diff options
author | Petr Čech <pcech@redhat.com> | 2017-01-04 15:33:30 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-02-08 10:53:19 +0100 |
commit | 3ee411625aee19afda7477bb10b52c3da378b6fb (patch) | |
tree | 4b6cb8929642102fb074e0d702798412b8b5a905 /src/providers | |
parent | c3593f06da54315c88a08a46cfc0def366acad43 (diff) | |
download | sssd-3ee411625aee19afda7477bb10b52c3da378b6fb.tar.gz sssd-3ee411625aee19afda7477bb10b52c3da378b6fb.tar.xz sssd-3ee411625aee19afda7477bb10b52c3da378b6fb.zip |
SYSDB: Removing of sysdb_try_to_find_expected_dn()
Currently in order to match multiple LDAP search results we
use two different functions - we have sysdb_try_to_find_expected_dn()
but also sdap_object_in_domain().
This patch removes sysdb_try_to_find_expected_dn() and add new
sdap_search_initgr_user_in_batch() based on sdap_object_in_domain().
This function covers necessary logic.
Resolves:
https://fedorahosted.org/sssd/ticket/3230
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/sdap.c | 6 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 4 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 28 |
3 files changed, 30 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index eb460d93b..bfb7fc6d2 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -1673,9 +1673,9 @@ char *sdap_make_oc_list(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map) } } -static bool sdap_object_in_domain(struct sdap_options *opts, - struct sysdb_attrs *obj, - struct sss_domain_info *dom) +bool sdap_object_in_domain(struct sdap_options *opts, + struct sysdb_attrs *obj, + struct sss_domain_info *dom) { errno_t ret; const char *original_dn = NULL; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index e3cb8464f..6d4543ed4 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -616,4 +616,8 @@ size_t sdap_steal_objects_in_dom(struct sdap_options *opts, size_t count, bool filter); +bool sdap_object_in_domain(struct sdap_options *opts, + struct sysdb_attrs *obj, + struct sss_domain_info *dom); + #endif /* _SDAP_H_ */ diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 2cd9c15b9..8c7a65bf3 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -23,6 +23,7 @@ #include "util/util.h" #include "db/sysdb.h" +#include "providers/ldap/sdap.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_idmap.h" @@ -2890,6 +2891,25 @@ static errno_t sdap_get_initgr_next_base(struct tevent_req *req) return EOK; } +static int sdap_search_initgr_user_in_batch(struct sdap_get_initgr_state *state, + struct sysdb_attrs **users, + size_t count) +{ + int ret = EINVAL; + + for (size_t i = 0; i < count; i++) { + if (sdap_object_in_domain(state->opts, users[i], state->dom) == false) { + continue; + } + + state->orig_user = talloc_steal(state, users[i]); + ret = EOK; + break; + } + + return ret; +} + static void sdap_get_initgr_user(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, @@ -2951,13 +2971,11 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) * the first search base because all bases in a single domain would * have the same DC= components */ - ret = sysdb_try_to_find_expected_dn(state->dom, "dc", - state->sdom->search_bases[0]->basedn, - usr_attrs, count, - &state->orig_user); + ret = sdap_search_initgr_user_in_batch(state, usr_attrs, count); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, - "try_to_find_expected_dn failed. No matching DN found.\n"); + "sdap_search_initgr_user_in_batch failed. " + "No matching DN found.\n"); tevent_req_error(req, EINVAL); return; } |