From dcb44c39dda9699cdd6488fd116a51ced0687de3 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 21 May 2013 17:18:03 +0200 Subject: LDAP: sdap_id_ctx might contain several connections With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches. --- src/providers/ad/ad_init.c | 47 ++++++++++++-------------- src/providers/ad/ad_subdomains.c | 2 +- src/providers/ipa/ipa_access.c | 2 +- src/providers/ipa/ipa_auth.c | 3 +- src/providers/ipa/ipa_hostid.c | 2 +- src/providers/ipa/ipa_id.c | 2 +- src/providers/ipa/ipa_init.c | 10 ++---- src/providers/ipa/ipa_selinux.c | 3 +- src/providers/ipa/ipa_subdomains.c | 2 +- src/providers/ipa/ipa_subdomains_id.c | 2 +- src/providers/ldap/ldap_common.c | 47 ++++++++++++++++++++++++++ src/providers/ldap/ldap_common.h | 27 ++++++++++++--- src/providers/ldap/ldap_id.c | 10 +++--- src/providers/ldap/ldap_id_enum.c | 2 +- src/providers/ldap/ldap_id_netgroup.c | 2 +- src/providers/ldap/ldap_id_services.c | 2 +- src/providers/ldap/ldap_init.c | 45 +++++++++++++------------ src/providers/ldap/sdap_access.c | 3 +- src/providers/ldap/sdap_autofs.c | 2 +- src/providers/ldap/sdap_dyndns.c | 4 +-- src/providers/ldap/sdap_id_op.c | 63 ++++++++++++++++++----------------- src/providers/ldap/sdap_id_op.h | 2 ++ src/providers/ldap/sdap_sudo.c | 6 ++-- 23 files changed, 175 insertions(+), 115 deletions(-) diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index d5488ad07..aada14ec7 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -135,29 +135,36 @@ sssm_ad_id_init(struct be_ctx *bectx, ad_ctx->ad_options = ad_options; ad_options->id_ctx = ad_ctx; - sdap_ctx = talloc_zero(ad_options, struct sdap_id_ctx); - if (!sdap_ctx) { + sdap_ctx = sdap_id_ctx_new(ad_options, bectx, ad_options->service->sdap); + if (sdap_ctx == NULL) { return ENOMEM; } - sdap_ctx->be = bectx; - sdap_ctx->service = ad_options->service->sdap; ad_ctx->sdap_id_ctx = sdap_ctx; - ret = ad_get_id_options(ad_options, bectx->cdb, - bectx->conf_path, - &sdap_ctx->opts); + ret = ad_dyndns_init(sdap_ctx->be, ad_options); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Failure setting up automatic DNS update\n")); + /* Continue without DNS updates */ + } + + ret = sdap_id_setup_tasks(sdap_ctx); if (ret != EOK) { goto done; } - ret = setup_tls_config(sdap_ctx->opts->basic); + ret = sdap_setup_child(); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("setup_tls_config failed [%s]\n", strerror(ret))); + DEBUG(SSSDBG_FATAL_FAILURE, + ("setup_child failed [%d][%s].\n", + ret, strerror(ret))); goto done; } - ret = sdap_id_conn_cache_create(sdap_ctx, sdap_ctx, &sdap_ctx->conn_cache); + /* Set up various SDAP options */ + ret = ad_get_id_options(ad_options, bectx->cdb, + bectx->conf_path, + &sdap_ctx->opts); if (ret != EOK) { goto done; } @@ -166,23 +173,11 @@ sssm_ad_id_init(struct be_ctx *bectx, ret = sdap_idmap_init(sdap_ctx, sdap_ctx, &sdap_ctx->opts->idmap_ctx); if (ret != EOK) goto done; - ret = ad_dyndns_init(sdap_ctx->be, ad_options); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Failure setting up automatic DNS update\n")); - /* Continue without DNS updates */ - } - ret = sdap_id_setup_tasks(sdap_ctx); - if (ret != EOK) { - goto done; - } - - ret = sdap_setup_child(); + ret = setup_tls_config(sdap_ctx->opts->basic); if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - ("setup_child failed [%d][%s].\n", - ret, strerror(ret))); + DEBUG(SSSDBG_CRIT_FAILURE, + ("setup_tls_config failed [%s]\n", strerror(ret))); goto done; } diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 51c695541..da0c85e76 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -93,7 +93,7 @@ static void ad_subdomains_retrieve(struct ad_subdomains_ctx *ctx, req_ctx->reply = NULL; req_ctx->sdap_op = sdap_id_op_create(req_ctx, - ctx->sdap_id_ctx->conn_cache); + ctx->sdap_id_ctx->conn->conn_cache); if (req_ctx->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index c43974e3c..3760c6f71 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -208,7 +208,7 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) if (!offline) { if (hbac_ctx->sdap_op == NULL) { hbac_ctx->sdap_op = sdap_id_op_create(hbac_ctx, - hbac_ctx->sdap_ctx->conn_cache); + hbac_ctx->sdap_ctx->conn->conn_cache); if (hbac_ctx->sdap_op == NULL) { DEBUG(1, ("sdap_id_op_create failed.\n")); return EIO; diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index b528c544d..651196a96 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -71,7 +71,8 @@ static struct tevent_req *get_password_migration_flag_send(TALLOC_CTX *memctx, state->password_migration = false; state->ipa_realm = ipa_realm; - state->sdap_op = sdap_id_op_create(state, state->sdap_id_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, + state->sdap_id_ctx->conn->conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); goto fail; diff --git a/src/providers/ipa/ipa_hostid.c b/src/providers/ipa/ipa_hostid.c index cb37e9a4d..a697dbf66 100644 --- a/src/providers/ipa/ipa_hostid.c +++ b/src/providers/ipa/ipa_hostid.c @@ -165,7 +165,7 @@ hosts_get_send(TALLOC_CTX *memctx, state->ctx = hostid_ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, ctx->conn_cache); + state->op = sdap_id_op_create(state, ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 5f94eb2c1..b7ae81f66 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -174,7 +174,7 @@ static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx, state->ctx = ipa_ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, ctx->conn_cache); + state->op = sdap_id_op_create(state, ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 9676b781d..8363ca6d7 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -138,12 +138,10 @@ int sssm_ipa_id_init(struct be_ctx *bectx, ipa_options->id_ctx = ipa_ctx; ipa_ctx->ipa_options = ipa_options; - sdap_ctx = talloc_zero(ipa_options, struct sdap_id_ctx); - if (!sdap_ctx) { + sdap_ctx = sdap_id_ctx_new(ipa_options, bectx, ipa_options->service->sdap); + if (sdap_ctx == NULL) { return ENOMEM; } - sdap_ctx->be = bectx; - sdap_ctx->service = ipa_options->service->sdap; ipa_ctx->sdap_id_ctx = sdap_ctx; ret = ipa_get_id_options(ipa_options, bectx->cdb, @@ -188,10 +186,6 @@ int sssm_ipa_id_init(struct be_ctx *bectx, goto done; } - ret = sdap_id_conn_cache_create(sdap_ctx, sdap_ctx, &sdap_ctx->conn_cache); - if (ret != EOK) { - goto done; - } /* Set up the ID mapping object */ ret = sdap_idmap_init(sdap_ctx, sdap_ctx, &sdap_ctx->opts->idmap_ctx); diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index ce8f39ccc..39bebebfd 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -864,7 +864,8 @@ ipa_get_selinux_send(TALLOC_CTX *mem_ctx, } if (!offline) { - state->op = sdap_id_op_create(state, selinux_ctx->id_ctx->sdap_id_ctx->conn_cache); + state->op = sdap_id_op_create(state, + selinux_ctx->id_ctx->sdap_id_ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 95a11198a..18878ae33 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -558,7 +558,7 @@ static void ipa_subdomains_retrieve(struct ipa_subdomains_ctx *ctx, struct be_re req_ctx->reply = NULL; req_ctx->sdap_op = sdap_id_op_create(req_ctx, - ctx->sdap_id_ctx->conn_cache); + ctx->sdap_id_ctx->conn->conn_cache); if (req_ctx->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index ea313cbaf..7fa09bd98 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -66,7 +66,7 @@ struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 1e92400d9..856c57e43 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -1628,3 +1628,50 @@ sdap_attrs_get_sid_str(TALLOC_CTX *mem_ctx, return EOK; } + +struct sdap_id_conn_ctx * +sdap_id_ctx_conn_add(struct sdap_id_ctx *id_ctx, + struct sdap_service *sdap_service) +{ + struct sdap_id_conn_ctx *conn; + errno_t ret; + + conn = talloc_zero(id_ctx, struct sdap_id_conn_ctx); + if (conn == NULL) { + return NULL; + } + conn->service = talloc_steal(conn, sdap_service); + conn->id_ctx = id_ctx; + + /* Create a connection cache */ + ret = sdap_id_conn_cache_create(conn, id_ctx, conn, &conn->conn_cache); + if (ret != EOK) { + talloc_free(conn); + return NULL; + } + DLIST_ADD_END(id_ctx->conn, conn, struct sdap_id_conn_ctx *); + + return conn; +} + +struct sdap_id_ctx * +sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, + struct sdap_service *sdap_service) +{ + struct sdap_id_ctx *sdap_ctx; + + sdap_ctx = talloc_zero(mem_ctx, struct sdap_id_ctx); + if (sdap_ctx == NULL) { + return NULL; + } + sdap_ctx->be = bectx; + + /* There should be at least one connection context */ + sdap_ctx->conn = sdap_id_ctx_conn_add(sdap_ctx, sdap_service); + if (sdap_ctx->conn == NULL) { + talloc_free(sdap_ctx); + return NULL; + } + + return sdap_ctx; +} diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 2d17b7558..8c6083541 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -42,17 +42,26 @@ /* a fd the child process would log into */ extern int ldap_child_debug_fd; +struct sdap_id_ctx; + +struct sdap_id_conn_ctx { + struct sdap_id_ctx *id_ctx; + + struct sdap_service *service; + /* LDAP connection cache */ + struct sdap_id_conn_cache *conn_cache; + /* dlinklist pointers */ + struct sdap_id_conn_ctx *prev, *next; +}; + struct sdap_id_ctx { struct be_ctx *be; struct sdap_options *opts; - struct fo_service *fo_service; - struct sdap_service *service; /* If using GSSAPI */ struct krb5_service *krb5_service; - - /* LDAP connection cache */ - struct sdap_id_conn_cache *conn_cache; + /* connection to a server */ + struct sdap_id_conn_ctx *conn; /* enumeration loop timer */ struct timeval last_enum; @@ -235,4 +244,12 @@ sdap_set_sasl_options(struct sdap_options *id_opts, char *default_realm, const char *keytab_path); +struct sdap_id_conn_ctx * +sdap_id_ctx_conn_add(struct sdap_id_ctx *id_ctx, + struct sdap_service *sdap_service); + +struct sdap_id_ctx * +sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, + struct sdap_service *sdap_service); + #endif /* _LDAP_COMMON_H_ */ diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 13b607ac3..a7987810c 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -80,7 +80,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; @@ -403,7 +403,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; @@ -698,7 +698,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; @@ -862,7 +862,7 @@ void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx) check_ctx->be_req = be_req; req = sdap_cli_connect_send(be_req, be_ctx->ev, ctx->opts, - be_ctx, ctx->service, false, + be_ctx, ctx->conn->service, false, CON_TLS_DFL, false); if (req == NULL) { DEBUG(1, ("sdap_cli_connect_send failed.\n")); @@ -1280,7 +1280,7 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, state->id_ctx = id_ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->id_ctx->conn_cache); + state->op = sdap_id_op_create(state, state->id_ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c index 6c5a378ed..7a2129d97 100644 --- a/src/providers/ldap/ldap_id_enum.c +++ b/src/providers/ldap/ldap_id_enum.c @@ -212,7 +212,7 @@ struct tevent_req *ldap_id_enumerate_send(struct tevent_context *ev, state->ev = ev; state->ctx = ctx; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); talloc_zfree(req); diff --git a/src/providers/ldap/ldap_id_netgroup.c b/src/providers/ldap/ldap_id_netgroup.c index 5080cfb62..6788a52e5 100644 --- a/src/providers/ldap/ldap_id_netgroup.c +++ b/src/providers/ldap/ldap_id_netgroup.c @@ -70,7 +70,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_id_services.c b/src/providers/ldap/ldap_id_services.c index 5699bf0dc..5c3c53f2a 100644 --- a/src/providers/ldap/ldap_id_services.c +++ b/src/providers/ldap/ldap_id_services.c @@ -82,7 +82,7 @@ services_get_send(TALLOC_CTX *mem_ctx, state->protocol = protocol; state->filter_type = filter_type; - state->op = sdap_id_op_create(state, state->id_ctx->conn_cache); + state->op = sdap_id_op_create(state, state->id_ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_MINOR_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index f70c8f1b0..56339961d 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -87,11 +87,13 @@ int sssm_ldap_id_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { - struct sdap_id_ctx *ctx; + struct sdap_id_ctx *ctx = NULL; const char *urls; const char *backup_urls; const char *dns_service_name; const char *sasl_mech; + struct sdap_service *sdap_service; + struct sdap_options *opts; int ret; /* If we're already set up, just return that */ @@ -103,37 +105,40 @@ int sssm_ldap_id_init(struct be_ctx *bectx, return EOK; } - ctx = talloc_zero(bectx, struct sdap_id_ctx); - if (!ctx) return ENOMEM; - - ctx->be = bectx; - - ret = ldap_get_options(ctx, bectx->cdb, - bectx->conf_path, &ctx->opts); + ret = ldap_get_options(bectx, bectx->cdb, + bectx->conf_path, &opts); if (ret != EOK) { goto done; } - dns_service_name = dp_opt_get_string(ctx->opts->basic, + dns_service_name = dp_opt_get_string(opts->basic, SDAP_DNS_SERVICE_NAME); - DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name)); + DEBUG(SSSDBG_CONF_SETTINGS, + ("Service name for discovery set to %s\n", dns_service_name)); - urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI); - backup_urls = dp_opt_get_string(ctx->opts->basic, SDAP_BACKUP_URI); + urls = dp_opt_get_string(opts->basic, SDAP_URI); + backup_urls = dp_opt_get_string(opts->basic, SDAP_BACKUP_URI); - ret = sdap_service_init(ctx, ctx->be, "LDAP", + ret = sdap_service_init(bectx, bectx, "LDAP", dns_service_name, urls, backup_urls, - &ctx->service); + &sdap_service); if (ret != EOK) { - DEBUG(1, ("Failed to initialize failover service!\n")); + DEBUG(SSSDBG_OP_FAILURE, ("Failed to initialize failover service!\n")); goto done; } + ctx = sdap_id_ctx_new(bectx, bectx, sdap_service); + if (!ctx) { + ret = ENOMEM; + goto done; + } + ctx->opts = talloc_steal(ctx, opts); + sasl_mech = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_MECH); if (sasl_mech && strcasecmp(sasl_mech, "GSSAPI") == 0) { if (dp_opt_get_bool(ctx->opts->basic, SDAP_KRB5_KINIT)) { ret = sdap_gssapi_init(ctx, ctx->opts->basic, - ctx->be, ctx->service, + ctx->be, ctx->conn->service, &ctx->krb5_service); if (ret != EOK) { DEBUG(1, ("sdap_gssapi_init failed [%d][%s].\n", @@ -150,11 +155,6 @@ int sssm_ldap_id_init(struct be_ctx *bectx, goto done; } - ret = sdap_id_conn_cache_create(ctx, ctx, &ctx->conn_cache); - if (ret != EOK) { - goto done; - } - /* Set up the ID mapping object */ ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx); if (ret != EOK) goto done; @@ -185,6 +185,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, done: if (ret != EOK) { + talloc_free(opts); talloc_free(ctx); } return ret; @@ -208,7 +209,7 @@ int sssm_ldap_auth_init(struct be_ctx *bectx, ctx->be = bectx; ctx->opts = id_ctx->opts; - ctx->service = id_ctx->service; + ctx->service = id_ctx->conn->service; ctx->chpass_service = NULL; *ops = &sdap_auth_ops; diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 1b2f6993d..e74542346 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -718,7 +718,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, DEBUG(6, ("Checking filter against LDAP\n")); - state->sdap_op = sdap_id_op_create(state, state->sdap_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, + state->sdap_ctx->conn->conn_cache); if (!state->sdap_op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/sdap_autofs.c b/src/providers/ldap/sdap_autofs.c index 0bb211aa3..e7947c9b2 100644 --- a/src/providers/ldap/sdap_autofs.c +++ b/src/providers/ldap/sdap_autofs.c @@ -154,7 +154,7 @@ sdap_autofs_get_map_send(TALLOC_CTX *mem_ctx, state->dp_error = DP_ERR_FATAL; state->map_name = map_name; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c index d7e20ca4f..8fe2011d1 100644 --- a/src/providers/ldap/sdap_dyndns.c +++ b/src/providers/ldap/sdap_dyndns.c @@ -500,7 +500,7 @@ sdap_dyndns_get_addrs_send(TALLOC_CTX *mem_ctx, } /* Detect DYNDNS address from LDAP connection */ - state->sdap_op = sdap_id_op_create(state, sdap_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, sdap_ctx->conn->conn_cache); if (!state->sdap_op) { ret = ENOMEM; DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); @@ -664,7 +664,7 @@ sdap_dyndns_timer_conn_send(TALLOC_CTX *mem_ctx, state->dyndns_ctx->timer_in_progress = true; /* Make sure to have a valid LDAP connection */ - state->sdap_op = sdap_id_op_create(state, state->sdap_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, state->sdap_ctx->conn->conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c index 02142103b..be25b5da4 100644 --- a/src/providers/ldap/sdap_id_op.c +++ b/src/providers/ldap/sdap_id_op.c @@ -28,7 +28,7 @@ /* LDAP async connection cache */ struct sdap_id_conn_cache { - struct sdap_id_ctx *id_ctx; + struct sdap_id_conn_ctx *id_conn; /* list of all open connections */ struct sdap_id_conn_data *connections; @@ -103,6 +103,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq); /* Create a connection cache */ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, + struct sdap_id_conn_ctx *id_conn, struct sdap_id_conn_cache** conn_cache_out) { int ret; @@ -113,9 +114,9 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, goto fail; } - conn_cache->id_ctx = id_ctx; + conn_cache->id_conn = id_conn; - ret = be_add_offline_cb(conn_cache, id_ctx->be, + ret = be_add_offline_cb(conn_cache, id_conn->id_ctx->be, sdap_id_conn_cache_be_offline_cb, conn_cache, NULL); if (ret != EOK) { @@ -123,7 +124,7 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, goto fail; } - ret = be_add_reconnect_cb(conn_cache, id_ctx->be, + ret = be_add_reconnect_cb(conn_cache, id_conn->id_ctx->be, sdap_id_conn_cache_fo_reconnect_cb, conn_cache, NULL); if (ret != EOK) { @@ -224,7 +225,7 @@ static bool sdap_can_reuse_connection(struct sdap_id_conn_data *conn_data) return false; } - timeout = dp_opt_get_int(conn_data->conn_cache->id_ctx->opts->basic, + timeout = dp_opt_get_int(conn_data->conn_cache->id_conn->id_ctx->opts->basic, SDAP_OPT_TIMEOUT); return !sdap_is_connection_expired(conn_data, timeout); } @@ -242,7 +243,7 @@ static int sdap_id_conn_data_set_expire_timer(struct sdap_id_conn_data *conn_dat return EOK; } - timeout = dp_opt_get_int(conn_data->conn_cache->id_ctx->opts->basic, + timeout = dp_opt_get_int(conn_data->conn_cache->id_conn->id_ctx->opts->basic, SDAP_OPT_TIMEOUT); if (timeout > 0) { tv.tv_sec -= timeout; @@ -255,10 +256,10 @@ static int sdap_id_conn_data_set_expire_timer(struct sdap_id_conn_data *conn_dat talloc_zfree(conn_data->expire_timer); conn_data->expire_timer = - tevent_add_timer(conn_data->conn_cache->id_ctx->be->ev, - conn_data, tv, - sdap_id_conn_data_expire_handler, - conn_data); + tevent_add_timer(conn_data->conn_cache->id_conn->id_ctx->be->ev, + conn_data, tv, + sdap_id_conn_data_expire_handler, + conn_data); if (!conn_data->expire_timer) { return ENOMEM; } @@ -349,8 +350,8 @@ static bool sdap_id_op_can_reconnect(struct sdap_id_op *op) int max_retries; int count; - count = be_fo_get_server_count(op->conn_cache->id_ctx->be, - op->conn_cache->id_ctx->service->name); + count = be_fo_get_server_count(op->conn_cache->id_conn->id_ctx->be, + op->conn_cache->id_conn->service->name); max_retries = 2 * count -1; if (max_retries < 1) { max_retries = 1; @@ -361,7 +362,7 @@ static bool sdap_id_op_can_reconnect(struct sdap_id_op *op) /* state of connect request */ struct sdap_id_op_connect_state { - struct sdap_id_ctx *id_ctx; + struct sdap_id_conn_ctx *id_conn; struct tevent_context *ev; struct sdap_id_op *op; int dp_error; @@ -411,8 +412,8 @@ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op, talloc_set_destructor((void*)state, sdap_id_op_connect_state_destroy); - state->id_ctx = op->conn_cache->id_ctx; - state->ev = state->id_ctx->be->ev; + state->id_conn = op->conn_cache->id_conn; + state->ev = state->id_conn->id_ctx->be->ev; state->op = op; op->connect_req = req; @@ -489,9 +490,9 @@ static int sdap_id_op_connect_step(struct tevent_req *req) conn_data->conn_cache = conn_cache; subreq = sdap_cli_connect_send(conn_data, state->ev, - state->id_ctx->opts, - state->id_ctx->be, - state->id_ctx->service, false, + state->id_conn->id_ctx->opts, + state->id_conn->id_ctx->be, + state->id_conn->service, false, CON_TLS_DFL, false); if (!subreq) { @@ -555,12 +556,12 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) /* be is going offline as there is no more servers to try */ DEBUG(1, ("Failed to connect, going offline (%d [%s])\n", ret, strerror(ret))); - be_mark_offline(conn_cache->id_ctx->be); + be_mark_offline(conn_cache->id_conn->id_ctx->be); is_offline = true; } if (ret == EOK) { - current_srv_opts = conn_cache->id_ctx->srv_opts; + current_srv_opts = conn_cache->id_conn->id_ctx->srv_opts; if (current_srv_opts) { DEBUG(8, ("Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn)); @@ -579,7 +580,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) } } ret = sdap_id_conn_data_set_expire_timer(conn_data); - sdap_steal_server_opts(conn_cache->id_ctx, &srv_opts); + sdap_steal_server_opts(conn_cache->id_conn->id_ctx, &srv_opts); } if (can_retry) { @@ -596,7 +597,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) /* do not attempt to retry on errors like ENOMEM */ can_retry = false; is_offline = true; - be_mark_offline(conn_cache->id_ctx->be); + be_mark_offline(conn_cache->id_conn->id_ctx->be); break; } } @@ -635,7 +636,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (can_retry) { /* determining whether retry is possible */ - if (be_is_offline(conn_cache->id_ctx->be)) { + if (be_is_offline(conn_cache->id_conn->id_ctx->be)) { /* be is offline, no retry possible */ if (ret == EOK) { DEBUG(9, ("skipping automatic retry on op #%d as be is offline\n", notify_count)); @@ -686,12 +687,12 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if ((ret == EOK) && conn_data->sh->connected && - !be_is_offline(conn_cache->id_ctx->be)) { + !be_is_offline(conn_cache->id_conn->id_ctx->be)) { DEBUG(9, ("caching successful connection after %d notifies\n", notify_count)); conn_cache->cached_connection = conn_data; /* Run any post-connection routines */ - be_run_online_cb(conn_cache->id_ctx->be); + be_run_online_cb(conn_cache->id_conn->id_ctx->be); } else { if (conn_cache->cached_connection == conn_data) { @@ -704,9 +705,9 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (reinit) { DEBUG(SSSDBG_TRACE_FUNC, ("Server reinitialization detected. " "Cleaning cache.\n")); - reinit_req = sdap_reinit_cleanup_send(conn_cache->id_ctx->be, - conn_cache->id_ctx->be, - conn_cache->id_ctx); + reinit_req = sdap_reinit_cleanup_send(conn_cache->id_conn->id_ctx->be, + conn_cache->id_conn->id_ctx->be, + conn_cache->id_conn->id_ctx); if (reinit_req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to perform reinitialization " "clean up.\n")); @@ -804,14 +805,14 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) op->conn_cache->cached_connection = NULL; DEBUG(5, ("communication error on cached connection, moving to next server\n")); - be_fo_try_next_server(op->conn_cache->id_ctx->be, - op->conn_cache->id_ctx->service->name); + be_fo_try_next_server(op->conn_cache->id_conn->id_ctx->be, + op->conn_cache->id_conn->service->name); } int dp_err; if (retval == EOK) { dp_err = DP_ERR_OK; - } else if (be_is_offline(op->conn_cache->id_ctx->be)) { + } else if (be_is_offline(op->conn_cache->id_conn->id_ctx->be)) { /* if backend is already offline, just report offline, do not duplicate errors */ dp_err = DP_ERR_OFFLINE; retval = EAGAIN; diff --git a/src/providers/ldap/sdap_id_op.h b/src/providers/ldap/sdap_id_op.h index f36037a9c..b808dd89a 100644 --- a/src/providers/ldap/sdap_id_op.h +++ b/src/providers/ldap/sdap_id_op.h @@ -26,6 +26,7 @@ #define _SDAP_ID_OP_H_ struct sdap_id_ctx; +struct sdap_id_conn_ctx; /* LDAP async connection cache */ struct sdap_id_conn_cache; @@ -38,6 +39,7 @@ struct sdap_id_op; /* Create a connection cache */ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, + struct sdap_id_conn_ctx *id_conn, struct sdap_id_conn_cache** conn_cache_out); /* Create an operation object */ diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index 3472da67c..315f254a3 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -508,7 +508,7 @@ void sdap_sudo_handler(struct be_req *be_req) case BE_REQ_SUDO_RULES: DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a refresh of specific sudo rules\n")); req = sdap_sudo_rules_refresh_send(be_req, sudo_ctx, id_ctx->be, - id_ctx->opts, id_ctx->conn_cache, + id_ctx->opts, id_ctx->conn->conn_cache, sudo_req->rules); break; default: @@ -585,7 +585,7 @@ static struct tevent_req *sdap_sudo_full_refresh_send(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a full refresh of sudo rules\n")); subreq = sdap_sudo_refresh_send(state, id_ctx->be, id_ctx->opts, - id_ctx->conn_cache, + id_ctx->conn->conn_cache, ldap_full_filter, sysdb_filter); if (subreq == NULL) { ret = ENOMEM; @@ -901,7 +901,7 @@ static struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, "(USN > %s)\n", (usn == NULL ? "0" : usn))); subreq = sdap_sudo_refresh_send(state, id_ctx->be, id_ctx->opts, - id_ctx->conn_cache, + id_ctx->conn->conn_cache, ldap_full_filter, NULL); if (subreq == NULL) { ret = ENOMEM; -- cgit