NULL);
if (!bret) {
continue;
}
diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index 2b382c1cf..57dbcde81 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -420,7 +420,7 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req)
}
if (!sss_ldap_dn_in_search_bases(state, state->dn_item->dn,
- state->opts->netgroup_search_bases,
+ state->opts->sdom->netgroup_search_bases,
&filter)) {
/* not in search base, skip it */
state->dn_idx = state->dn_item->next;
diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h
index 488387eb5..944c8a82b 100644
--- a/src/providers/ldap/sdap_async_private.h
+++ b/src/providers/ldap/sdap_async_private.h
@@ -113,10 +113,9 @@ errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx,
char ***grouplist);
/* from sdap_async_nested_groups.c */
-
struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- struct sss_domain_info *domain,
+ struct sdap_domain *sdom,
struct sdap_options *opts,
struct sdap_handle *sh,
struct sysdb_attrs *group);
diff --git a/src/providers/ldap/sdap_async_services.c b/src/providers/ldap/sdap_async_services.c
index 15a725b8b..d637d22e5 100644
--- a/src/providers/ldap/sdap_async_services.c
+++ b/src/providers/ldap/sdap_async_services.c
@@ -582,7 +582,7 @@ enum_services_send(TALLOC_CTX *memctx,
subreq = sdap_get_services_send(state, state->ev,
state->domain, state->sysdb,
state->id_ctx->opts,
- state->id_ctx->opts->service_search_bases,
+ state->id_ctx->opts->sdom->service_search_bases,
sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->id_ctx->opts->basic,
diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c
index 67b12b048..ed4cf75ad 100644
--- a/src/providers/ldap/sdap_async_sudo.c
+++ b/src/providers/ldap/sdap_async_sudo.c
@@ -298,7 +298,7 @@ static struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx,
state->opts = opts;
state->sh = sh;
state->base_iter = 0;
- state->search_bases = opts->sudo_search_bases;
+ state->search_bases = opts->sdom->sudo_search_bases;
state->filter = ldap_filter;
state->timeout = dp_opt_get_int(opts->basic, SDAP_SEARCH_TIMEOUT);
state->ldap_rules = NULL;