move sdap_get_initgr_state structure to private header

Explanation Resolves: https://fedorahosted.org/sssd/ticket/XXXX
author: Ondrej Kos <okos@redhat.com> 2013-09-03 12:49:17 +0200
committer: Ondrej Kos <okos@redhat.com> 2013-09-03 13:11:51 +0200
commit: f6ffbca5d56c72b062807a3a1b2ac803c9c67f04 (patch)
tree: e64c00b41cd4755457328d918e56aabf1dbab9e7
parent: 0239d6fa2e6e2567c5d3863a92ccea263c4d6b17 (diff)
download: sssd-f6ffbca5d56c72b062807a3a1b2ac803c9c67f04.tar.gz
sssd-f6ffbca5d56c72b062807a3a1b2ac803c9c67f04.tar.xz
sssd-f6ffbca5d56c72b062807a3a1b2ac803c9c67f04.zip
2 files changed, 74 insertions, 6 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index aa0ea4c1..4e9aab7c 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -2596,6 +2596,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
     state->orig_user = NULL;
     state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
     state->user_base_iter = 0;
+    state->failed_tokengroups = false;
     state->user_search_bases = sdom->user_search_bases;
     if (!state->user_search_bases) {
         DEBUG(SSSDBG_CRIT_FAILURE,
@@ -2792,8 +2793,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
             return;
         }
 
-        if (state->use_id_mapping
-                && state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) {
+        if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) {
             /* Take advantage of AD's tokenGroups mechanism to look up all
              * parent groups in a single request.
              */
@@ -2818,10 +2818,12 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
                                                             cname, orig_dn,
                                                             state->timeout);
         } else {
-            subreq = sdap_initgr_rfc2307bis_send(
-                    state, state->ev, state->opts, state->sysdb,
-                    state->dom, state->sh,
-                    cname, orig_dn);
+            subreq = sdap_initgr_rfc2307bis_send(state, state->ev,
+                                                 state->opts,
+                                                 state->sysdb,
+                                                 state->dom,
+                                                 state->sh,
+                                                 cname, orig_dn);
         }
         if (!subreq) {
             tevent_req_error(req, ENOMEM);
@@ -2874,6 +2876,48 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
     char *dom_sid_str;
     char *group_sid_str;
     struct sdap_options *opts = state->opts;
+    const char *orig_dn;
+    const char *cname;
+
+    if (state->failed_tokengroups) {
+        DEBUG(SSSDBG_MINOR_FAILURE, ("TokenGroups call failed, falling "
+                    "back to rfc2307bis initgroups call.\n"));
+
+        state->failed_tokengroups = false;
+        talloc_zfree(subreq);
+        ret = sysdb_get_real_name(state, state->sysdb,
+                                  state->dom, state->name, &cname);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("Cannot canonicalize username\n"));
+            tevent_req_error(req, ret);
+            return;
+        }
+
+        ret = sysdb_attrs_get_string(state->orig_user,
+                                     SYSDB_ORIG_DN,
+                                     &orig_dn);
+        if (ret != EOK) {
+            tevent_req_error(req, ret);
+            return;
+        }
+
+        subreq = sdap_initgr_rfc2307bis_send(state, state->ev,
+                                             state->opts,
+                                             state->sysdb,
+                                             state->dom,
+                                             state->sh,
+                                             cname, orig_dn);
+
+        if (!subreq) {
+            tevent_req_error(req, ENOMEM);
+            return;
+        }
+
+        talloc_steal(subreq, orig_dn);
+        tevent_req_set_callback(subreq, sdap_get_initgr_done, req);
+
+        return;
+    }
 
     DEBUG(9, ("Initgroups done\n"));
 
diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h
index 944c8a82..0ac68645 100644
--- a/src/providers/ldap/sdap_async_private.h
+++ b/src/providers/ldap/sdap_async_private.h
@@ -35,6 +35,30 @@ struct dn_item {
     struct dn_item *prev;
 };
 
+struct sdap_get_initgr_state {
+    struct tevent_context *ev;
+    struct sysdb_ctx *sysdb;
+    struct sdap_options *opts;
+    struct sss_domain_info *dom;
+    struct sdap_handle *sh;
+    struct sdap_id_ctx *id_ctx;
+    struct sdap_id_conn_ctx *conn;
+    const char *name;
+    const char **grp_attrs;
+    const char **user_attrs;
+    const char *user_base_filter;
+    char *filter;
+    int timeout;
+
+    struct sysdb_attrs *orig_user;
+
+    size_t user_base_iter;
+    struct sdap_search_base **user_search_bases;
+
+    bool use_id_mapping;
+    bool failed_tokengroups;
+};
+
 bool is_dn(const char *str);
 errno_t update_dn_list(struct dn_item *dn_list,
                        const size_t count,
author	Ondrej Kos <okos@redhat.com>	2013-09-03 12:49:17 +0200
committer	Ondrej Kos <okos@redhat.com>	2013-09-03 13:11:51 +0200
commit	f6ffbca5d56c72b062807a3a1b2ac803c9c67f04 (patch)
tree	e64c00b41cd4755457328d918e56aabf1dbab9e7
parent	0239d6fa2e6e2567c5d3863a92ccea263c4d6b17 (diff)
download	sssd-f6ffbca5d56c72b062807a3a1b2ac803c9c67f04.tar.gz sssd-f6ffbca5d56c72b062807a3a1b2ac803c9c67f04.tar.xz sssd-f6ffbca5d56c72b062807a3a1b2ac803c9c67f04.zip