summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/providers/ipa/ipa_subdomains_ext_groups.c2
-rw-r--r--src/providers/ldap/ldap_common.h3
-rw-r--r--src/providers/ldap/ldap_id.c14
-rw-r--r--src/providers/ldap/sdap_async.h3
-rw-r--r--src/providers/ldap/sdap_async_enum.c2
-rw-r--r--src/providers/ldap/sdap_async_groups.c36
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c14
-rw-r--r--src/providers/ldap/sdap_async_initgroups_ad.c2
-rw-r--r--src/providers/ldap/sdap_async_private.h6
9 files changed, 64 insertions, 18 deletions
diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c
index 92889c270..d487a58b8 100644
--- a/src/providers/ipa/ipa_subdomains_ext_groups.c
+++ b/src/providers/ipa/ipa_subdomains_ext_groups.c
@@ -873,7 +873,7 @@ static void ipa_add_ad_memberships_get_next(struct tevent_req *req)
state->sdap_id_ctx->conn,
(const char *) val->data,
BE_FILTER_NAME, BE_ATTR_CORE,
- false);
+ false, false);
if (subreq == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "groups_get_send failed.\n");
ret = ENOMEM;
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index bf69489a7..57ad1b845 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -212,7 +212,8 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
const char *name,
int filter_type,
int attrs_type,
- bool noexist_delete);
+ bool noexist_delete,
+ bool no_members);
int groups_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret);
struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx,
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 4705714ad..e60e3a53a 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -529,6 +529,7 @@ struct groups_get_state {
int dp_error;
int sdap_ret;
bool noexist_delete;
+ bool no_members;
};
static int groups_get_retry(struct tevent_req *req);
@@ -545,7 +546,8 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
const char *name,
int filter_type,
int attrs_type,
- bool noexist_delete)
+ bool noexist_delete,
+ bool no_members)
{
struct tevent_req *req;
struct groups_get_state *state;
@@ -568,6 +570,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
state->conn = conn;
state->dp_error = DP_ERR_FATAL;
state->noexist_delete = noexist_delete;
+ state->no_members = no_members;
state->op = sdap_id_op_create(state, state->conn->conn_cache);
if (!state->op) {
@@ -714,7 +717,8 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
/* TODO: handle attrs_type */
ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP,
- state->domain->ignore_group_members ?
+ (state->domain->ignore_group_members
+ || state->no_members) ?
(const char **)member_filter : NULL,
&state->attrs, NULL);
@@ -846,7 +850,7 @@ static void groups_get_search(struct tevent_req *req)
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
SDAP_SEARCH_TIMEOUT),
- false);
+ false, state->no_members);
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
@@ -1384,7 +1388,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
ar->filter_value,
ar->filter_type,
ar->attr_type,
- noexist_delete);
+ noexist_delete, false);
break;
case BE_REQ_INITGROUPS: /* init groups for user */
@@ -1719,7 +1723,7 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx,
subreq = groups_get_send(req, state->ev, state->id_ctx,
state->sdom, state->conn,
state->filter_val, state->filter_type,
- state->attrs_type, state->noexist_delete);
+ state->attrs_type, state->noexist_delete, false);
if (subreq == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "users_get_send failed.\n");
ret = ENOMEM;
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 1239f28c1..ef9b3bbad 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -96,7 +96,8 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
const char **attrs,
const char *filter,
int timeout,
- bool enumeration);
+ bool enumeration,
+ bool no_members);
int sdap_get_groups_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx, char **timestamp);
diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c
index 242b3172f..1cc09abdf 100644
--- a/src/providers/ldap/sdap_async_enum.c
+++ b/src/providers/ldap/sdap_async_enum.c
@@ -811,7 +811,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
SDAP_ENUM_SEARCH_TIMEOUT),
- true);
+ true, false);
if (!subreq) {
ret = ENOMEM;
goto fail;
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index c86b5c6b5..818f30b95 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -1750,6 +1750,7 @@ struct sdap_get_groups_state {
char *filter;
int timeout;
bool enumeration;
+ bool no_members;
char *higher_usn;
struct sysdb_attrs **groups;
@@ -1779,7 +1780,8 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
const char **attrs,
const char *filter,
int timeout,
- bool enumeration)
+ bool enumeration,
+ bool no_members)
{
errno_t ret;
struct tevent_req *req;
@@ -1802,6 +1804,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
state->count = 0;
state->timeout = timeout;
state->enumeration = enumeration;
+ state->no_members = no_members;
state->base_filter = filter;
state->base_iter = 0;
state->search_bases = sdom->group_search_bases;
@@ -1926,6 +1929,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
bool next_base = false;
size_t count;
struct sysdb_attrs **groups;
+ char **groupnamelist;
ret = sdap_get_generic_recv(subreq, state,
&count, &groups);
@@ -1992,6 +1996,36 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
return;
}
+ if (state->no_members) {
+ ret = sysdb_attrs_primary_name_list(state->sysdb, state,
+ state->groups, state->count,
+ state->opts->group_map[SDAP_AT_GROUP_NAME].name,
+ &groupnamelist);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "sysdb_attrs_primary_name_list failed.\n");
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ ret = sdap_add_incomplete_groups(state->sysdb, state->dom, state->opts,
+ groupnamelist, state->groups,
+ state->count);
+ if (ret == EOK) {
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "Reading only group data without members successful.\n");
+ tevent_req_done(req);
+ } else {
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_add_incomplete_groups failed.\n");
+ tevent_req_error(req, ret);
+ }
+ return;
+
+ ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts,
+ state->groups, state->count, false,
+ NULL, true, NULL);
+ }
+
/* Check whether we need to do nested searches
* for RFC2307bis/FreeIPA/ActiveDirectory
* We don't need to do this for enumeration,
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 6b3179d2d..bc6b5e45e 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -29,12 +29,12 @@
#include "providers/ldap/sdap_users.h"
/* ==Save-fake-group-list=====================================*/
-static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
- struct sdap_options *opts,
- char **groupnames,
- struct sysdb_attrs **ldap_groups,
- int ldap_groups_count)
+errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ struct sdap_options *opts,
+ char **groupnames,
+ struct sysdb_attrs **ldap_groups,
+ int ldap_groups_count)
{
TALLOC_CTX *tmp_ctx;
struct ldb_message *msg;
@@ -3152,7 +3152,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
subreq = groups_get_send(req, state->ev, state->id_ctx,
state->id_ctx->opts->sdom, state->conn,
- gid, BE_FILTER_IDNUM, BE_ATTR_ALL, NULL);
+ gid, BE_FILTER_IDNUM, BE_ATTR_ALL, false, false);
if (!subreq) {
ret = ENOMEM;
goto fail;
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index 1b8c8d981..9915f1863 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -630,7 +630,7 @@ static errno_t sdap_ad_resolve_sids_step(struct tevent_req *req)
subreq = groups_get_send(state, state->ev, state->id_ctx, sdap_domain,
state->conn, state->current_sid,
- BE_FILTER_SECID, BE_ATTR_CORE, false);
+ BE_FILTER_SECID, BE_ATTR_CORE, false, true);
if (subreq == NULL) {
return ENOMEM;
}
diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h
index e689394c5..3995a2ac3 100644
--- a/src/providers/ldap/sdap_async_private.h
+++ b/src/providers/ldap/sdap_async_private.h
@@ -132,4 +132,10 @@ errno_t sdap_nested_group_recv(TALLOC_CTX *mem_ctx,
unsigned long *_num_groups,
struct sysdb_attrs ***_groups);
+errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ struct sdap_options *opts,
+ char **groupnames,
+ struct sysdb_attrs **ldap_groups,
+ int ldap_groups_count);
#endif /* _SDAP_ASYNC_PRIVATE_H_ */