From 749cfb5d3270b5daf389d51a0dbd3fd2aec6e05d Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 27 May 2013 08:48:02 +0200 Subject: LDAP: new SDAP domain structure Previously an sdap_id_ctx was always tied to one domain with a single set of search bases. But with the introduction of Global Catalog lookups, primary domain and subdomains might have different search bases. This patch introduces a new structure sdap_domain that contains an sssd domain or subdomain and a set of search bases. With this patch, there is only one sdap_domain that describes the primary domain. --- src/providers/ad/ad_common.c | 17 ++++-- src/providers/ad/ad_subdomains.c | 4 +- src/providers/ipa/ipa_common.c | 21 ++++--- src/providers/ipa/ipa_netgroups.c | 10 ++-- src/providers/ldap/ldap_common.c | 86 ++++++++++++++++++++++++--- src/providers/ldap/ldap_common.h | 16 +++++ src/providers/ldap/ldap_id.c | 68 +++++++++++++++------ src/providers/ldap/ldap_id_enum.c | 38 +++++++----- src/providers/ldap/ldap_id_netgroup.c | 9 ++- src/providers/ldap/ldap_id_services.c | 9 ++- src/providers/ldap/ldap_init.c | 2 +- src/providers/ldap/sdap.c | 58 +++++++++--------- src/providers/ldap/sdap.h | 28 ++++++--- src/providers/ldap/sdap_async.h | 5 +- src/providers/ldap/sdap_async_autofs.c | 2 +- src/providers/ldap/sdap_async_connection.c | 3 +- src/providers/ldap/sdap_async_groups.c | 16 ++--- src/providers/ldap/sdap_async_groups_ad.c | 2 +- src/providers/ldap/sdap_async_initgroups.c | 18 +++--- src/providers/ldap/sdap_async_initgroups_ad.c | 2 +- src/providers/ldap/sdap_async_nested_groups.c | 37 +++++++----- src/providers/ldap/sdap_async_netgroups.c | 2 +- src/providers/ldap/sdap_async_private.h | 3 +- src/providers/ldap/sdap_async_services.c | 2 +- src/providers/ldap/sdap_async_sudo.c | 2 +- 25 files changed, 315 insertions(+), 145 deletions(-) (limited to 'src') diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 4a6343f73..713f31947 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -448,6 +448,13 @@ ad_get_id_options(struct ad_options *ad_opts, goto done; } + ret = sdap_domain_add(id_opts, + ad_opts->id_ctx->sdap_id_ctx->be->domain, + NULL); + if (ret != EOK) { + goto done; + } + ret = dp_get_options(id_opts, cdb, conf_path, ad_def_ldap_opts, SDAP_OPTS_BASIC, @@ -619,31 +626,31 @@ ad_set_search_bases(struct sdap_options *id_opts) /* Default search */ ret = sdap_parse_search_base(id_opts, id_opts->basic, SDAP_SEARCH_BASE, - &id_opts->search_bases); + &id_opts->sdom->search_bases); if (ret != EOK && ret != ENOENT) goto done; /* User search */ ret = sdap_parse_search_base(id_opts, id_opts->basic, SDAP_USER_SEARCH_BASE, - &id_opts->user_search_bases); + &id_opts->sdom->user_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Group search base */ ret = sdap_parse_search_base(id_opts, id_opts->basic, SDAP_GROUP_SEARCH_BASE, - &id_opts->group_search_bases); + &id_opts->sdom->group_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Netgroup search */ ret = sdap_parse_search_base(id_opts, id_opts->basic, SDAP_NETGROUP_SEARCH_BASE, - &id_opts->netgroup_search_bases); + &id_opts->sdom->netgroup_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Service search */ ret = sdap_parse_search_base(id_opts, id_opts->basic, SDAP_SERVICE_SEARCH_BASE, - &id_opts->service_search_bases); + &id_opts->sdom->service_search_bases); if (ret != EOK && ret != ENOENT) goto done; ret = EOK; diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index da0c85e76..098663cc8 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -44,6 +44,7 @@ struct ad_subdomains_ctx { struct be_ctx *be_ctx; struct sdap_id_ctx *sdap_id_ctx; + struct sdap_domain *sdom; struct sss_idmap_ctx *idmap_ctx; char *domain_name; @@ -164,7 +165,7 @@ static errno_t ad_subdomains_get_master_sid(struct ad_subdomains_req_ctx *ctx) const char *master_sid_attrs[] = {AD_AT_OBJECT_SID, NULL}; - base = ctx->sd_ctx->sdap_id_ctx->opts->search_bases[ctx->base_iter]; + base = ctx->sd_ctx->sdom->search_bases[ctx->base_iter]; if (base == NULL) { return EOK; } @@ -497,6 +498,7 @@ int ad_subdom_init(struct be_ctx *be_ctx, } ctx->be_ctx = be_ctx; + ctx->sdom = id_ctx->sdap_id_ctx->opts->sdom; ctx->sdap_id_ctx = id_ctx->sdap_id_ctx; ctx->domain_name = talloc_strdup(ctx, ad_domain); if (ctx->domain_name == NULL) { diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index ec36b57d7..76da6c1e1 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -187,6 +187,13 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } + ret = sdap_domain_add(ipa_opts->id, + ipa_opts->id_ctx->sdap_id_ctx->be->domain, + NULL); + if (ret != EOK) { + goto done; + } + /* get sdap options */ ret = dp_get_options(ipa_opts->id, cdb, conf_path, ipa_def_ldap_opts, @@ -223,7 +230,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_SEARCH_BASE, - &ipa_opts->id->search_bases); + &ipa_opts->id->sdom->search_bases); if (ret != EOK) goto done; /* set krb realm */ @@ -277,7 +284,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_USER_SEARCH_BASE, - &ipa_opts->id->user_search_bases); + &ipa_opts->id->sdom->user_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->id->basic, @@ -296,7 +303,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE, - &ipa_opts->id->group_search_bases); + &ipa_opts->id->sdom->group_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->id->basic, @@ -334,7 +341,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE, - &ipa_opts->id->sudo_search_bases); + &ipa_opts->id->sdom->sudo_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->id->basic, @@ -357,7 +364,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE, - &ipa_opts->id->netgroup_search_bases); + &ipa_opts->id->sdom->netgroup_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->basic, @@ -450,7 +457,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_SERVICE_SEARCH_BASE, - &ipa_opts->id->service_search_bases); + &ipa_opts->id->sdom->service_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->basic, @@ -992,7 +999,7 @@ int ipa_get_autofs_options(struct ipa_options *ipa_opts, ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_AUTOFS_SEARCH_BASE, - &ipa_opts->id->autofs_search_bases); + &ipa_opts->id->sdom->autofs_search_bases); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Could not parse autofs search base\n")); goto done; diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index f9e43b87f..0f36fc9f5 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -215,7 +215,7 @@ struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, state->netgr_base_iter = 0; state->dom = dom; - if (!ipa_options->id->netgroup_search_bases) { + if (!ipa_options->id->sdom->netgroup_search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Netgroup lookup request without a search base\n")); ret = EINVAL; @@ -248,7 +248,7 @@ static errno_t ipa_netgr_next_base(struct tevent_req *req) struct sdap_search_base **netgr_bases; state = tevent_req_data(req, struct ipa_get_netgroups_state); - netgr_bases = state->ipa_opts->id->netgroup_search_bases; + netgr_bases = state->ipa_opts->id->sdom->netgroup_search_bases; talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter( @@ -307,7 +307,7 @@ static void ipa_get_netgroups_process(struct tevent_req *subreq) hash_key_t key; hash_value_t value; - netgr_bases = state->ipa_opts->id->netgroup_search_bases; + netgr_bases = state->ipa_opts->id->sdom->netgroup_search_bases; ret = sdap_get_generic_recv(subreq, state, &netgroups_count, &netgroups); talloc_zfree(subreq); @@ -432,7 +432,7 @@ static int ipa_netgr_fetch_netgroups(struct ipa_get_netgroups_state *state, struct tevent_req *subreq; struct sdap_search_base **bases; - bases = state->ipa_opts->id->netgroup_search_bases; + bases = state->ipa_opts->id->sdom->netgroup_search_bases; if (bases[state->netgr_base_iter] == NULL) { /* No more bases to try */ return ENOENT; @@ -473,7 +473,7 @@ static int ipa_netgr_fetch_users(struct ipa_get_netgroups_state *state, struct tevent_req *subreq; struct sdap_search_base **bases; - bases = state->ipa_opts->id->user_search_bases; + bases = state->ipa_opts->id->sdom->user_search_bases; if (bases[state->user_base_iter] == NULL) { return ENOENT; } diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 856c57e43..3e7ab9da9 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -39,8 +39,75 @@ /* a fd the child process would log into */ int ldap_child_debug_fd = -1; +int +sdap_domain_destructor(void *mem) +{ + struct sdap_domain *dom = + talloc_get_type(mem, struct sdap_domain); + DLIST_REMOVE(*(dom->head), dom); + return 0; +} + +struct sdap_domain * +sdap_domain_get(struct sdap_options *opts, + struct sss_domain_info *dom) +{ + struct sdap_domain *sditer = NULL; + + DLIST_FOR_EACH(sditer, opts->sdom) { + if (sditer->dom == dom) { + break; + } + } + + return sditer; +} + +errno_t +sdap_domain_add(struct sdap_options *opts, + struct sss_domain_info *dom, + struct sdap_domain **_sdom) +{ + struct sdap_domain *sdom; + + sdom = talloc_zero(opts, struct sdap_domain); + if (sdom == NULL) { + return ENOMEM; + } + sdom->dom = dom; + sdom->head = &opts->sdom; + + if (opts->sdom) { + /* Only allow subdomains of the parent domain */ + if (dom->parent == NULL || + dom->parent != opts->sdom->dom) { + DEBUG(SSSDBG_OP_FAILURE, ("Domain %s is not a subdomain of %s\n", + dom->name, opts->sdom->dom->name)); + return EINVAL; + } + } + + talloc_set_destructor((TALLOC_CTX *)sdom, sdap_domain_destructor); + DLIST_ADD_END(opts->sdom, sdom, struct sdap_domain *); + + if (_sdom) *_sdom = sdom; + return EOK; +} + +void +sdap_domain_remove(struct sdap_options *opts, + struct sss_domain_info *dom) +{ + struct sdap_domain *sdom; + + sdom = sdap_domain_get(opts, dom); + if (sdom == NULL) return; + + DLIST_REMOVE(*(sdom->head), sdom); +} int ldap_get_options(TALLOC_CTX *memctx, + struct sss_domain_info *dom, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options **_opts) @@ -72,6 +139,11 @@ int ldap_get_options(TALLOC_CTX *memctx, opts = talloc_zero(memctx, struct sdap_options); if (!opts) return ENOMEM; + ret = sdap_domain_add(opts, dom, NULL); + if (ret != EOK) { + goto done; + } + ret = dp_get_options(opts, cdb, conf_path, default_basic_opts, SDAP_OPTS_BASIC, @@ -105,31 +177,31 @@ int ldap_get_options(TALLOC_CTX *memctx, /* Default search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_SEARCH_BASE, - &opts->search_bases); + &opts->sdom->search_bases); if (ret != EOK && ret != ENOENT) goto done; /* User search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_USER_SEARCH_BASE, - &opts->user_search_bases); + &opts->sdom->user_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Group search base */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_GROUP_SEARCH_BASE, - &opts->group_search_bases); + &opts->sdom->group_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Netgroup search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_NETGROUP_SEARCH_BASE, - &opts->netgroup_search_bases); + &opts->sdom->netgroup_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Service search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_SERVICE_SEARCH_BASE, - &opts->service_search_bases); + &opts->sdom->service_search_bases); if (ret != EOK && ret != ENOENT) goto done; pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY); @@ -377,7 +449,7 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx, ret = sdap_parse_search_base(opts, opts->basic, SDAP_SUDO_SEARCH_BASE, - &opts->sudo_search_bases); + &opts->sdom->sudo_search_bases); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Could not parse SUDO search base\n")); return ret; @@ -435,7 +507,7 @@ int ldap_get_autofs_options(TALLOC_CTX *memctx, ret = sdap_parse_search_base(opts, opts->basic, SDAP_AUTOFS_SEARCH_BASE, - &opts->autofs_search_bases); + &opts->sdom->autofs_search_bases); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Could not parse autofs search base\n")); return ret; diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 5dfa60049..331e90d26 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -102,6 +102,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, struct be_req *breq, struct be_acct_req *ar, struct sdap_id_ctx *id_ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn); errno_t sdap_handle_acct_req_recv(struct tevent_req *req, @@ -146,6 +147,7 @@ void sdap_remove_kdcinfo_files_callback(void *pvt); /* options parser */ int ldap_get_options(TALLOC_CTX *memctx, + struct sss_domain_info *dom, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options **_opts); @@ -174,6 +176,7 @@ void sdap_mark_offline(struct sdap_id_ctx *ctx); struct tevent_req *groups_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, int filter_type, @@ -183,6 +186,7 @@ int groups_get_recv(struct tevent_req *req, int *dp_error_out); struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name); int ldap_netgroup_get_recv(struct tevent_req *req, int *dp_error_out); @@ -191,6 +195,7 @@ struct tevent_req * services_get_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, const char *protocol, @@ -227,6 +232,17 @@ errno_t msgs2attrs_array(TALLOC_CTX *mem_ctx, size_t count, struct ldb_message **msgs, struct sysdb_attrs ***attrs); +errno_t sdap_domain_add(struct sdap_options *opts, + struct sss_domain_info *dom, + struct sdap_domain **_sdom); + +void +sdap_domain_remove(struct sdap_options *opts, + struct sss_domain_info *dom); + +struct sdap_domain *sdap_domain_get(struct sdap_options *opts, + struct sss_domain_info *dom); + errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx, struct dp_option *opts, int class, struct sdap_search_base ***_search_bases); diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 1f3c62bb2..6fe5f5995 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -39,6 +39,7 @@ struct users_get_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; + struct sdap_domain *sdom; struct sdap_id_conn_ctx *conn; struct sdap_id_op *op; struct sysdb_ctx *sysdb; @@ -60,6 +61,7 @@ static void users_get_done(struct tevent_req *subreq); struct tevent_req *users_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, int filter_type, @@ -80,6 +82,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, state->ev = ev; state->ctx = ctx; + state->sdom = sdom; state->conn = conn; state->dp_error = DP_ERR_FATAL; @@ -90,8 +93,8 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, goto fail; } - state->sysdb = ctx->be->domain->sysdb; - state->domain = state->ctx->be->domain; + state->domain = sdom->dom; + state->sysdb = sdom->dom->sysdb; state->name = name; state->filter_type = filter_type; @@ -223,7 +226,7 @@ static void users_get_connect_done(struct tevent_req *subreq) subreq = sdap_get_users_send(state, state->ev, state->domain, state->sysdb, state->ctx->opts, - state->ctx->opts->user_search_bases, + state->sdom->user_search_bases, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, @@ -341,6 +344,7 @@ static void users_get_done(struct tevent_req *subreq) } state->dp_error = DP_ERR_OK; + /* FIXME - return sdap error so that we know the user was not found */ tevent_req_done(req); } @@ -363,6 +367,7 @@ int users_get_recv(struct tevent_req *req, int *dp_error_out) struct groups_get_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; + struct sdap_domain *sdom; struct sdap_id_conn_ctx *conn; struct sdap_id_op *op; struct sysdb_ctx *sysdb; @@ -384,6 +389,7 @@ static void groups_get_done(struct tevent_req *subreq); struct tevent_req *groups_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, int filter_type, @@ -406,6 +412,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, state->ev = ev; state->ctx = ctx; + state->sdom = sdom; state->conn = conn; state->dp_error = DP_ERR_FATAL; @@ -416,8 +423,8 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto fail; } - state->sysdb = ctx->be->domain->sysdb; - state->domain = state->ctx->be->domain; + state->domain = sdom->dom; + state->sysdb = sdom->dom->sysdb; state->name = name; state->filter_type = filter_type; @@ -571,9 +578,8 @@ static void groups_get_connect_done(struct tevent_req *subreq) } subreq = sdap_get_groups_send(state, state->ev, - state->domain, state->sysdb, + state->sdom, state->ctx->opts, - state->ctx->opts->group_search_bases, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, @@ -677,8 +683,12 @@ int groups_get_recv(struct tevent_req *req, int *dp_error_out) struct groups_by_user_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; + struct sdap_domain *sdom; struct sdap_id_conn_ctx *conn; struct sdap_id_op *op; + struct sysdb_ctx *sysdb; + struct sss_domain_info *domain; + const char *name; const char **attrs; @@ -692,6 +702,7 @@ static void groups_by_user_done(struct tevent_req *subreq); static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name) { @@ -706,6 +717,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; state->conn = conn; + state->sdom = sdom; state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { @@ -715,6 +727,8 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, } state->name = name; + state->domain = sdom->dom; + state->sysdb = sdom->dom->sysdb; ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP, NULL, &state->attrs, NULL); @@ -769,6 +783,7 @@ static void groups_by_user_connect_done(struct tevent_req *subreq) subreq = sdap_get_initgr_send(state, state->ev, + state->sdom, sdap_id_op_handle(state->op), state->ctx, state->conn, @@ -987,6 +1002,7 @@ void sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx, static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, int filter_type, @@ -1023,6 +1039,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, struct be_req *breq, struct be_acct_req *ar, struct sdap_id_ctx *id_ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn) { struct tevent_req *req; @@ -1059,7 +1076,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, goto done; } - subreq = users_get_send(breq, be_ctx->ev, id_ctx, conn, + subreq = users_get_send(breq, be_ctx->ev, id_ctx, + sdom, conn, ar->filter_value, ar->filter_type, ar->attr_type); @@ -1076,7 +1094,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, goto done; } - subreq = groups_get_send(breq, be_ctx->ev, id_ctx, conn, + subreq = groups_get_send(breq, be_ctx->ev, id_ctx, + sdom, conn, ar->filter_value, ar->filter_type, ar->attr_type); @@ -1094,7 +1113,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, goto done; } - subreq = groups_by_user_send(breq, be_ctx->ev, id_ctx, conn, + subreq = groups_by_user_send(breq, be_ctx->ev, id_ctx, + sdom, conn, ar->filter_value); break; @@ -1105,7 +1125,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, goto done; } - subreq = ldap_netgroup_get_send(breq, be_ctx->ev, id_ctx, conn, + subreq = ldap_netgroup_get_send(breq, be_ctx->ev, id_ctx, + sdom, conn, ar->filter_value); break; @@ -1125,7 +1146,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, goto done; } - subreq = services_get_send(breq, be_ctx->ev, id_ctx, conn, + subreq = services_get_send(breq, be_ctx->ev, id_ctx, + sdom, conn, ar->filter_value, ar->extra_value, ar->filter_type); @@ -1138,7 +1160,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, goto done; } - subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, conn, + subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, + sdom, conn, ar->filter_value, ar->filter_type, ar->attr_type); @@ -1152,7 +1175,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, goto done; } - subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, conn, + subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, + sdom, conn, ar->filter_value, ar->filter_type, ar->attr_type); @@ -1274,7 +1298,8 @@ void sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx, EINVAL, "Invalid private data"); } - req = sdap_handle_acct_req_send(breq, breq, ar, ctx, conn); + req = sdap_handle_acct_req_send(breq, breq, ar, ctx, + ctx->opts->sdom, conn); if (req == NULL) { return sdap_handler_done(breq, DP_ERR_FATAL, ENOMEM, "Out of memory"); } @@ -1313,6 +1338,7 @@ static void sdap_account_info_complete(struct tevent_req *req) struct get_user_and_group_state { struct tevent_context *ev; struct sdap_id_ctx *id_ctx; + struct sdap_domain *sdom; struct sdap_id_conn_ctx *conn; struct sdap_id_op *op; struct sysdb_ctx *sysdb; @@ -1334,6 +1360,7 @@ static void get_user_and_group_groups_done(struct tevent_req *subreq); static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *filter_val, int filter_type, @@ -1352,6 +1379,7 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, state->ev = ev; state->id_ctx = id_ctx; + state->sdom = sdom; state->conn = conn; state->dp_error = DP_ERR_FATAL; @@ -1362,13 +1390,14 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, goto fail; } - state->sysdb = state->id_ctx->be->domain->sysdb; - state->domain = state->id_ctx->be->domain; + state->domain = sdom->dom; + state->sysdb = sdom->dom->sysdb; state->filter_val = filter_val; state->filter_type = filter_type; state->attrs_type = attrs_type; - subreq = users_get_send(req, state->ev, state->id_ctx, state->conn, + subreq = users_get_send(req, state->ev, state->id_ctx, + state->sdom, state->conn, state->filter_val, state->filter_type, state->attrs_type); if (subreq == NULL) { @@ -1403,7 +1432,8 @@ static void get_user_and_group_users_done(struct tevent_req *subreq) return; } - subreq = groups_get_send(req, state->ev, state->id_ctx, state->conn, + subreq = groups_get_send(req, state->ev, state->id_ctx, + state->sdom, state->conn, state->filter_val, state->filter_type, state->attrs_type); if (subreq == NULL) { diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c index 7a2129d97..719b13010 100644 --- a/src/providers/ldap/ldap_id_enum.c +++ b/src/providers/ldap/ldap_id_enum.c @@ -188,12 +188,14 @@ struct global_enum_state { static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, struct sdap_id_op *op, bool purge); static void ldap_id_enum_users_done(struct tevent_req *subreq); static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, struct sdap_id_op *op, bool purge); static void ldap_id_enum_groups_done(struct tevent_req *subreq); @@ -277,8 +279,8 @@ static void ldap_id_enumerate_connect_done(struct tevent_req *subreq) } subreq = enum_users_send(state, state->ev, - state->ctx, state->op, - state->purge); + state->ctx, state->ctx->opts->sdom, + state->op, state->purge); if(!subreq) { tevent_req_error(req, ENOMEM); return; @@ -332,7 +334,9 @@ static void ldap_id_enum_users_done(struct tevent_req *subreq) return; } - subreq = enum_groups_send(state, state->ev, state->ctx, state->op, state->purge); + subreq = enum_groups_send(state, state->ev, state->ctx, + state->ctx->opts->sdom, + state->op, state->purge); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -465,6 +469,7 @@ static void ldap_id_enum_cleanup_done(struct tevent_req *subreq) struct enum_users_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; + struct sdap_domain *sdom; struct sdap_id_op *op; char *filter; @@ -476,6 +481,7 @@ static void enum_users_op_done(struct tevent_req *subreq); static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, struct sdap_id_op *op, bool purge) { @@ -488,6 +494,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, if (!req) return NULL; state->ev = ev; + state->sdom = sdom; state->ctx = ctx; state->op = op; @@ -564,10 +571,10 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, */ subreq = sdap_get_users_send(state, state->ev, - state->ctx->be->domain, - state->ctx->be->domain->sysdb, + state->sdom->dom, + state->sdom->dom->sysdb, state->ctx->opts, - state->ctx->opts->user_search_bases, + state->sdom->user_search_bases, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, @@ -627,6 +634,7 @@ static void enum_users_op_done(struct tevent_req *subreq) struct enum_groups_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; + struct sdap_domain *sdom; struct sdap_id_op *op; char *filter; @@ -638,6 +646,7 @@ static void enum_groups_op_done(struct tevent_req *subreq); static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, struct sdap_id_op *op, bool purge) { @@ -650,6 +659,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, if (!req) return NULL; state->ev = ev; + state->sdom = sdom; state->ctx = ctx; state->op = op; @@ -723,15 +733,13 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, */ subreq = sdap_get_groups_send(state, state->ev, - state->ctx->be->domain, - state->ctx->be->domain->sysdb, - state->ctx->opts, - state->ctx->opts->group_search_bases, - sdap_id_op_handle(state->op), - state->attrs, state->filter, - dp_opt_get_int(state->ctx->opts->basic, - SDAP_ENUM_SEARCH_TIMEOUT), - true); + state->sdom, + state->ctx->opts, + sdap_id_op_handle(state->op), + state->attrs, state->filter, + dp_opt_get_int(state->ctx->opts->basic, + SDAP_ENUM_SEARCH_TIMEOUT), + true); if (!subreq) { ret = ENOMEM; goto fail; diff --git a/src/providers/ldap/ldap_id_netgroup.c b/src/providers/ldap/ldap_id_netgroup.c index 5f44c0a9b..759a9353b 100644 --- a/src/providers/ldap/ldap_id_netgroup.c +++ b/src/providers/ldap/ldap_id_netgroup.c @@ -33,6 +33,7 @@ struct ldap_netgroup_get_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; + struct sdap_domain *sdom; struct sdap_id_op *op; struct sdap_id_conn_ctx *conn; struct sysdb_ctx *sysdb; @@ -57,6 +58,7 @@ static void ldap_netgroup_get_done(struct tevent_req *subreq); struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name) { @@ -70,6 +72,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, state->ev = ev; state->ctx = ctx; + state->sdom = sdom; state->conn = conn; state->dp_error = DP_ERR_FATAL; @@ -80,8 +83,8 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, goto fail; } - state->sysdb = ctx->be->domain->sysdb; - state->domain = state->ctx->be->domain; + state->domain = sdom->dom; + state->sysdb = sdom->dom->sysdb; state->name = name; state->timeout = dp_opt_get_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT); @@ -155,7 +158,7 @@ static void ldap_netgroup_get_connect_done(struct tevent_req *subreq) subreq = sdap_get_netgroups_send(state, state->ev, state->domain, state->sysdb, state->ctx->opts, - state->ctx->opts->netgroup_search_bases, + state->sdom->netgroup_search_bases, sdap_id_op_handle(state->op), state->attrs, state->filter, state->timeout); diff --git a/src/providers/ldap/ldap_id_services.c b/src/providers/ldap/ldap_id_services.c index 2a3f104c7..8b331cac4 100644 --- a/src/providers/ldap/ldap_id_services.c +++ b/src/providers/ldap/ldap_id_services.c @@ -33,6 +33,7 @@ struct sdap_services_get_state { struct tevent_context *ev; struct sdap_id_ctx *id_ctx; + struct sdap_domain *sdom; struct sdap_id_op *op; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; @@ -60,6 +61,7 @@ struct tevent_req * services_get_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, + struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, const char *protocol, @@ -77,10 +79,11 @@ services_get_send(TALLOC_CTX *mem_ctx, state->ev = ev; state->id_ctx = id_ctx; + state->sdom = sdom; state->conn = conn; state->dp_error = DP_ERR_FATAL; - state->sysdb = id_ctx->be->domain->sysdb; - state->domain = state->id_ctx->be->domain; + state->domain = sdom->dom; + state->sysdb = sdom->dom->sysdb; state->name = name; state->protocol = protocol; state->filter_type = filter_type; @@ -192,7 +195,7 @@ services_get_connect_done(struct tevent_req *subreq) subreq = sdap_get_services_send(state, state->ev, state->domain, state->sysdb, state->id_ctx->opts, - state->id_ctx->opts->service_search_bases, + state->sdom->service_search_bases, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->id_ctx->opts->basic, diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index 56339961d..76167ad45 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -105,7 +105,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, return EOK; } - ret = ldap_get_options(bectx, bectx->cdb, + ret = ldap_get_options(bectx, bectx->domain, bectx->cdb, bectx->conf_path, &opts); if (ret != EOK) { goto done; diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index daa081ce7..0492be05d 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -732,6 +732,7 @@ static char *get_naming_context(TALLOC_CTX *mem_ctx, } static errno_t sdap_set_search_base(struct sdap_options *opts, + struct sdap_domain *sdom, enum sdap_basic_opt class, char *naming_context) { @@ -740,25 +741,25 @@ static errno_t sdap_set_search_base(struct sdap_options *opts, switch(class) { case SDAP_SEARCH_BASE: - bases = &opts->search_bases; + bases = &sdom->search_bases; break; case SDAP_USER_SEARCH_BASE: - bases = &opts->user_search_bases; + bases = &sdom->user_search_bases; break; case SDAP_GROUP_SEARCH_BASE: - bases = &opts->group_search_bases; + bases = &sdom->group_search_bases; break; case SDAP_NETGROUP_SEARCH_BASE: - bases = &opts->netgroup_search_bases; + bases = &sdom->netgroup_search_bases; break; case SDAP_SUDO_SEARCH_BASE: - bases = &opts->sudo_search_bases; + bases = &sdom->sudo_search_bases; break; case SDAP_SERVICE_SEARCH_BASE: - bases = &opts->service_search_bases; + bases = &sdom->service_search_bases; break; case SDAP_AUTOFS_SEARCH_BASE: - bases = &opts->autofs_search_bases; + bases = &sdom->autofs_search_bases; break; default: return EINVAL; @@ -783,17 +784,18 @@ done: } errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, - struct sdap_options *opts) + struct sdap_options *opts, + struct sdap_domain *sdom) { int ret; char *naming_context = NULL; - if (!opts->search_bases - ||!opts->user_search_bases - || !opts->group_search_bases - || !opts->netgroup_search_bases - || !opts->sudo_search_bases - || !opts->autofs_search_bases) { + if (!sdom->search_bases + || !sdom->user_search_bases + || !sdom->group_search_bases + || !sdom->netgroup_search_bases + || !sdom->sudo_search_bases + || !sdom->autofs_search_bases) { naming_context = get_naming_context(opts->basic, rootdse); if (naming_context == NULL) { DEBUG(1, ("get_naming_context failed.\n")); @@ -808,56 +810,56 @@ errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, } /* Default */ - if (!opts->search_bases) { - ret = sdap_set_search_base(opts, + if (!sdom->search_bases) { + ret = sdap_set_search_base(opts, sdom, SDAP_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* Users */ - if (!opts->user_search_bases) { - ret = sdap_set_search_base(opts, + if (!sdom->user_search_bases) { + ret = sdap_set_search_base(opts, sdom, SDAP_USER_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* Groups */ - if (!opts->group_search_bases) { - ret = sdap_set_search_base(opts, + if (!sdom->group_search_bases) { + ret = sdap_set_search_base(opts, sdom, SDAP_GROUP_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* Netgroups */ - if (!opts->netgroup_search_bases) { - ret = sdap_set_search_base(opts, + if (!sdom->netgroup_search_bases) { + ret = sdap_set_search_base(opts, sdom, SDAP_NETGROUP_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* Sudo */ - if (!opts->sudo_search_bases) { - ret = sdap_set_search_base(opts, + if (!sdom->sudo_search_bases) { + ret = sdap_set_search_base(opts, sdom, SDAP_SUDO_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* Services */ - if (!opts->service_search_bases) { - ret = sdap_set_search_base(opts, + if (!sdom->service_search_bases) { + ret = sdap_set_search_base(opts, sdom, SDAP_SERVICE_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* autofs */ - if (!opts->autofs_search_bases) { - ret = sdap_set_search_base(opts, + if (!sdom->autofs_search_bases) { + ret = sdap_set_search_base(opts, sdom, SDAP_AUTOFS_SEARCH_BASE, naming_context); if (ret != EOK) goto done; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 162250fff..f77636b3c 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -366,6 +366,22 @@ enum dc_functional_level { DS_BEHAVIOR_WIN2012 = 5 }; +struct sdap_domain { + struct sss_domain_info *dom; + + struct sdap_search_base **search_bases; + struct sdap_search_base **user_search_bases; + struct sdap_search_base **group_search_bases; + struct sdap_search_base **netgroup_search_bases; + struct sdap_search_base **sudo_search_bases; + struct sdap_search_base **service_search_bases; + struct sdap_search_base **autofs_search_bases; + + struct sdap_domain *next, *prev; + /* Need to modify the list from a talloc destructor */ + struct sdap_domain **head; +}; + struct sdap_options { struct dp_option *basic; struct sdap_attr_map *gen_map; @@ -390,13 +406,8 @@ struct sdap_options { SDAP_SCHEMA_AD = 4 /* AD's member/memberof */ } schema_type; - struct sdap_search_base **search_bases; - struct sdap_search_base **user_search_bases; - struct sdap_search_base **group_search_bases; - struct sdap_search_base **netgroup_search_bases; - struct sdap_search_base **sudo_search_bases; - struct sdap_search_base **service_search_bases; - struct sdap_search_base **autofs_search_bases; + /* The search bases for the domain or its subdomain */ + struct sdap_domain *sdom; bool support_matching_rule; enum dc_functional_level dc_functional_level; @@ -474,7 +485,8 @@ int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, int sdap_replace_id(struct sysdb_attrs *entry, const char *attr, id_t val); errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, - struct sdap_options *opts); + struct sdap_options *opts, + struct sdap_domain *sdom); int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, const char *server, struct sysdb_attrs *rootdse, diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 38c8302dc..38d94d8b4 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -74,10 +74,8 @@ int sdap_get_users_recv(struct tevent_req *req, struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, struct tevent_context *ev, - struct sss_domain_info *dom, - struct sysdb_ctx *sysdb, + struct sdap_domain *sdom, struct sdap_options *opts, - struct sdap_search_base **search_bases, struct sdap_handle *sh, const char **attrs, const char *filter, @@ -115,6 +113,7 @@ errno_t sdap_auth_recv(struct tevent_req *req, struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct tevent_context *ev, + struct sdap_domain *sdom, struct sdap_handle *sh, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, diff --git a/src/providers/ldap/sdap_async_autofs.c b/src/providers/ldap/sdap_async_autofs.c index 8e874d64b..ae70e7035 100644 --- a/src/providers/ldap/sdap_async_autofs.c +++ b/src/providers/ldap/sdap_async_autofs.c @@ -716,7 +716,7 @@ sdap_autofs_setautomntent_send(TALLOC_CTX *memctx, subreq = sdap_get_automntmap_send(state, ev, dom, sysdb, state->opts, - state->opts->autofs_search_bases, + state->opts->sdom->autofs_search_bases, state->sh, state->attrs, state->filter, dp_opt_get_int(state->opts->basic, diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 4f6986fcf..e97bcf15e 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -1666,7 +1666,8 @@ static errno_t sdap_cli_use_rootdse(struct sdap_cli_connect_state *state) return ret; } - ret = sdap_set_config_options_with_rootdse(state->rootdse, state->opts); + ret = sdap_set_config_options_with_rootdse(state->rootdse, state->opts, + state->opts->sdom); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_set_config_options_with_rootdse failed.\n")); diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index dc7fba426..5a5bedc8f 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1451,6 +1451,7 @@ struct sdap_get_groups_state { struct sdap_options *opts; struct sdap_handle *sh; struct sss_domain_info *dom; + struct sdap_domain *sdom; struct sysdb_ctx *sysdb; const char **attrs; const char *base_filter; @@ -1476,10 +1477,8 @@ static void sdap_get_groups_done(struct tevent_req *subreq); struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, struct tevent_context *ev, - struct sss_domain_info *dom, - struct sysdb_ctx *sysdb, + struct sdap_domain *sdom, struct sdap_options *opts, - struct sdap_search_base **search_bases, struct sdap_handle *sh, const char **attrs, const char *filter, @@ -1495,9 +1494,10 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, state->ev = ev; state->opts = opts; - state->dom = dom; + state->sdom = sdom; + state->dom = sdom->dom; state->sh = sh; - state->sysdb = sysdb; + state->sysdb = sdom->dom->sysdb; state->attrs = attrs; state->higher_usn = NULL; state->groups = NULL; @@ -1506,9 +1506,9 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, state->enumeration = enumeration; state->base_filter = filter; state->base_iter = 0; - state->search_bases = search_bases; + state->search_bases = sdom->group_search_bases; - if (!search_bases) { + if (!state->search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Group lookup request without a search base\n")); ret = EINVAL; @@ -1653,7 +1653,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq) if ((state->opts->schema_type != SDAP_SCHEMA_RFC2307) && (dp_opt_get_int(state->opts->basic, SDAP_NESTING_LEVEL) != 0) && !dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_GROUPS)) { - subreq = sdap_nested_group_send(state, state->ev, state->dom, + subreq = sdap_nested_group_send(state, state->ev, state->sdom, state->opts, state->sh, state->groups[0]); if (!subreq) { diff --git a/src/providers/ldap/sdap_async_groups_ad.c b/src/providers/ldap/sdap_async_groups_ad.c index 1082957f9..1268f7e7d 100644 --- a/src/providers/ldap/sdap_async_groups_ad.c +++ b/src/providers/ldap/sdap_async_groups_ad.c @@ -69,7 +69,7 @@ sdap_get_ad_match_rule_members_send(TALLOC_CTX *mem_ctx, state->timeout = timeout; state->count = 0; state->base_iter = 0; - state->search_bases = opts->user_search_bases; + state->search_bases = opts->sdom->user_search_bases; /* Request all of the user attributes that we know about. */ ret = build_attrs_from_map(state, opts->user_map, SDAP_OPTS_USER, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 57193f71d..68647cfa7 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -352,7 +352,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, state->ldap_groups = NULL; state->ldap_groups_count = 0; state->base_iter = 0; - state->search_bases = opts->group_search_bases; + state->search_bases = opts->sdom->group_search_bases; if (!state->search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -1486,7 +1486,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( state->num_direct_parents = 0; state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); state->base_iter = 0; - state->search_bases = opts->group_search_bases; + state->search_bases = opts->sdom->group_search_bases; state->orig_dn = orig_dn; if (!state->search_bases) { @@ -2118,7 +2118,7 @@ struct tevent_req *rfc2307bis_nested_groups_send( state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); state->base_iter = 0; - state->search_bases = opts->group_search_bases; + state->search_bases = opts->sdom->group_search_bases; if (!state->search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Initgroups nested lookup request " @@ -2530,6 +2530,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq); struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct tevent_context *ev, + struct sdap_domain *sdom, struct sdap_handle *sh, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, @@ -2548,8 +2549,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, state->ev = ev; state->opts = id_ctx->opts; - state->sysdb = id_ctx->be->domain->sysdb; - state->dom = id_ctx->be->domain; + state->dom = sdom->dom; + state->sysdb = sdom->dom->sysdb; state->sh = sh; state->id_ctx = id_ctx; state->conn = conn; @@ -2558,7 +2559,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, state->orig_user = NULL; state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); state->user_base_iter = 0; - state->user_search_bases = id_ctx->opts->user_search_bases; + state->user_search_bases = sdom->user_search_bases; if (!state->user_search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Initgroups lookup request without a user search base\n")); @@ -2950,8 +2951,9 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) goto fail; } - subreq = groups_get_send(req, state->ev, state->id_ctx, state->conn, gid, - BE_FILTER_IDNUM, BE_ATTR_ALL); + subreq = groups_get_send(req, state->ev, state->id_ctx, + state->id_ctx->opts->sdom, state->conn, + gid, BE_FILTER_IDNUM, BE_ATTR_ALL); if (!subreq) { ret = ENOMEM; goto fail; diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index c2dec3736..89789204a 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -82,7 +82,7 @@ sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx, state->name = name; state->orig_dn = orig_dn; state->base_iter = 0; - state->search_bases = opts->group_search_bases; + state->search_bases = opts->sdom->group_search_bases; /* Request all of the group attributes that we know * about, except for 'member' because that wastes a diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c index 9e8df99be..e8d5295cc 100644 --- a/src/providers/ldap/sdap_async_nested_groups.c +++ b/src/providers/ldap/sdap_async_nested_groups.c @@ -56,6 +56,8 @@ struct sdap_nested_group_member { struct sdap_nested_group_ctx { struct sss_domain_info *domain; struct sdap_options *opts; + struct sdap_search_base **user_search_bases; + struct sdap_search_base **group_search_bases; struct sdap_handle *sh; hash_table_t *users; hash_table_t *groups; @@ -466,10 +468,12 @@ sdap_nested_group_split_members(TALLOC_CTX *mem_ctx, if (type == SDAP_NESTED_GROUP_DN_UNKNOWN) { /* user */ is_user = sss_ldap_dn_in_search_bases(tmp_ctx, dn, - group_ctx->opts->user_search_bases, &user_filter); + group_ctx->user_search_bases, + &user_filter); is_group = sss_ldap_dn_in_search_bases(tmp_ctx, dn, - group_ctx->opts->group_search_bases, &group_filter); + group_ctx->group_search_bases, + &group_filter); if (is_user && is_group) { /* search bases overlap */ @@ -551,12 +555,13 @@ struct sdap_nested_group_state { static void sdap_nested_group_done(struct tevent_req *subreq); -struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct sss_domain_info *domain, - struct sdap_options *opts, - struct sdap_handle *sh, - struct sysdb_attrs *group) +struct tevent_req * +sdap_nested_group_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct sdap_domain *sdom, + struct sdap_options *opts, + struct sdap_handle *sh, + struct sysdb_attrs *group) { struct sdap_nested_group_state *state = NULL; struct tevent_req *req = NULL; @@ -596,8 +601,10 @@ struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx, SDAP_DEREF_THRESHOLD); state->group_ctx->max_nesting_level = dp_opt_get_int(opts->basic, SDAP_NESTING_LEVEL); - state->group_ctx->domain = domain; + state->group_ctx->domain = sdom->dom; state->group_ctx->opts = opts; + state->group_ctx->user_search_bases = sdom->user_search_bases; + state->group_ctx->group_search_bases = sdom->group_search_bases; state->group_ctx->sh = sh; state->group_ctx->try_deref = sdap_has_deref_support(sh, opts); @@ -608,8 +615,8 @@ struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx, /* if any search base contains filter, disable dereference. */ if (state->group_ctx->try_deref) { - for (i = 0; opts->user_search_bases[i] != NULL; i++) { - if (opts->user_search_bases[i]->filter != NULL) { + for (i = 0; opts->sdom->user_search_bases[i] != NULL; i++) { + if (opts->sdom->user_search_bases[i]->filter != NULL) { DEBUG(SSSDBG_TRACE_FUNC, ("User search base contains filter, " "dereference will be disabled\n")); state->group_ctx->try_deref = false; @@ -619,8 +626,8 @@ struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx, } if (state->group_ctx->try_deref) { - for (i = 0; opts->group_search_bases[i] != NULL; i++) { - if (opts->group_search_bases[i]->filter != NULL) { + for (i = 0; opts->sdom->group_search_bases[i] != NULL; i++) { + if (opts->sdom->group_search_bases[i]->filter != NULL) { DEBUG(SSSDBG_TRACE_FUNC, ("Group search base contains filter, " "dereference will be disabled\n")); state->group_ctx->try_deref = false; @@ -2092,7 +2099,7 @@ sdap_nested_group_deref_direct_process(struct tevent_req *subreq) /* skip the user if it is not amongst configured search bases */ bret = sss_ldap_dn_in_search_bases(state, orig_dn, - opts->user_search_bases, NULL); + opts->sdom->user_search_bases, NULL); if (!bret) { continue; } @@ -2119,7 +2126,7 @@ sdap_nested_group_deref_direct_process(struct tevent_req *subreq) /* skip the group if it is not amongst configured search bases */ bret = sss_ldap_dn_in_search_bases(state, orig_dn, - opts->group_search_bases, NULL); + opts->sdom->group_search_bases, NULL); if (!bret) { continue; } diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index 2b382c1cf..57dbcde81 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -420,7 +420,7 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) } if (!sss_ldap_dn_in_search_bases(state, state->dn_item->dn, - state->opts->netgroup_search_bases, + state->opts->sdom->netgroup_search_bases, &filter)) { /* not in search base, skip it */ state->dn_idx = state->dn_item->next; diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h index 488387eb5..944c8a82b 100644 --- a/src/providers/ldap/sdap_async_private.h +++ b/src/providers/ldap/sdap_async_private.h @@ -113,10 +113,9 @@ errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, char ***grouplist); /* from sdap_async_nested_groups.c */ - struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct sss_domain_info *domain, + struct sdap_domain *sdom, struct sdap_options *opts, struct sdap_handle *sh, struct sysdb_attrs *group); diff --git a/src/providers/ldap/sdap_async_services.c b/src/providers/ldap/sdap_async_services.c index 15a725b8b..d637d22e5 100644 --- a/src/providers/ldap/sdap_async_services.c +++ b/src/providers/ldap/sdap_async_services.c @@ -582,7 +582,7 @@ enum_services_send(TALLOC_CTX *memctx, subreq = sdap_get_services_send(state, state->ev, state->domain, state->sysdb, state->id_ctx->opts, - state->id_ctx->opts->service_search_bases, + state->id_ctx->opts->sdom->service_search_bases, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->id_ctx->opts->basic, diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c index 67b12b048..ed4cf75ad 100644 --- a/src/providers/ldap/sdap_async_sudo.c +++ b/src/providers/ldap/sdap_async_sudo.c @@ -298,7 +298,7 @@ static struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx, state->opts = opts; state->sh = sh; state->base_iter = 0; - state->search_bases = opts->sudo_search_bases; + state->search_bases = opts->sdom->sudo_search_bases; state->filter = ldap_filter; state->timeout = dp_opt_get_int(opts->basic, SDAP_SEARCH_TIMEOUT); state->ldap_rules = NULL; -- cgit