From 3cb9a3db92247e02087f1dcd2af54fd083738646 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Feb 26 2019 21:52:36 +0000 Subject: ldap: user get_ldap_conn_from_sdom_pvt() where possible Currently when trying to prefer LDAP port lookups over Global Catalog searches some AD specific structs are needed in the common LDAP provider code. By using get_ldap_conn_from_sdom_pvt() this can be avoided and all AD specific details are handled inside sdap_async_initgroups_ad.c now. Related to https://pagure.io/SSSD/sssd/issue/2474 Reviewed-by: Jakub Hrozek --- diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 9e82899..009732b 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -35,7 +35,6 @@ #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_idmap.h" #include "providers/ldap/sdap_users.h" -#include "providers/ad/ad_common.h" /* =Users-Related-Functions-(by-name,by-uid)============================== */ @@ -1708,7 +1707,6 @@ static void get_user_and_group_groups_done(struct tevent_req *subreq) struct get_user_and_group_state *state = tevent_req_data(req, struct get_user_and_group_state); int ret; - struct ad_id_ctx *ad_id_ctx; struct sdap_id_conn_ctx *user_conn; ret = groups_get_recv(subreq, &state->dp_error, &state->sdap_ret); @@ -1730,17 +1728,10 @@ static void get_user_and_group_groups_done(struct tevent_req *subreq) /* Now the search finished fine but did not find an entry. * Retry with users. */ - user_conn = state->conn; /* Prefer LDAP over GC for users */ - if (state->id_ctx->opts->schema_type == SDAP_SCHEMA_AD - && state->sdom->pvt != NULL) { - ad_id_ctx = talloc_get_type(state->sdom->pvt, struct ad_id_ctx); - if (ad_id_ctx != NULL && ad_id_ctx->ldap_ctx != NULL - && state->conn == ad_id_ctx->gc_ctx) { - DEBUG(SSSDBG_TRACE_ALL, - "Switching to LDAP connection for user lookup.\n"); - user_conn = ad_id_ctx->ldap_ctx; - } + user_conn = get_ldap_conn_from_sdom_pvt(state->id_ctx->opts, state->sdom); + if (user_conn == NULL) { + user_conn = state->conn; } subreq = users_get_send(req, state->ev, state->id_ctx, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index d23cab0..d7ace94 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -27,7 +27,6 @@ #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_idmap.h" -#include "providers/ad/ad_common.h" /* ==Group-Parsing Routines=============================================== */ @@ -1782,7 +1781,7 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, struct tevent_req *req; struct tevent_req *subreq; struct sdap_get_groups_state *state; - struct ad_id_ctx *subdom_id_ctx; + struct sdap_id_conn_ctx *ldap_conn = NULL; req = tevent_req_create(memctx, &state, struct sdap_get_groups_state); if (!req) return NULL; @@ -1814,9 +1813,9 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, /* With AD by default the Global Catalog is used for lookup. But the GC * group object might not have full group membership data. To make sure we * connect to an LDAP server of the group's domain. */ - if (state->opts->schema_type == SDAP_SCHEMA_AD && sdom->pvt != NULL) { - subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); - state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); + ldap_conn = get_ldap_conn_from_sdom_pvt(state->opts, sdom); + if (ldap_conn != NULL) { + state->op = sdap_id_op_create(state, ldap_conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n"); ret = ENOMEM;