diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2017-02-10 14:39:43 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-02-15 14:51:32 +0100 |
commit | 50c740cbc2bb27cbe488fa8587e2901b8b85cf87 (patch) | |
tree | 7682998f4d014fe2c90b54423e80e38db2a33d2d | |
parent | 26866484a985adbc7edf2e79a1e95b3bb6b8624c (diff) | |
download | sssd-50c740cbc2bb27cbe488fa8587e2901b8b85cf87.tar.gz sssd-50c740cbc2bb27cbe488fa8587e2901b8b85cf87.tar.xz sssd-50c740cbc2bb27cbe488fa8587e2901b8b85cf87.zip |
RESPONDER: Contact inconsistent domains
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r-- | src/providers/data_provider.h | 5 | ||||
-rw-r--r-- | src/responder/common/responder_dp.c | 74 |
2 files changed, 76 insertions, 3 deletions
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index 46d9910dd..5ccc0adba 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -229,6 +229,11 @@ int dp_get_sbus_address(TALLOC_CTX *mem_ctx, char **address, const char *domain_name); +/* Reserved filter name for request which waits until the files provider finishes mirroring + * the file content + */ +#define DP_REQ_OPT_FILES_INITGR "files_initgr_request" + /* Helpers */ #define NULL_STRING { .string = NULL } diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c index cfd12569a..080f70fd5 100644 --- a/src/responder/common/responder_dp.c +++ b/src/responder/common/responder_dp.c @@ -453,6 +453,12 @@ sss_dp_req_recv(TALLOC_CTX *mem_ctx, */ static DBusMessage *sss_dp_get_account_msg(void *pvt); +static int sss_dp_account_files_params(struct sss_domain_info *dom, + enum sss_dp_acct_type type_in, + const char *opt_name_in, + enum sss_dp_acct_type *_type_out, + const char **_opt_name_out); + struct sss_dp_account_info { struct sss_domain_info *dom; @@ -496,9 +502,28 @@ sss_dp_get_account_send(TALLOC_CTX *mem_ctx, } if (NEED_CHECK_PROVIDER(dom->provider) == false) { - DEBUG(SSSDBG_TRACE_INTERNAL, "Domain %s does not check DP\n", dom->name); - ret = EOK; - goto error; + if (strcmp(dom->provider, "files") == 0) { + /* This is a special case. If the files provider is just being updated, + * we issue an enumeration request. We always use the same request type + * (user enumeration) to make sure concurrent requests are just chained + * in the Data Provider + */ + ret = sss_dp_account_files_params(dom, type, opt_name, + &type, &opt_name); + if (ret == EOK) { + goto error; + } else if (ret != EAGAIN) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to set files provider update: %d: %s\n", + ret, sss_strerror(ret)); + goto error; + } + /* EAGAIN, fall through to issuing the request */ + } else { + DEBUG(SSSDBG_TRACE_INTERNAL, "Domain %s does not check DP\n", dom->name); + ret = EOK; + goto error; + } } info = talloc_zero(state, struct sss_dp_account_info); @@ -554,6 +579,49 @@ error: return req; } +static int sss_dp_account_files_params(struct sss_domain_info *dom, + enum sss_dp_acct_type type_in, + const char *opt_name_in, + enum sss_dp_acct_type *_type_out, + const char **_opt_name_out) +{ +#if 0 + if (sss_domain_get_state(dom) != DOM_INCONSISTENT) { + return EOK; + } +#endif + + DEBUG(SSSDBG_TRACE_INTERNAL, + "Domain files is not consistent, issuing update\n"); + + switch(type_in) { + case SSS_DP_USER: + case SSS_DP_GROUP: + *_type_out = type_in; + *_opt_name_out = NULL; + return EAGAIN; + case SSS_DP_INITGROUPS: + /* There is no initgroups enumeration so let's use a dummy + * name to let the DP chain the requests + */ + *_type_out = type_in; + *_opt_name_out = DP_REQ_OPT_FILES_INITGR; + return EAGAIN; + /* These are not handled by the files provider, just fall back */ + case SSS_DP_NETGR: + case SSS_DP_SERVICES: + case SSS_DP_SECID: + case SSS_DP_USER_AND_GROUP: + case SSS_DP_CERT: + case SSS_DP_WILDCARD_USER: + case SSS_DP_WILDCARD_GROUP: + return EOK; + } + + DEBUG(SSSDBG_CRIT_FAILURE, "Unhandled type %d\n", type_in); + return EINVAL; +} + static DBusMessage * sss_dp_get_account_msg(void *pvt) { |