diff options
| -rw-r--r-- | src/providers/ipa/ipa_subdomains_ext_groups.c | 2 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_common.h | 3 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 14 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async.h | 3 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_enum.c | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 36 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 14 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_private.h | 6 |
9 files changed, 64 insertions, 18 deletions
diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c index 7df3dbbb2..953853722 100644 --- a/src/providers/ipa/ipa_subdomains_ext_groups.c +++ b/src/providers/ipa/ipa_subdomains_ext_groups.c @@ -872,7 +872,7 @@ static void ipa_add_ad_memberships_get_next(struct tevent_req *req) state->sdap_id_ctx->conn, (const char *) val->data, BE_FILTER_NAME, BE_ATTR_CORE, - false); + false, false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("groups_get_send failed.\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 889d5b118..3685bc206 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -212,7 +212,8 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, const char *name, int filter_type, int attrs_type, - bool noexist_delete); + bool noexist_delete, + bool no_members); int groups_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret); struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index b948ba9f3..9d2c168d8 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -510,6 +510,7 @@ struct groups_get_state { int dp_error; int sdap_ret; bool noexist_delete; + bool no_members; }; static int groups_get_retry(struct tevent_req *req); @@ -526,7 +527,8 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, const char *name, int filter_type, int attrs_type, - bool noexist_delete) + bool noexist_delete, + bool no_members) { struct tevent_req *req; struct groups_get_state *state; @@ -548,6 +550,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, state->conn = conn; state->dp_error = DP_ERR_FATAL; state->noexist_delete = noexist_delete; + state->no_members = no_members; state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { @@ -676,7 +679,8 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP, - state->domain->ignore_group_members ? + (state->domain->ignore_group_members + || state->no_members) ? (const char **)member_filter : NULL, &state->attrs, NULL); @@ -809,7 +813,7 @@ static void groups_get_search(struct tevent_req *req) state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, SDAP_SEARCH_TIMEOUT), - false); + false, state->no_members); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -1348,7 +1352,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, ar->filter_value, ar->filter_type, ar->attr_type, - noexist_delete); + noexist_delete, false); break; case BE_REQ_INITGROUPS: /* init groups for user */ @@ -1664,7 +1668,7 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, subreq = groups_get_send(req, state->ev, state->id_ctx, state->sdom, state->conn, state->filter_val, state->filter_type, - state->attrs_type, state->noexist_delete); + state->attrs_type, state->noexist_delete, false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("users_get_send failed.\n")); ret = ENOMEM; diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 593404af3..5abd15459 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -96,7 +96,8 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, const char **attrs, const char *filter, int timeout, - bool enumeration); + bool enumeration, + bool no_members); int sdap_get_groups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **timestamp); diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c index 0431d03c3..b7f995010 100644 --- a/src/providers/ldap/sdap_async_enum.c +++ b/src/providers/ldap/sdap_async_enum.c @@ -804,7 +804,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), - true); + true, false); if (!subreq) { ret = ENOMEM; goto fail; diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index ab3691f80..77e686e68 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1533,6 +1533,7 @@ struct sdap_get_groups_state { char *filter; int timeout; bool enumeration; + bool no_members; char *higher_usn; struct sysdb_attrs **groups; @@ -1562,7 +1563,8 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, const char **attrs, const char *filter, int timeout, - bool enumeration) + bool enumeration, + bool no_members) { errno_t ret; struct tevent_req *req; @@ -1585,6 +1587,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, state->count = 0; state->timeout = timeout; state->enumeration = enumeration; + state->no_members = no_members; state->base_filter = filter; state->base_iter = 0; state->search_bases = sdom->group_search_bases; @@ -1709,6 +1712,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq) bool next_base = false; size_t count; struct sysdb_attrs **groups; + char **groupnamelist; ret = sdap_get_generic_recv(subreq, state, &count, &groups); @@ -1775,6 +1779,36 @@ static void sdap_get_groups_process(struct tevent_req *subreq) return; } + if (state->no_members) { + ret = sysdb_attrs_primary_name_list(state->sysdb, state, + state->groups, state->count, + state->opts->group_map[SDAP_AT_GROUP_NAME].name, + &groupnamelist); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("sysdb_attrs_primary_name_list failed.\n")); + tevent_req_error(req, ret); + return; + } + + ret = sdap_add_incomplete_groups(state->sysdb, state->dom, state->opts, + groupnamelist, state->groups, + state->count); + if (ret == EOK) { + DEBUG(SSSDBG_TRACE_LIBS, + ("Reading only group data without members successful.\n")); + tevent_req_done(req); + } else { + DEBUG(SSSDBG_OP_FAILURE, ("sdap_add_incomplete_groups failed.\n")); + tevent_req_error(req, ret); + } + return; + + ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts, + state->groups, state->count, false, + NULL, true, NULL); + } + /* Check whether we need to do nested searches * for RFC2307bis/FreeIPA/ActiveDirectory * We don't need to do this for enumeration, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 7ae7ed098..c297f32dd 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -29,12 +29,12 @@ #include "providers/ldap/sdap_users.h" /* ==Save-fake-group-list=====================================*/ -static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - struct sdap_options *opts, - char **groupnames, - struct sysdb_attrs **ldap_groups, - int ldap_groups_count) +errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + struct sdap_options *opts, + char **groupnames, + struct sysdb_attrs **ldap_groups, + int ldap_groups_count) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; @@ -3096,7 +3096,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) subreq = groups_get_send(req, state->ev, state->id_ctx, state->id_ctx->opts->sdom, state->conn, - gid, BE_FILTER_IDNUM, BE_ATTR_ALL, NULL); + gid, BE_FILTER_IDNUM, BE_ATTR_ALL, false, false); if (!subreq) { ret = ENOMEM; goto fail; diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 724f308da..a60f492a2 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -623,7 +623,7 @@ static errno_t sdap_ad_resolve_sids_step(struct tevent_req *req) subreq = groups_get_send(state, state->ev, state->id_ctx, sdap_domain, state->conn, state->current_sid, - BE_FILTER_SECID, BE_ATTR_CORE, false); + BE_FILTER_SECID, BE_ATTR_CORE, false, true); if (subreq == NULL) { return ENOMEM; } diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h index 364c809a9..d1c6e454a 100644 --- a/src/providers/ldap/sdap_async_private.h +++ b/src/providers/ldap/sdap_async_private.h @@ -133,4 +133,10 @@ errno_t sdap_nested_group_recv(TALLOC_CTX *mem_ctx, unsigned long *_num_groups, struct sysdb_attrs ***_groups); +errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + struct sdap_options *opts, + char **groupnames, + struct sysdb_attrs **ldap_groups, + int ldap_groups_count); #endif /* _SDAP_ASYNC_PRIVATE_H_ */ |