From 72ae534f5aef6d2e5d3f2f51299aede5abf9687e Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 3 Dec 2013 20:45:44 +0100
Subject: AD: Add a utility function to create list of connections

ad_id.c and ad_access.c used the same block of code. With the upcoming
option to disable GC lookups, we should unify the code in a function to
avoid breaking one of the code paths.

The same applies for the LDAP connection to the trusted AD DC.

Includes a unit test.
---
 src/providers/ad/ad_access.c | 16 +-------------
 src/providers/ad/ad_access.h |  4 +---
 src/providers/ad/ad_common.c | 52 ++++++++++++++++++++++++++++++++++++++++++++
 src/providers/ad/ad_common.h |  7 ++++++
 src/providers/ad/ad_id.c     | 29 +++++++-----------------
 src/providers/ad/ad_init.c   |  3 +--
 6 files changed, 70 insertions(+), 41 deletions(-)

(limited to 'src/providers')

diff --git a/src/providers/ad/ad_access.c b/src/providers/ad/ad_access.c
index 6995172db..68a292abc 100644
--- a/src/providers/ad/ad_access.c
+++ b/src/providers/ad/ad_access.c
@@ -274,26 +274,12 @@ ad_access_send(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
-    state->clist = talloc_zero_array(state, struct sdap_id_conn_ctx *, 3);
+    state->clist = ad_gc_conn_list(state, ctx->ad_id_ctx, domain);
     if (state->clist == NULL) {
         ret = ENOMEM;
         goto done;
     }
 
-    /* Always try GC first */
-    ctx->gc_ctx->ignore_mark_offline = false;
-    state->clist[0] = ctx->gc_ctx;
-    if (IS_SUBDOMAIN(domain) == false) {
-        /* fall back to ldap if gc is not available */
-        state->clist[0]->ignore_mark_offline = true;
-
-        /* With root domain users we have the option to
-         * fall back to LDAP in case ie POSIX attributes
-         * are used but not replicated to GC
-         */
-        state->clist[1] = ctx->ldap_ctx;
-    }
-
     ret = ad_access_step(req, state->clist[state->cindex]);
     if (ret != EOK) {
         goto done;
diff --git a/src/providers/ad/ad_access.h b/src/providers/ad/ad_access.h
index ca5e69729..3bd19ccc5 100644
--- a/src/providers/ad/ad_access.h
+++ b/src/providers/ad/ad_access.h
@@ -26,9 +26,7 @@
 struct ad_access_ctx {
     struct dp_option *ad_options;
     struct sdap_access_ctx *sdap_access_ctx;
-
-    struct sdap_id_conn_ctx *ldap_ctx;
-    struct sdap_id_conn_ctx *gc_ctx;
+    struct ad_id_ctx *ad_id_ctx;
 };
 
 void
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index f679c11ad..af0ec8399 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -1096,3 +1096,55 @@ ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx)
 
     return ad_ctx;
 }
+
+struct sdap_id_conn_ctx *
+ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom)
+{
+    struct sdap_id_conn_ctx *conn;
+    struct sdap_domain *sdom;
+    struct ad_id_ctx *subdom_id_ctx;
+
+    if (IS_SUBDOMAIN(dom)) {
+        sdom = sdap_domain_get(ad_ctx->sdap_id_ctx->opts, dom);
+        if (sdom == NULL || sdom->pvt == NULL) {
+            DEBUG(SSSDBG_CRIT_FAILURE, ("No ID ctx available for [%s].\n",
+                                        dom->name));
+            return NULL;
+        }
+        subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx);
+        conn = subdom_id_ctx->ldap_ctx;
+    } else {
+        conn = ad_ctx->ldap_ctx;
+    }
+
+    return conn;
+}
+
+struct sdap_id_conn_ctx **
+ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx,
+                struct sss_domain_info *dom)
+{
+    struct sdap_id_conn_ctx **clist;
+
+    clist = talloc_zero_array(mem_ctx, struct sdap_id_conn_ctx *, 3);
+    if (clist == NULL) return NULL;
+
+    /* Always try GC first */
+    clist[0] = ad_ctx->gc_ctx;
+    if (IS_SUBDOMAIN(dom) == true) {
+        clist[0]->ignore_mark_offline = false;
+        /* Subdomain users are only present in GC. */
+        return clist;
+    }
+
+    /* fall back to ldap if gc is not available */
+    clist[0]->ignore_mark_offline = true;
+
+    /* With root domain users we have the option to
+     * fall back to LDAP in case ie POSIX attributes
+     * are used but not replicated to GC
+     */
+    clist[1] = ad_ctx->ldap_ctx;
+
+    return clist;
+}
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index b8b73c042..ed5b8584d 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -115,6 +115,13 @@ ad_get_dyndns_options(struct be_ctx *be_ctx,
 struct ad_id_ctx *
 ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx);
 
+struct sdap_id_conn_ctx **
+ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx,
+               struct sss_domain_info *dom);
+
+struct sdap_id_conn_ctx *
+ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom);
+
 /* AD dynamic DNS updates */
 errno_t ad_dyndns_init(struct be_ctx *be_ctx,
                        struct ad_options *ctx);
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
index 7a86afdb7..0280d755c 100644
--- a/src/providers/ad/ad_id.c
+++ b/src/providers/ad/ad_id.c
@@ -188,12 +188,6 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx,
               struct sss_domain_info *dom, struct be_acct_req *ar)
 {
     struct sdap_id_conn_ctx **clist;
-    struct sdap_domain *sdom;
-    struct ad_id_ctx *subdom_id_ctx;
-
-    /* LDAP, GC, sentinel */
-    clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 3);
-    if (clist == NULL) return NULL;
 
     switch (ar->entry_type & BE_REQ_TYPE_MASK) {
     case BE_REQ_USER: /* user */
@@ -201,24 +195,17 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx,
     case BE_REQ_USER_AND_GROUP: /* get SID */
     case BE_REQ_GROUP: /* group */
     case BE_REQ_INITGROUPS: /* init groups for user */
-        /* Always try GC first */
-        clist[0] = ad_ctx->gc_ctx;
-        if (IS_SUBDOMAIN(dom) == true) {
-            clist[0]->ignore_mark_offline = false;
-            /* Subdomain users are only present in GC. */
-            break;
-        }
-        /* fall back to ldap if gc is not available */
-        clist[0]->ignore_mark_offline = true;
-
-        /* With root domain users we have the option to
-         * fall back to LDAP in case ie POSIX attributes
-         * are used but not replicated to GC
-         */
-        clist[1] = ad_ctx->ldap_ctx;
+        clist = ad_gc_conn_list(breq, ad_ctx, dom);
+        if (clist == NULL) return NULL;
         break;
+
     default:
+        /* Requests for other object should only contact LDAP by default */
+        clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 2);
+        if (clist == NULL) return NULL;
+
         clist[0] = ad_ctx->ldap_ctx;
+        clist[1] = NULL;
         break;
     }
 
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
index 332bfda38..ed69a7d98 100644
--- a/src/providers/ad/ad_init.c
+++ b/src/providers/ad/ad_init.c
@@ -377,8 +377,7 @@ sssm_ad_access_init(struct be_ctx *bectx,
     if (ret != EOK) {
         goto fail;
     }
-    access_ctx->ldap_ctx = ad_id_ctx->ldap_ctx;
-    access_ctx->gc_ctx = ad_id_ctx->gc_ctx;
+    access_ctx->ad_id_ctx = ad_id_ctx;
 
     ret = dp_copy_options(access_ctx, ad_options->basic, AD_OPTS_BASIC,
                           &access_ctx->ad_options);
-- 
cgit