diff options
| author | Ondrej Kos <okos@redhat.com> | 2013-09-03 12:49:17 +0200 |
|---|---|---|
| committer | Ondrej Kos <okos@redhat.com> | 2013-09-03 13:11:51 +0200 |
| commit | f6ffbca5d56c72b062807a3a1b2ac803c9c67f04 (patch) | |
| tree | e64c00b41cd4755457328d918e56aabf1dbab9e7 /src/providers/ldap/sdap_async_initgroups.c | |
| parent | 0239d6fa2e6e2567c5d3863a92ccea263c4d6b17 (diff) | |
| download | sssd-f6ffbca5d56c72b062807a3a1b2ac803c9c67f04.tar.gz sssd-f6ffbca5d56c72b062807a3a1b2ac803c9c67f04.tar.xz sssd-f6ffbca5d56c72b062807a3a1b2ac803c9c67f04.zip | |
move sdap_get_initgr_state structure to private header
Explanation
Resolves:
https://fedorahosted.org/sssd/ticket/XXXX
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 56 |
1 files changed, 50 insertions, 6 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index aa0ea4c1..4e9aab7c 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2596,6 +2596,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, state->orig_user = NULL; state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); state->user_base_iter = 0; + state->failed_tokengroups = false; state->user_search_bases = sdom->user_search_bases; if (!state->user_search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -2792,8 +2793,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } - if (state->use_id_mapping - && state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { + if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { /* Take advantage of AD's tokenGroups mechanism to look up all * parent groups in a single request. */ @@ -2818,10 +2818,12 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) cname, orig_dn, state->timeout); } else { - subreq = sdap_initgr_rfc2307bis_send( - state, state->ev, state->opts, state->sysdb, - state->dom, state->sh, - cname, orig_dn); + subreq = sdap_initgr_rfc2307bis_send(state, state->ev, + state->opts, + state->sysdb, + state->dom, + state->sh, + cname, orig_dn); } if (!subreq) { tevent_req_error(req, ENOMEM); @@ -2874,6 +2876,48 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) char *dom_sid_str; char *group_sid_str; struct sdap_options *opts = state->opts; + const char *orig_dn; + const char *cname; + + if (state->failed_tokengroups) { + DEBUG(SSSDBG_MINOR_FAILURE, ("TokenGroups call failed, falling " + "back to rfc2307bis initgroups call.\n")); + + state->failed_tokengroups = false; + talloc_zfree(subreq); + ret = sysdb_get_real_name(state, state->sysdb, + state->dom, state->name, &cname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Cannot canonicalize username\n")); + tevent_req_error(req, ret); + return; + } + + ret = sysdb_attrs_get_string(state->orig_user, + SYSDB_ORIG_DN, + &orig_dn); + if (ret != EOK) { + tevent_req_error(req, ret); + return; + } + + subreq = sdap_initgr_rfc2307bis_send(state, state->ev, + state->opts, + state->sysdb, + state->dom, + state->sh, + cname, orig_dn); + + if (!subreq) { + tevent_req_error(req, ENOMEM); + return; + } + + talloc_steal(subreq, orig_dn); + tevent_req_set_callback(subreq, sdap_get_initgr_done, req); + + return; + } DEBUG(9, ("Initgroups done\n")); |