diff options
author | Sumit Bose <sbose@redhat.com> | 2016-02-17 18:36:16 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-04-13 10:43:18 +0200 |
commit | 7cf0f78d832c7a09b59ee9f91cedc427c0253cd4 (patch) | |
tree | 376e102141ac908860ff37d1d8202617557edb23 /src/providers/ldap | |
parent | cce3e8526176ce2fe9baa5bda1bb457b996b7bcf (diff) | |
download | sssd-7cf0f78d832c7a09b59ee9f91cedc427c0253cd4.tar.gz sssd-7cf0f78d832c7a09b59ee9f91cedc427c0253cd4.tar.xz sssd-7cf0f78d832c7a09b59ee9f91cedc427c0253cd4.zip |
LDAP: refactor sdap_ad_tokengroups_initgr_mapping_done()
The group-processing is moved out to make it reusable.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/sdap_async_ad.h | 6 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 78 |
2 files changed, 57 insertions, 27 deletions
diff --git a/src/providers/ldap/sdap_async_ad.h b/src/providers/ldap/sdap_async_ad.h index 0cbe6dfd7..950f5a030 100644 --- a/src/providers/ldap/sdap_async_ad.h +++ b/src/providers/ldap/sdap_async_ad.h @@ -24,6 +24,12 @@ #ifndef SDAP_ASYNC_AD_H_ #define SDAP_ASYNC_AD_H_ +errno_t sdap_ad_save_group_membership_with_idmapping(const char *username, + struct sss_domain_info *user_dom, + struct sdap_idmap_ctx *idmap_ctx, + size_t num_sids, + char **sids); + errno_t sdap_ad_tokengroups_get_posix_members(TALLOC_CTX *mem_ctx, struct sss_domain_info *user_domain, diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index b0f8ed41d..bf368825b 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -22,6 +22,7 @@ #include "util/util.h" #include "providers/ldap/sdap_async.h" +#include "providers/ldap/sdap_async_ad.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/sdap_idmap.h" @@ -837,42 +838,31 @@ sdap_ad_tokengroups_initgr_mapping_connect_done(struct tevent_req *subreq) return; } -static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq) +errno_t sdap_ad_save_group_membership_with_idmapping(const char *username, + struct sss_domain_info *user_dom, + struct sdap_idmap_ctx *idmap_ctx, + size_t num_sids, + char **sids) { TALLOC_CTX *tmp_ctx = NULL; - struct sdap_ad_tokengroups_initgr_mapping_state *state = NULL; - struct tevent_req *req = NULL; struct sss_domain_info *domain = NULL; struct ldb_message *msg = NULL; const char *attrs[] = {SYSDB_NAME, NULL}; const char *name = NULL; const char *sid = NULL; - char **sids = NULL; - size_t num_sids = 0; size_t i; time_t now; gid_t gid; char **groups = NULL; size_t num_groups; - errno_t ret, sret; + errno_t ret; + errno_t sret; bool in_transaction = false; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n"); - ret = ENOMEM; - goto done; - } - - req = tevent_req_callback_data(subreq, struct tevent_req); - state = tevent_req_data(req, struct sdap_ad_tokengroups_initgr_mapping_state); - - ret = sdap_get_ad_tokengroups_recv(state, subreq, &num_sids, &sids); - talloc_zfree(subreq); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to acquire tokengroups [%d]: %s\n", - ret, strerror(ret)); - goto done; + DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); + return ENOMEM; } num_groups = 0; @@ -883,7 +873,7 @@ static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq) } now = time(NULL); - ret = sysdb_transaction_start(state->sysdb); + ret = sysdb_transaction_start(user_dom->sysdb); if (ret != EOK) { goto done; } @@ -893,7 +883,7 @@ static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq) sid = sids[i]; DEBUG(SSSDBG_TRACE_LIBS, "Processing membership SID [%s]\n", sid); - ret = sdap_idmap_sid_to_unix(state->idmap_ctx, sid, &gid); + ret = sdap_idmap_sid_to_unix(idmap_ctx, sid, &gid); if (ret == ENOTSUP) { DEBUG(SSSDBG_TRACE_FUNC, "Skipping built-in object.\n"); continue; @@ -903,7 +893,7 @@ static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq) continue; } - domain = sss_get_domain_by_sid_ldap_fallback(state->domain, sid); + domain = sss_get_domain_by_sid_ldap_fallback(user_dom, sid); if (domain == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, "Domain not found for SID %s\n", sid); continue; @@ -951,8 +941,8 @@ static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq) groups[num_groups] = NULL; - ret = sdap_ad_tokengroups_update_members(state->username, - state->sysdb, state->domain, + ret = sdap_ad_tokengroups_update_members(username, + user_dom->sysdb, user_dom, groups); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Membership update failed [%d]: %s\n", @@ -960,7 +950,7 @@ static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq) goto done; } - ret = sysdb_transaction_commit(state->sysdb); + ret = sysdb_transaction_commit(user_dom->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not commit transaction! [%s]\n", strerror(ret)); @@ -972,11 +962,45 @@ done: talloc_free(tmp_ctx); if (in_transaction) { - sret = sysdb_transaction_cancel(state->sysdb); + sret = sysdb_transaction_cancel(user_dom->sysdb); DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel transaction! [%s]\n", strerror(sret)); } + return ret; +} + +static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq) +{ + struct sdap_ad_tokengroups_initgr_mapping_state *state = NULL; + struct tevent_req *req = NULL; + char **sids = NULL; + size_t num_sids = 0; + errno_t ret; + + req = tevent_req_callback_data(subreq, struct tevent_req); + state = tevent_req_data(req, struct sdap_ad_tokengroups_initgr_mapping_state); + + ret = sdap_get_ad_tokengroups_recv(state, subreq, &num_sids, &sids); + talloc_zfree(subreq); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to acquire tokengroups [%d]: %s\n", + ret, strerror(ret)); + goto done; + } + + ret = sdap_ad_save_group_membership_with_idmapping(state->username, + state->domain, + state->idmap_ctx, + num_sids, + sids); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sdap_ad_save_group_membership_with_idmapping failed.\n"); + goto done; + } + +done: if (ret != EOK) { tevent_req_error(req, ret); return; |