diff options
author | Petr Cech <pcech@redhat.com> | 2015-11-09 09:51:05 -0500 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2015-12-11 15:15:52 +0100 |
commit | 565e6d91814884054ec0dc4d770804d7bf472d3f (patch) | |
tree | 668177ded04c8e67e2e7f84392ae743ff8aaa0af /src/providers | |
parent | a3d9b7eea4a92a57b274e1c9df6108e916f823c8 (diff) | |
download | sssd-565e6d91814884054ec0dc4d770804d7bf472d3f.tar.gz sssd-565e6d91814884054ec0dc4d770804d7bf472d3f.tar.xz sssd-565e6d91814884054ec0dc4d770804d7bf472d3f.zip |
IPA_PROVIDER: Explicit no handle of services
Function get_object_from_cache() does not handle services.
This patch adds quick shortcut to avoid sending an LDAP query
to cache.
Resolves:
https://fedorahosted.org/sssd/ticket/2747
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ipa/ipa_id.c | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index e81ccb34d..27cc2548d 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -30,6 +30,27 @@ #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_id.h" +static bool is_object_overridable(struct be_acct_req *ar) +{ + bool ret = false; + + switch (ar->entry_type & BE_REQ_TYPE_MASK) { + case BE_REQ_USER: + case BE_REQ_GROUP: + case BE_REQ_INITGROUPS: + case BE_REQ_BY_SECID: + case BE_REQ_USER_AND_GROUP: + case BE_REQ_BY_UUID: + case BE_REQ_BY_CERT: + ret = true; + break; + default: + break; + } + + return ret; +} + static const char *ipa_account_info_error_text(int ret, int *dp_error, const char *default_text) { @@ -638,7 +659,8 @@ ipa_id_get_account_info_send(TALLOC_CTX *memctx, struct tevent_context *ev, || state->ar->filter_type == BE_FILTER_SECID || state->ar->extra_value == NULL || strcmp(state->ar->extra_value, - EXTRA_INPUT_MAYBE_WITH_VIEW) != 0 ) { + EXTRA_INPUT_MAYBE_WITH_VIEW) != 0 + || ! is_object_overridable(state->ar)) { ret = ipa_id_get_account_info_get_original_step(req, ar); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, @@ -820,6 +842,12 @@ static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq) goto fail; } + if (! is_object_overridable(state->ar)) { + state->dp_error = DP_ERR_OK; + tevent_req_done(req); + return; + } + ret = get_object_from_cache(state, state->domain, state->ar, &state->obj_msg); if (ret == ENOENT) { |