diff options
-rw-r--r-- | src/providers/ad/ad_id.c | 5 | ||||
-rw-r--r-- | src/providers/ipa/ipa_id.c | 5 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.h | 3 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id.c | 48 |
4 files changed, 32 insertions, 29 deletions
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index ab3934727..d8ea26875 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -350,6 +350,11 @@ ad_account_info_handler(struct be_req *be_req) return be_req_terminate(be_req, DP_ERR_OFFLINE, EAGAIN, "Offline"); } + if (sdap_is_enum_request(ar)) { + DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n"); + return sdap_handler_done(be_req, DP_ERR_OK, EOK, "Success"); + } + /* Try to shortcut if this is ID or SID search and it belongs to * other domain range than is in ar->domain. */ shortcut = ad_account_can_shortcut(be_ctx, sdap_id_ctx->opts->idmap_ctx, diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 2bae97cd9..24dfe32b1 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -89,6 +89,11 @@ void ipa_account_info_handler(struct be_req *breq) ar = talloc_get_type(be_req_get_data(breq), struct be_acct_req); + if (sdap_is_enum_request(ar)) { + DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n"); + return sdap_handler_done(breq, DP_ERR_OK, EOK, "Success"); + } + if (strcasecmp(ar->domain, be_ctx->domain->name) != 0) { /* if domain names do not match, this is a subdomain case * subdomain lookups are handled differently on the server diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 57ad1b845..c142af345 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -102,6 +102,9 @@ int sdap_id_setup_tasks(struct be_ctx *be_ctx, be_ptask_recv_t recv_fn, void *pvt); +/* Allow shortcutting an enumeration request */ +bool sdap_is_enum_request(struct be_acct_req *ar); + struct tevent_req * sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 33c039082..ed132e59c 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -1359,6 +1359,20 @@ void sdap_account_info_handler(struct be_req *breq) return sdap_handle_account_info(breq, ctx, ctx->conn); } +bool sdap_is_enum_request(struct be_acct_req *ar) +{ + switch (ar->entry_type & BE_REQ_TYPE_MASK) { + case BE_REQ_USER: + case BE_REQ_GROUP: + case BE_REQ_SERVICES: + if (ar->filter_type == BE_FILTER_ENUM) { + return true; + } + } + + return false; +} + /* A generic LDAP account info handler */ struct sdap_handle_acct_req_state { struct be_acct_req *ar; @@ -1399,16 +1413,6 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ - - /* skip enumerations on demand */ - if (ar->filter_type == BE_FILTER_ENUM) { - DEBUG(SSSDBG_TRACE_LIBS, - "Skipping user enumeration on demand\n"); - state->err = "Success"; - ret = EOK; - goto done; - } - subreq = users_get_send(state, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, @@ -1419,16 +1423,6 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, break; case BE_REQ_GROUP: /* group */ - - /* skip enumerations on demand */ - if (ar->filter_type == BE_FILTER_ENUM) { - DEBUG(SSSDBG_TRACE_LIBS, - "Skipping group enumeration on demand\n"); - state->err = "Success"; - ret = EOK; - goto done; - } - subreq = groups_get_send(state, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, @@ -1473,15 +1467,6 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, break; case BE_REQ_SERVICES: - /* skip enumerations on demand */ - if (ar->filter_type == BE_FILTER_ENUM) { - DEBUG(SSSDBG_TRACE_LIBS, - "Skipping service enumeration on demand\n"); - state->err = "Success"; - ret = EOK; - goto done; - } - if (ar->filter_type == BE_FILTER_SECID || ar->filter_type == BE_FILTER_UUID) { ret = EINVAL; @@ -1667,6 +1652,11 @@ void sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx, EINVAL, "Invalid private data"); } + if (sdap_is_enum_request(ar)) { + DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n"); + return sdap_handler_done(breq, DP_ERR_OK, EOK, "Success"); + } + req = sdap_handle_acct_req_send(breq, ctx->be, ar, ctx, ctx->opts->sdom, conn, true); if (req == NULL) { |