|
|
5cd47f |
From 6777831bc1b0d1218d635d2913326883f509f3e8 Mon Sep 17 00:00:00 2001
|
|
|
5cd47f |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
5cd47f |
Date: Wed, 24 Apr 2019 20:52:11 +0200
|
|
|
5cd47f |
Subject: [PATCH 57/64] AD: Implement background refresh for AD domains
|
|
|
5cd47f |
|
|
|
5cd47f |
Split out the actual useful functionality from the AD account handler
|
|
|
5cd47f |
into a tevent request. This tevent request is then subsequently used by
|
|
|
5cd47f |
a new ad_refresh module.
|
|
|
5cd47f |
|
|
|
5cd47f |
Related:
|
|
|
5cd47f |
https://pagure.io/SSSD/sssd/issue/4012
|
|
|
5cd47f |
|
|
|
5cd47f |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
5cd47f |
(cherry picked from commit b72adfcc332b13489931483201bcc4c7ecf9ecb6)
|
|
|
5cd47f |
|
|
|
5cd47f |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
5cd47f |
---
|
|
|
5cd47f |
Makefile.am | 5 +-
|
|
|
5cd47f |
src/providers/ad/ad_common.h | 4 +
|
|
|
5cd47f |
src/providers/ad/ad_id.c | 140 +++++++++++++----
|
|
|
5cd47f |
src/providers/ad/ad_id.h | 10 ++
|
|
|
5cd47f |
src/providers/ad/ad_init.c | 2 +-
|
|
|
5cd47f |
src/providers/ad/ad_refresh.c | 283 ++++++++++++++++++++++++++++++++++
|
|
|
5cd47f |
6 files changed, 412 insertions(+), 32 deletions(-)
|
|
|
5cd47f |
create mode 100644 src/providers/ad/ad_refresh.c
|
|
|
5cd47f |
|
|
|
5cd47f |
diff --git a/Makefile.am b/Makefile.am
|
|
|
5cd47f |
index 0c24ae664..7d83b6847 100644
|
|
|
5cd47f |
--- a/Makefile.am
|
|
|
5cd47f |
+++ b/Makefile.am
|
|
|
5cd47f |
@@ -4243,7 +4243,10 @@ libsss_ad_la_SOURCES = \
|
|
|
5cd47f |
src/providers/ad/ad_gpo_ndr.c \
|
|
|
5cd47f |
src/providers/ad/ad_srv.c \
|
|
|
5cd47f |
src/providers/ad/ad_subdomains.c \
|
|
|
5cd47f |
- src/providers/ad/ad_domain_info.c
|
|
|
5cd47f |
+ src/providers/ad/ad_domain_info.c \
|
|
|
5cd47f |
+ src/providers/ad/ad_refresh.c \
|
|
|
5cd47f |
+ $(NULL)
|
|
|
5cd47f |
+
|
|
|
5cd47f |
|
|
|
5cd47f |
if BUILD_SUDO
|
|
|
5cd47f |
libsss_ad_la_SOURCES += \
|
|
|
5cd47f |
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
|
|
|
5cd47f |
index 2f624df3d..44369288e 100644
|
|
|
5cd47f |
--- a/src/providers/ad/ad_common.h
|
|
|
5cd47f |
+++ b/src/providers/ad/ad_common.h
|
|
|
5cd47f |
@@ -221,4 +221,8 @@ errno_t ad_inherit_opts_if_needed(struct dp_option *parent_opts,
|
|
|
5cd47f |
struct confdb_ctx *cdb,
|
|
|
5cd47f |
const char *subdom_conf_path,
|
|
|
5cd47f |
int opt_id);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+errno_t ad_refresh_init(struct be_ctx *be_ctx,
|
|
|
5cd47f |
+ struct ad_id_ctx *id_ctx);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
#endif /* AD_COMMON_H_ */
|
|
|
5cd47f |
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
|
|
|
5cd47f |
index c3bda1662..eb6e36824 100644
|
|
|
5cd47f |
--- a/src/providers/ad/ad_id.c
|
|
|
5cd47f |
+++ b/src/providers/ad/ad_id.c
|
|
|
5cd47f |
@@ -360,44 +360,36 @@ get_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx,
|
|
|
5cd47f |
return clist;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
|
|
|
5cd47f |
-struct ad_account_info_handler_state {
|
|
|
5cd47f |
- struct sss_domain_info *domain;
|
|
|
5cd47f |
- struct dp_reply_std reply;
|
|
|
5cd47f |
+struct ad_account_info_state {
|
|
|
5cd47f |
+ const char *err_msg;
|
|
|
5cd47f |
+ int dp_error;
|
|
|
5cd47f |
};
|
|
|
5cd47f |
|
|
|
5cd47f |
-static void ad_account_info_handler_done(struct tevent_req *subreq);
|
|
|
5cd47f |
+static void ad_account_info_done(struct tevent_req *subreq);
|
|
|
5cd47f |
|
|
|
5cd47f |
struct tevent_req *
|
|
|
5cd47f |
-ad_account_info_handler_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
- struct ad_id_ctx *id_ctx,
|
|
|
5cd47f |
- struct dp_id_data *data,
|
|
|
5cd47f |
- struct dp_req_params *params)
|
|
|
5cd47f |
+ad_account_info_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
+ struct be_ctx *be_ctx,
|
|
|
5cd47f |
+ struct ad_id_ctx *id_ctx,
|
|
|
5cd47f |
+ struct dp_id_data *data)
|
|
|
5cd47f |
{
|
|
|
5cd47f |
- struct ad_account_info_handler_state *state;
|
|
|
5cd47f |
- struct sdap_id_conn_ctx **clist;
|
|
|
5cd47f |
- struct sdap_id_ctx *sdap_id_ctx;
|
|
|
5cd47f |
- struct sss_domain_info *domain;
|
|
|
5cd47f |
+ struct sss_domain_info *domain = NULL;
|
|
|
5cd47f |
+ struct ad_account_info_state *state = NULL;
|
|
|
5cd47f |
+ struct tevent_req *req = NULL;
|
|
|
5cd47f |
+ struct tevent_req *subreq = NULL;
|
|
|
5cd47f |
+ struct sdap_id_conn_ctx **clist = NULL;
|
|
|
5cd47f |
+ struct sdap_id_ctx *sdap_id_ctx = NULL;
|
|
|
5cd47f |
struct sdap_domain *sdom;
|
|
|
5cd47f |
- struct tevent_req *subreq;
|
|
|
5cd47f |
- struct tevent_req *req;
|
|
|
5cd47f |
- struct be_ctx *be_ctx;
|
|
|
5cd47f |
errno_t ret;
|
|
|
5cd47f |
|
|
|
5cd47f |
- sdap_id_ctx = id_ctx->sdap_id_ctx;
|
|
|
5cd47f |
- be_ctx = params->be_ctx;
|
|
|
5cd47f |
-
|
|
|
5cd47f |
req = tevent_req_create(mem_ctx, &state,
|
|
|
5cd47f |
- struct ad_account_info_handler_state);
|
|
|
5cd47f |
+ struct ad_account_info_state);
|
|
|
5cd47f |
if (req == NULL) {
|
|
|
5cd47f |
DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
|
|
|
5cd47f |
return NULL;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
|
|
|
5cd47f |
- if (sdap_is_enum_request(data)) {
|
|
|
5cd47f |
- DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n");
|
|
|
5cd47f |
- ret = EOK;
|
|
|
5cd47f |
- goto immediately;
|
|
|
5cd47f |
- }
|
|
|
5cd47f |
+ sdap_id_ctx = id_ctx->sdap_id_ctx;
|
|
|
5cd47f |
|
|
|
5cd47f |
domain = be_ctx->domain;
|
|
|
5cd47f |
if (strcasecmp(data->domain, be_ctx->domain->name) != 0) {
|
|
|
5cd47f |
@@ -406,6 +398,7 @@ ad_account_info_handler_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
}
|
|
|
5cd47f |
|
|
|
5cd47f |
if (domain == NULL) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unknown domain\n");
|
|
|
5cd47f |
ret = EINVAL;
|
|
|
5cd47f |
goto immediately;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
@@ -413,6 +406,7 @@ ad_account_info_handler_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
/* Determine whether to connect to GC, LDAP or try both. */
|
|
|
5cd47f |
clist = get_conn_list(state, id_ctx, domain, data);
|
|
|
5cd47f |
if (clist == NULL) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create conn list\n");
|
|
|
5cd47f |
ret = EIO;
|
|
|
5cd47f |
goto immediately;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
@@ -423,14 +417,100 @@ ad_account_info_handler_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
goto immediately;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
|
|
|
5cd47f |
- state->domain = sdom->dom;
|
|
|
5cd47f |
-
|
|
|
5cd47f |
subreq = ad_handle_acct_info_send(state, data, sdap_id_ctx,
|
|
|
5cd47f |
id_ctx->ad_options, sdom, clist);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
ret = ENOMEM;
|
|
|
5cd47f |
goto immediately;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
+ tevent_req_set_callback(subreq, ad_account_info_done, req);
|
|
|
5cd47f |
+ return req;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+immediately:
|
|
|
5cd47f |
+ tevent_req_error(req, ret);
|
|
|
5cd47f |
+ tevent_req_post(req, be_ctx->ev);
|
|
|
5cd47f |
+ return req;
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static void ad_account_info_done(struct tevent_req *subreq)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ struct ad_account_info_state *state = NULL;
|
|
|
5cd47f |
+ struct tevent_req *req = NULL;
|
|
|
5cd47f |
+ errno_t ret;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ req = tevent_req_callback_data(subreq, struct tevent_req);
|
|
|
5cd47f |
+ state = tevent_req_data(req, struct ad_account_info_state);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ ret = ad_handle_acct_info_recv(subreq, &state->dp_error, &state->err_msg);
|
|
|
5cd47f |
+ if (ret != EOK) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
5cd47f |
+ "ad_handle_acct_info_recv failed [%d]: %s\n",
|
|
|
5cd47f |
+ ret, sss_strerror(ret));
|
|
|
5cd47f |
+ /* The caller wouldn't fail either, just report the error up */
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+ talloc_zfree(subreq);
|
|
|
5cd47f |
+ tevent_req_done(req);
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+errno_t ad_account_info_recv(struct tevent_req *req,
|
|
|
5cd47f |
+ int *_dp_error,
|
|
|
5cd47f |
+ const char **_err_msg)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ struct ad_account_info_state *state = NULL;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ state = tevent_req_data(req, struct ad_account_info_state);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ if (_err_msg != NULL) {
|
|
|
5cd47f |
+ *_err_msg = state->err_msg;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ if (_dp_error) {
|
|
|
5cd47f |
+ *_dp_error = state->dp_error;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ TEVENT_REQ_RETURN_ON_ERROR(req);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ return EOK;
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+struct ad_account_info_handler_state {
|
|
|
5cd47f |
+ struct sss_domain_info *domain;
|
|
|
5cd47f |
+ struct dp_reply_std reply;
|
|
|
5cd47f |
+};
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static void ad_account_info_handler_done(struct tevent_req *subreq);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+struct tevent_req *
|
|
|
5cd47f |
+ad_account_info_handler_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
+ struct ad_id_ctx *id_ctx,
|
|
|
5cd47f |
+ struct dp_id_data *data,
|
|
|
5cd47f |
+ struct dp_req_params *params)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ struct ad_account_info_handler_state *state;
|
|
|
5cd47f |
+ struct tevent_req *subreq;
|
|
|
5cd47f |
+ struct tevent_req *req;
|
|
|
5cd47f |
+ errno_t ret;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ req = tevent_req_create(mem_ctx, &state,
|
|
|
5cd47f |
+ struct ad_account_info_handler_state);
|
|
|
5cd47f |
+ if (req == NULL) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
|
|
|
5cd47f |
+ return NULL;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ if (sdap_is_enum_request(data)) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n");
|
|
|
5cd47f |
+ ret = EOK;
|
|
|
5cd47f |
+ goto immediately;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ subreq = ad_account_info_send(state, params->be_ctx, id_ctx, data);
|
|
|
5cd47f |
+ if (subreq == NULL) {
|
|
|
5cd47f |
+ ret = ENOMEM;
|
|
|
5cd47f |
+ goto immediately;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
|
|
|
5cd47f |
tevent_req_set_callback(subreq, ad_account_info_handler_done, req);
|
|
|
5cd47f |
|
|
|
5cd47f |
@@ -451,13 +531,13 @@ static void ad_account_info_handler_done(struct tevent_req *subreq)
|
|
|
5cd47f |
struct ad_account_info_handler_state *state;
|
|
|
5cd47f |
struct tevent_req *req;
|
|
|
5cd47f |
const char *err_msg;
|
|
|
5cd47f |
- int dp_error;
|
|
|
5cd47f |
+ int dp_error = DP_ERR_FATAL;
|
|
|
5cd47f |
errno_t ret;
|
|
|
5cd47f |
|
|
|
5cd47f |
req = tevent_req_callback_data(subreq, struct tevent_req);
|
|
|
5cd47f |
state = tevent_req_data(req, struct ad_account_info_handler_state);
|
|
|
5cd47f |
|
|
|
5cd47f |
- ret = ad_handle_acct_info_recv(subreq, &dp_error, &err_msg);
|
|
|
5cd47f |
+ ret = ad_account_info_recv(subreq, &dp_error, &err_msg);
|
|
|
5cd47f |
talloc_zfree(subreq);
|
|
|
5cd47f |
|
|
|
5cd47f |
/* TODO For backward compatibility we always return EOK to DP now. */
|
|
|
5cd47f |
@@ -466,8 +546,8 @@ static void ad_account_info_handler_done(struct tevent_req *subreq)
|
|
|
5cd47f |
}
|
|
|
5cd47f |
|
|
|
5cd47f |
errno_t ad_account_info_handler_recv(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
- struct tevent_req *req,
|
|
|
5cd47f |
- struct dp_reply_std *data)
|
|
|
5cd47f |
+ struct tevent_req *req,
|
|
|
5cd47f |
+ struct dp_reply_std *data)
|
|
|
5cd47f |
{
|
|
|
5cd47f |
struct ad_account_info_handler_state *state = NULL;
|
|
|
5cd47f |
|
|
|
5cd47f |
diff --git a/src/providers/ad/ad_id.h b/src/providers/ad/ad_id.h
|
|
|
5cd47f |
index 5154393c5..19cc54eec 100644
|
|
|
5cd47f |
--- a/src/providers/ad/ad_id.h
|
|
|
5cd47f |
+++ b/src/providers/ad/ad_id.h
|
|
|
5cd47f |
@@ -33,6 +33,16 @@ errno_t ad_account_info_handler_recv(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
struct tevent_req *req,
|
|
|
5cd47f |
struct dp_reply_std *data);
|
|
|
5cd47f |
|
|
|
5cd47f |
+struct tevent_req *
|
|
|
5cd47f |
+ad_account_info_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
+ struct be_ctx *be_ctx,
|
|
|
5cd47f |
+ struct ad_id_ctx *id_ctx,
|
|
|
5cd47f |
+ struct dp_id_data *data);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+errno_t ad_account_info_recv(struct tevent_req *req,
|
|
|
5cd47f |
+ int *_dp_error,
|
|
|
5cd47f |
+ const char **_err_msg);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
struct tevent_req *
|
|
|
5cd47f |
ad_handle_acct_info_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
struct dp_id_data *ar,
|
|
|
5cd47f |
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
|
|
|
5cd47f |
index 42c2f150a..f5aea8904 100644
|
|
|
5cd47f |
--- a/src/providers/ad/ad_init.c
|
|
|
5cd47f |
+++ b/src/providers/ad/ad_init.c
|
|
|
5cd47f |
@@ -408,7 +408,7 @@ static errno_t ad_init_misc(struct be_ctx *be_ctx,
|
|
|
5cd47f |
return ret;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
|
|
|
5cd47f |
- ret = sdap_refresh_init(be_ctx, sdap_id_ctx);
|
|
|
5cd47f |
+ ret = ad_refresh_init(be_ctx, ad_id_ctx);
|
|
|
5cd47f |
if (ret != EOK && ret != EEXIST) {
|
|
|
5cd47f |
DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh "
|
|
|
5cd47f |
"will not work [%d]: %s\n", ret, sss_strerror(ret));
|
|
|
5cd47f |
diff --git a/src/providers/ad/ad_refresh.c b/src/providers/ad/ad_refresh.c
|
|
|
5cd47f |
new file mode 100644
|
|
|
5cd47f |
index 000000000..ee541056f
|
|
|
5cd47f |
--- /dev/null
|
|
|
5cd47f |
+++ b/src/providers/ad/ad_refresh.c
|
|
|
5cd47f |
@@ -0,0 +1,283 @@
|
|
|
5cd47f |
+/*
|
|
|
5cd47f |
+ Copyright (C) 2019 Red Hat
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ This program is free software; you can redistribute it and/or modify
|
|
|
5cd47f |
+ it under the terms of the GNU General Public License as published by
|
|
|
5cd47f |
+ the Free Software Foundation; either version 3 of the License, or
|
|
|
5cd47f |
+ (at your option) any later version.
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ This program is distributed in the hope that it will be useful,
|
|
|
5cd47f |
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
5cd47f |
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
5cd47f |
+ GNU General Public License for more details.
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ You should have received a copy of the GNU General Public License
|
|
|
5cd47f |
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
5cd47f |
+*/
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+#include <talloc.h>
|
|
|
5cd47f |
+#include <tevent.h>
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+#include "providers/ad/ad_common.h"
|
|
|
5cd47f |
+#include "providers/ad/ad_id.h"
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+struct ad_refresh_state {
|
|
|
5cd47f |
+ struct tevent_context *ev;
|
|
|
5cd47f |
+ struct be_ctx *be_ctx;
|
|
|
5cd47f |
+ struct dp_id_data *account_req;
|
|
|
5cd47f |
+ struct ad_id_ctx *id_ctx;
|
|
|
5cd47f |
+ char **names;
|
|
|
5cd47f |
+ size_t index;
|
|
|
5cd47f |
+};
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static errno_t ad_refresh_step(struct tevent_req *req);
|
|
|
5cd47f |
+static void ad_refresh_done(struct tevent_req *subreq);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static struct tevent_req *ad_refresh_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
+ struct tevent_context *ev,
|
|
|
5cd47f |
+ struct be_ctx *be_ctx,
|
|
|
5cd47f |
+ struct sss_domain_info *domain,
|
|
|
5cd47f |
+ int entry_type,
|
|
|
5cd47f |
+ char **names,
|
|
|
5cd47f |
+ void *pvt)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ struct ad_refresh_state *state = NULL;
|
|
|
5cd47f |
+ struct tevent_req *req = NULL;
|
|
|
5cd47f |
+ errno_t ret;
|
|
|
5cd47f |
+ uint32_t filter_type;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ req = tevent_req_create(mem_ctx, &state,
|
|
|
5cd47f |
+ struct ad_refresh_state);
|
|
|
5cd47f |
+ if (req == NULL) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
|
|
|
5cd47f |
+ return NULL;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ if (names == NULL) {
|
|
|
5cd47f |
+ ret = EOK;
|
|
|
5cd47f |
+ goto immediately;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ state->ev = ev;
|
|
|
5cd47f |
+ state->be_ctx = be_ctx;
|
|
|
5cd47f |
+ state->id_ctx = talloc_get_type(pvt, struct ad_id_ctx);
|
|
|
5cd47f |
+ state->names = names;
|
|
|
5cd47f |
+ state->index = 0;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ switch (entry_type) {
|
|
|
5cd47f |
+ case BE_REQ_NETGROUP:
|
|
|
5cd47f |
+ filter_type = BE_FILTER_NAME;
|
|
|
5cd47f |
+ break;
|
|
|
5cd47f |
+ case BE_REQ_USER:
|
|
|
5cd47f |
+ case BE_REQ_GROUP:
|
|
|
5cd47f |
+ filter_type = BE_FILTER_SECID;
|
|
|
5cd47f |
+ break;
|
|
|
5cd47f |
+ default:
|
|
|
5cd47f |
+ ret = EINVAL;
|
|
|
5cd47f |
+ goto immediately;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ state->account_req = be_refresh_acct_req(state, entry_type,
|
|
|
5cd47f |
+ filter_type, domain);
|
|
|
5cd47f |
+ if (state->account_req == NULL) {
|
|
|
5cd47f |
+ ret = ENOMEM;
|
|
|
5cd47f |
+ goto immediately;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ ret = ad_refresh_step(req);
|
|
|
5cd47f |
+ if (ret == EOK) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_TRACE_FUNC, "Nothing to refresh\n");
|
|
|
5cd47f |
+ goto immediately;
|
|
|
5cd47f |
+ } else if (ret != EAGAIN) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_CRIT_FAILURE, "ad_refresh_step() failed "
|
|
|
5cd47f |
+ "[%d]: %s\n", ret, sss_strerror(ret));
|
|
|
5cd47f |
+ goto immediately;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ return req;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+immediately:
|
|
|
5cd47f |
+ if (ret == EOK) {
|
|
|
5cd47f |
+ tevent_req_done(req);
|
|
|
5cd47f |
+ } else {
|
|
|
5cd47f |
+ tevent_req_error(req, ret);
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+ tevent_req_post(req, ev);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ return req;
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static errno_t ad_refresh_step(struct tevent_req *req)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ struct ad_refresh_state *state = NULL;
|
|
|
5cd47f |
+ struct tevent_req *subreq = NULL;
|
|
|
5cd47f |
+ errno_t ret;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ state = tevent_req_data(req, struct ad_refresh_state);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ if (state->names == NULL) {
|
|
|
5cd47f |
+ ret = EOK;
|
|
|
5cd47f |
+ goto done;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ state->account_req->filter_value = state->names[state->index];
|
|
|
5cd47f |
+ if (state->account_req->filter_value == NULL) {
|
|
|
5cd47f |
+ ret = EOK;
|
|
|
5cd47f |
+ goto done;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ DEBUG(SSSDBG_TRACE_FUNC, "Issuing refresh of %s %s\n",
|
|
|
5cd47f |
+ be_req2str(state->account_req->entry_type),
|
|
|
5cd47f |
+ state->account_req->filter_value);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ subreq = ad_account_info_send(state, state->be_ctx, state->id_ctx,
|
|
|
5cd47f |
+ state->account_req);
|
|
|
5cd47f |
+ if (subreq == NULL) {
|
|
|
5cd47f |
+ ret = ENOMEM;
|
|
|
5cd47f |
+ goto done;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ tevent_req_set_callback(subreq, ad_refresh_done, req);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ state->index++;
|
|
|
5cd47f |
+ ret = EAGAIN;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+done:
|
|
|
5cd47f |
+ return ret;
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static void ad_refresh_done(struct tevent_req *subreq)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ struct ad_refresh_state *state = NULL;
|
|
|
5cd47f |
+ struct tevent_req *req = NULL;
|
|
|
5cd47f |
+ const char *err_msg = NULL;
|
|
|
5cd47f |
+ errno_t dp_error;
|
|
|
5cd47f |
+ errno_t ret;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ req = tevent_req_callback_data(subreq, struct tevent_req);
|
|
|
5cd47f |
+ state = tevent_req_data(req, struct ad_refresh_state);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ ret = ad_account_info_recv(subreq, &dp_error, &err_msg);
|
|
|
5cd47f |
+ talloc_zfree(subreq);
|
|
|
5cd47f |
+ if (ret != EOK) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to refresh %s [dp_error: %d, "
|
|
|
5cd47f |
+ "errno: %d]: %s\n", be_req2str(state->account_req->entry_type),
|
|
|
5cd47f |
+ dp_error, ret, err_msg);
|
|
|
5cd47f |
+ goto done;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ ret = ad_refresh_step(req);
|
|
|
5cd47f |
+ if (ret == EAGAIN) {
|
|
|
5cd47f |
+ return;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+done:
|
|
|
5cd47f |
+ if (ret != EOK) {
|
|
|
5cd47f |
+ tevent_req_error(req, ret);
|
|
|
5cd47f |
+ return;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ tevent_req_done(req);
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static errno_t ad_refresh_recv(struct tevent_req *req)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ TEVENT_REQ_RETURN_ON_ERROR(req);
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ return EOK;
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static struct tevent_req *
|
|
|
5cd47f |
+ad_refresh_users_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
+ struct tevent_context *ev,
|
|
|
5cd47f |
+ struct be_ctx *be_ctx,
|
|
|
5cd47f |
+ struct sss_domain_info *domain,
|
|
|
5cd47f |
+ char **names,
|
|
|
5cd47f |
+ void *pvt)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ return ad_refresh_send(mem_ctx, ev, be_ctx, domain,
|
|
|
5cd47f |
+ BE_REQ_USER, names, pvt);
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static errno_t ad_refresh_users_recv(struct tevent_req *req)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ return ad_refresh_recv(req);
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static struct tevent_req *
|
|
|
5cd47f |
+ad_refresh_groups_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
+ struct tevent_context *ev,
|
|
|
5cd47f |
+ struct be_ctx *be_ctx,
|
|
|
5cd47f |
+ struct sss_domain_info *domain,
|
|
|
5cd47f |
+ char **names,
|
|
|
5cd47f |
+ void *pvt)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ return ad_refresh_send(mem_ctx, ev, be_ctx, domain,
|
|
|
5cd47f |
+ BE_REQ_GROUP, names, pvt);
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static errno_t ad_refresh_groups_recv(struct tevent_req *req)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ return ad_refresh_recv(req);
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static struct tevent_req *
|
|
|
5cd47f |
+ad_refresh_netgroups_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
+ struct tevent_context *ev,
|
|
|
5cd47f |
+ struct be_ctx *be_ctx,
|
|
|
5cd47f |
+ struct sss_domain_info *domain,
|
|
|
5cd47f |
+ char **names,
|
|
|
5cd47f |
+ void *pvt)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ return ad_refresh_send(mem_ctx, ev, be_ctx, domain,
|
|
|
5cd47f |
+ BE_REQ_NETGROUP, names, pvt);
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+static errno_t ad_refresh_netgroups_recv(struct tevent_req *req)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ return ad_refresh_recv(req);
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+errno_t ad_refresh_init(struct be_ctx *be_ctx,
|
|
|
5cd47f |
+ struct ad_id_ctx *id_ctx)
|
|
|
5cd47f |
+{
|
|
|
5cd47f |
+ errno_t ret;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ ret = be_refresh_ctx_init(be_ctx, SYSDB_SID_STR);
|
|
|
5cd47f |
+ if (ret != EOK) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_FATAL_FAILURE, "Unable to initialize refresh_ctx\n");
|
|
|
5cd47f |
+ return ret;
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ ret = be_refresh_add_cb(be_ctx->refresh_ctx,
|
|
|
5cd47f |
+ BE_REFRESH_TYPE_USERS,
|
|
|
5cd47f |
+ ad_refresh_users_send,
|
|
|
5cd47f |
+ ad_refresh_users_recv,
|
|
|
5cd47f |
+ id_ctx);
|
|
|
5cd47f |
+ if (ret != EOK && ret != EEXIST) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of users "
|
|
|
5cd47f |
+ "will not work [%d]: %s\n", ret, strerror(ret));
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ ret = be_refresh_add_cb(be_ctx->refresh_ctx,
|
|
|
5cd47f |
+ BE_REFRESH_TYPE_GROUPS,
|
|
|
5cd47f |
+ ad_refresh_groups_send,
|
|
|
5cd47f |
+ ad_refresh_groups_recv,
|
|
|
5cd47f |
+ id_ctx);
|
|
|
5cd47f |
+ if (ret != EOK && ret != EEXIST) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of groups "
|
|
|
5cd47f |
+ "will not work [%d]: %s\n", ret, strerror(ret));
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ ret = be_refresh_add_cb(be_ctx->refresh_ctx,
|
|
|
5cd47f |
+ BE_REFRESH_TYPE_NETGROUPS,
|
|
|
5cd47f |
+ ad_refresh_netgroups_send,
|
|
|
5cd47f |
+ ad_refresh_netgroups_recv,
|
|
|
5cd47f |
+ id_ctx);
|
|
|
5cd47f |
+ if (ret != EOK && ret != EEXIST) {
|
|
|
5cd47f |
+ DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh of netgroups "
|
|
|
5cd47f |
+ "will not work [%d]: %s\n", ret, strerror(ret));
|
|
|
5cd47f |
+ }
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ return ret;
|
|
|
5cd47f |
+}
|
|
|
5cd47f |
--
|
|
|
5cd47f |
2.20.1
|
|
|
5cd47f |
|