diff options
Diffstat (limited to 'src/providers/ad')
| -rw-r--r-- | src/providers/ad/ad_access.c | 16 | ||||
| -rw-r--r-- | src/providers/ad/ad_access.h | 4 | ||||
| -rw-r--r-- | src/providers/ad/ad_common.c | 52 | ||||
| -rw-r--r-- | src/providers/ad/ad_common.h | 7 | ||||
| -rw-r--r-- | src/providers/ad/ad_id.c | 29 | ||||
| -rw-r--r-- | src/providers/ad/ad_init.c | 3 |
6 files changed, 70 insertions, 41 deletions
diff --git a/src/providers/ad/ad_access.c b/src/providers/ad/ad_access.c index 6995172db..68a292abc 100644 --- a/src/providers/ad/ad_access.c +++ b/src/providers/ad/ad_access.c @@ -274,26 +274,12 @@ ad_access_send(TALLOC_CTX *mem_ctx, goto done; } - state->clist = talloc_zero_array(state, struct sdap_id_conn_ctx *, 3); + state->clist = ad_gc_conn_list(state, ctx->ad_id_ctx, domain); if (state->clist == NULL) { ret = ENOMEM; goto done; } - /* Always try GC first */ - ctx->gc_ctx->ignore_mark_offline = false; - state->clist[0] = ctx->gc_ctx; - if (IS_SUBDOMAIN(domain) == false) { - /* fall back to ldap if gc is not available */ - state->clist[0]->ignore_mark_offline = true; - - /* With root domain users we have the option to - * fall back to LDAP in case ie POSIX attributes - * are used but not replicated to GC - */ - state->clist[1] = ctx->ldap_ctx; - } - ret = ad_access_step(req, state->clist[state->cindex]); if (ret != EOK) { goto done; diff --git a/src/providers/ad/ad_access.h b/src/providers/ad/ad_access.h index ca5e69729..3bd19ccc5 100644 --- a/src/providers/ad/ad_access.h +++ b/src/providers/ad/ad_access.h @@ -26,9 +26,7 @@ struct ad_access_ctx { struct dp_option *ad_options; struct sdap_access_ctx *sdap_access_ctx; - - struct sdap_id_conn_ctx *ldap_ctx; - struct sdap_id_conn_ctx *gc_ctx; + struct ad_id_ctx *ad_id_ctx; }; void diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index f679c11ad..af0ec8399 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -1096,3 +1096,55 @@ ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx) return ad_ctx; } + +struct sdap_id_conn_ctx * +ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom) +{ + struct sdap_id_conn_ctx *conn; + struct sdap_domain *sdom; + struct ad_id_ctx *subdom_id_ctx; + + if (IS_SUBDOMAIN(dom)) { + sdom = sdap_domain_get(ad_ctx->sdap_id_ctx->opts, dom); + if (sdom == NULL || sdom->pvt == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No ID ctx available for [%s].\n", + dom->name)); + return NULL; + } + subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); + conn = subdom_id_ctx->ldap_ctx; + } else { + conn = ad_ctx->ldap_ctx; + } + + return conn; +} + +struct sdap_id_conn_ctx ** +ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, + struct sss_domain_info *dom) +{ + struct sdap_id_conn_ctx **clist; + + clist = talloc_zero_array(mem_ctx, struct sdap_id_conn_ctx *, 3); + if (clist == NULL) return NULL; + + /* Always try GC first */ + clist[0] = ad_ctx->gc_ctx; + if (IS_SUBDOMAIN(dom) == true) { + clist[0]->ignore_mark_offline = false; + /* Subdomain users are only present in GC. */ + return clist; + } + + /* fall back to ldap if gc is not available */ + clist[0]->ignore_mark_offline = true; + + /* With root domain users we have the option to + * fall back to LDAP in case ie POSIX attributes + * are used but not replicated to GC + */ + clist[1] = ad_ctx->ldap_ctx; + + return clist; +} diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index b8b73c042..ed5b8584d 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -115,6 +115,13 @@ ad_get_dyndns_options(struct be_ctx *be_ctx, struct ad_id_ctx * ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx); +struct sdap_id_conn_ctx ** +ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, + struct sss_domain_info *dom); + +struct sdap_id_conn_ctx * +ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom); + /* AD dynamic DNS updates */ errno_t ad_dyndns_init(struct be_ctx *be_ctx, struct ad_options *ctx); diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index cf71b172d..e47c41863 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -188,12 +188,6 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom, struct be_acct_req *ar) { struct sdap_id_conn_ctx **clist; - struct sdap_domain *sdom; - struct ad_id_ctx *subdom_id_ctx; - - /* LDAP, GC, sentinel */ - clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 3); - if (clist == NULL) return NULL; switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ @@ -201,24 +195,17 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, case BE_REQ_USER_AND_GROUP: /* get SID */ case BE_REQ_GROUP: /* group */ case BE_REQ_INITGROUPS: /* init groups for user */ - /* Always try GC first */ - clist[0] = ad_ctx->gc_ctx; - if (IS_SUBDOMAIN(dom) == true) { - clist[0]->ignore_mark_offline = false; - /* Subdomain users are only present in GC. */ - break; - } - /* fall back to ldap if gc is not available */ - clist[0]->ignore_mark_offline = true; - - /* With root domain users we have the option to - * fall back to LDAP in case ie POSIX attributes - * are used but not replicated to GC - */ - clist[1] = ad_ctx->ldap_ctx; + clist = ad_gc_conn_list(breq, ad_ctx, dom); + if (clist == NULL) return NULL; break; + default: + /* Requests for other object should only contact LDAP by default */ + clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 2); + if (clist == NULL) return NULL; + clist[0] = ad_ctx->ldap_ctx; + clist[1] = NULL; break; } diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index 332bfda38..ed69a7d98 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -377,8 +377,7 @@ sssm_ad_access_init(struct be_ctx *bectx, if (ret != EOK) { goto fail; } - access_ctx->ldap_ctx = ad_id_ctx->ldap_ctx; - access_ctx->gc_ctx = ad_id_ctx->gc_ctx; + access_ctx->ad_id_ctx = ad_id_ctx; ret = dp_copy_options(access_ctx, ad_options->basic, AD_OPTS_BASIC, &access_ctx->ad_options); |