|
|
5cd47f |
From fb9a42d952924b5ff084a103d43b6192c4ff0c1f Mon Sep 17 00:00:00 2001
|
|
|
5cd47f |
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
|
5cd47f |
Date: Thu, 15 Aug 2019 13:51:59 +0200
|
|
|
5cd47f |
Subject: [PATCH 83/90] ldap: add base_dn to sdap_search_bases
|
|
|
5cd47f |
MIME-Version: 1.0
|
|
|
5cd47f |
Content-Type: text/plain; charset=UTF-8
|
|
|
5cd47f |
Content-Transfer-Encoding: 8bit
|
|
|
5cd47f |
|
|
|
5cd47f |
To implement cases where we need to search a specific dn but we need
|
|
|
5cd47f |
to filter the result with configured filters.
|
|
|
5cd47f |
|
|
|
5cd47f |
Resolves:
|
|
|
5cd47f |
https://pagure.io/SSSD/sssd/issue/2607
|
|
|
5cd47f |
|
|
|
5cd47f |
Reviewed-by: Tomáš Halman <thalman@redhat.com>
|
|
|
5cd47f |
---
|
|
|
5cd47f |
src/providers/ad/ad_subdomains.c | 5 ++--
|
|
|
5cd47f |
src/providers/ipa/ipa_subdomains.c | 6 ++---
|
|
|
5cd47f |
src/providers/ipa/ipa_subdomains_ext_groups.c | 2 +-
|
|
|
5cd47f |
src/providers/ipa/ipa_sudo_async.c | 8 +++----
|
|
|
5cd47f |
src/providers/ldap/sdap_async_sudo.c | 2 +-
|
|
|
5cd47f |
src/providers/ldap/sdap_ops.c | 24 ++++++++++++-------
|
|
|
5cd47f |
src/providers/ldap/sdap_ops.h | 6 +++--
|
|
|
5cd47f |
7 files changed, 31 insertions(+), 22 deletions(-)
|
|
|
5cd47f |
|
|
|
5cd47f |
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
|
|
|
5cd47f |
index 45a8fe0fc..f0b5d59d2 100644
|
|
|
5cd47f |
--- a/src/providers/ad/ad_subdomains.c
|
|
|
5cd47f |
+++ b/src/providers/ad/ad_subdomains.c
|
|
|
5cd47f |
@@ -1110,7 +1110,7 @@ static void ad_get_slave_domain_connect_done(struct tevent_req *subreq)
|
|
|
5cd47f |
sdap_id_op_handle(state->sdap_op),
|
|
|
5cd47f |
state->root_sdom->search_bases,
|
|
|
5cd47f |
NULL, false, 0,
|
|
|
5cd47f |
- SLAVE_DOMAIN_FILTER, attrs);
|
|
|
5cd47f |
+ SLAVE_DOMAIN_FILTER, attrs, NULL);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
tevent_req_error(req, ret);
|
|
|
5cd47f |
return;
|
|
|
5cd47f |
@@ -1304,7 +1304,8 @@ ad_get_root_domain_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
|
|
|
5cd47f |
subreq = sdap_search_bases_return_first_send(state, ev, opts, sh,
|
|
|
5cd47f |
opts->sdom->search_bases,
|
|
|
5cd47f |
- NULL, false, 0, filter, attrs);
|
|
|
5cd47f |
+ NULL, false, 0, filter, attrs,
|
|
|
5cd47f |
+ NULL);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
ret = ENOMEM;
|
|
|
5cd47f |
goto immediately;
|
|
|
5cd47f |
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
|
|
|
5cd47f |
index 3a17c851d..322420264 100644
|
|
|
5cd47f |
--- a/src/providers/ipa/ipa_subdomains.c
|
|
|
5cd47f |
+++ b/src/providers/ipa/ipa_subdomains.c
|
|
|
5cd47f |
@@ -1005,7 +1005,7 @@ ipa_subdomains_ranges_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
|
|
|
5cd47f |
subreq = sdap_search_bases_send(state, ev, sd_ctx->sdap_id_ctx->opts, sh,
|
|
|
5cd47f |
sd_ctx->ranges_search_bases, NULL, false,
|
|
|
5cd47f |
- 0, RANGE_FILTER, attrs);
|
|
|
5cd47f |
+ 0, RANGE_FILTER, attrs, NULL);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
ret = ENOMEM;
|
|
|
5cd47f |
goto immediately;
|
|
|
5cd47f |
@@ -1251,7 +1251,7 @@ ipa_subdomains_master_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
subreq = sdap_search_bases_return_first_send(state, ev,
|
|
|
5cd47f |
sd_ctx->sdap_id_ctx->opts, sh,
|
|
|
5cd47f |
sd_ctx->master_search_bases, NULL, false,
|
|
|
5cd47f |
- 0, MASTER_DOMAIN_FILTER, attrs);
|
|
|
5cd47f |
+ 0, MASTER_DOMAIN_FILTER, attrs, NULL);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
ret = ENOMEM;
|
|
|
5cd47f |
goto immediately;
|
|
|
5cd47f |
@@ -1397,7 +1397,7 @@ ipa_subdomains_slave_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
|
|
|
5cd47f |
subreq = sdap_search_bases_send(state, ev, sd_ctx->sdap_id_ctx->opts, sh,
|
|
|
5cd47f |
sd_ctx->search_bases, NULL, false,
|
|
|
5cd47f |
- 0, SUBDOMAINS_FILTER, attrs);
|
|
|
5cd47f |
+ 0, SUBDOMAINS_FILTER, attrs, NULL);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
ret = ENOMEM;
|
|
|
5cd47f |
goto immediately;
|
|
|
5cd47f |
diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c
|
|
|
5cd47f |
index 75963bef1..cd80048b3 100644
|
|
|
5cd47f |
--- a/src/providers/ipa/ipa_subdomains_ext_groups.c
|
|
|
5cd47f |
+++ b/src/providers/ipa/ipa_subdomains_ext_groups.c
|
|
|
5cd47f |
@@ -545,7 +545,7 @@ static void ipa_get_ad_memberships_connect_done(struct tevent_req *subreq)
|
|
|
5cd47f |
dp_opt_get_int(state->sdap_id_ctx->opts->basic,
|
|
|
5cd47f |
SDAP_ENUM_SEARCH_TIMEOUT),
|
|
|
5cd47f |
IPA_EXT_GROUPS_FILTER,
|
|
|
5cd47f |
- NULL);
|
|
|
5cd47f |
+ NULL, NULL);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
DEBUG(SSSDBG_OP_FAILURE, "sdap_get_generic_send failed.\n");
|
|
|
5cd47f |
ret = ENOMEM;
|
|
|
5cd47f |
diff --git a/src/providers/ipa/ipa_sudo_async.c b/src/providers/ipa/ipa_sudo_async.c
|
|
|
5cd47f |
index 060687c77..19bcd94c9 100644
|
|
|
5cd47f |
--- a/src/providers/ipa/ipa_sudo_async.c
|
|
|
5cd47f |
+++ b/src/providers/ipa/ipa_sudo_async.c
|
|
|
5cd47f |
@@ -492,7 +492,7 @@ ipa_sudo_fetch_addtl_cmdgroups(struct tevent_req *req)
|
|
|
5cd47f |
|
|
|
5cd47f |
subreq = sdap_search_bases_send(state, state->ev, state->sdap_opts,
|
|
|
5cd47f |
state->sh, state->sudo_sb, map, true, 0,
|
|
|
5cd47f |
- filter, NULL);
|
|
|
5cd47f |
+ filter, NULL, NULL);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
return ENOMEM;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
@@ -582,7 +582,7 @@ ipa_sudo_fetch_rules(struct tevent_req *req)
|
|
|
5cd47f |
|
|
|
5cd47f |
subreq = sdap_search_bases_send(state, state->ev, state->sdap_opts,
|
|
|
5cd47f |
state->sh, state->sudo_sb, map, true, 0,
|
|
|
5cd47f |
- filter, NULL);
|
|
|
5cd47f |
+ filter, NULL, NULL);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
return ENOMEM;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
@@ -662,7 +662,7 @@ ipa_sudo_fetch_cmdgroups(struct tevent_req *req)
|
|
|
5cd47f |
subreq = sdap_search_bases_send(state, state->ev, state->sdap_opts,
|
|
|
5cd47f |
state->sh, state->sudo_sb,
|
|
|
5cd47f |
state->map_cmdgroup, true, 0,
|
|
|
5cd47f |
- filter, NULL);
|
|
|
5cd47f |
+ filter, NULL, NULL);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
return ENOMEM;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
@@ -742,7 +742,7 @@ ipa_sudo_fetch_cmds(struct tevent_req *req)
|
|
|
5cd47f |
subreq = sdap_search_bases_send(state, state->ev, state->sdap_opts,
|
|
|
5cd47f |
state->sh, state->sudo_sb,
|
|
|
5cd47f |
state->map_cmd, true, 0,
|
|
|
5cd47f |
- filter, NULL);
|
|
|
5cd47f |
+ filter, NULL, NULL);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
return ENOMEM;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c
|
|
|
5cd47f |
index 5ccfad61f..c19ee87c2 100644
|
|
|
5cd47f |
--- a/src/providers/ldap/sdap_async_sudo.c
|
|
|
5cd47f |
+++ b/src/providers/ldap/sdap_async_sudo.c
|
|
|
5cd47f |
@@ -75,7 +75,7 @@ sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
|
|
|
5cd47f |
subreq = sdap_search_bases_send(state, ev, opts, sh, sb,
|
|
|
5cd47f |
opts->sudorule_map, true, 0,
|
|
|
5cd47f |
- ldap_filter, NULL);
|
|
|
5cd47f |
+ ldap_filter, NULL, NULL);
|
|
|
5cd47f |
if (subreq == NULL) {
|
|
|
5cd47f |
ret = ENOMEM;
|
|
|
5cd47f |
goto immediately;
|
|
|
5cd47f |
diff --git a/src/providers/ldap/sdap_ops.c b/src/providers/ldap/sdap_ops.c
|
|
|
5cd47f |
index a90857469..2125b21aa 100644
|
|
|
5cd47f |
--- a/src/providers/ldap/sdap_ops.c
|
|
|
5cd47f |
+++ b/src/providers/ldap/sdap_ops.c
|
|
|
5cd47f |
@@ -37,6 +37,7 @@ struct sdap_search_bases_ex_state {
|
|
|
5cd47f |
int timeout;
|
|
|
5cd47f |
bool allow_paging;
|
|
|
5cd47f |
bool return_first_reply;
|
|
|
5cd47f |
+ const char *base_dn;
|
|
|
5cd47f |
|
|
|
5cd47f |
size_t base_iter;
|
|
|
5cd47f |
struct sdap_search_base *cur_base;
|
|
|
5cd47f |
@@ -60,7 +61,8 @@ sdap_search_bases_ex_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
bool return_first_reply,
|
|
|
5cd47f |
int timeout,
|
|
|
5cd47f |
const char *filter,
|
|
|
5cd47f |
- const char **attrs)
|
|
|
5cd47f |
+ const char **attrs,
|
|
|
5cd47f |
+ const char *base_dn)
|
|
|
5cd47f |
{
|
|
|
5cd47f |
struct tevent_req *req;
|
|
|
5cd47f |
struct sdap_search_bases_ex_state *state;
|
|
|
5cd47f |
@@ -86,6 +88,7 @@ sdap_search_bases_ex_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
state->attrs = attrs;
|
|
|
5cd47f |
state->allow_paging = allow_paging;
|
|
|
5cd47f |
state->return_first_reply = return_first_reply;
|
|
|
5cd47f |
+ state->base_dn = base_dn;
|
|
|
5cd47f |
|
|
|
5cd47f |
state->timeout = timeout == 0
|
|
|
5cd47f |
? dp_opt_get_int(opts->basic, SDAP_SEARCH_TIMEOUT)
|
|
|
5cd47f |
@@ -133,6 +136,7 @@ static errno_t sdap_search_bases_ex_next_base(struct tevent_req *req)
|
|
|
5cd47f |
{
|
|
|
5cd47f |
struct sdap_search_bases_ex_state *state;
|
|
|
5cd47f |
struct tevent_req *subreq;
|
|
|
5cd47f |
+ const char *base_dn;
|
|
|
5cd47f |
char *filter;
|
|
|
5cd47f |
|
|
|
5cd47f |
state = tevent_req_data(req, struct sdap_search_bases_ex_state);
|
|
|
5cd47f |
@@ -148,12 +152,12 @@ static errno_t sdap_search_bases_ex_next_base(struct tevent_req *req)
|
|
|
5cd47f |
return ENOMEM;
|
|
|
5cd47f |
}
|
|
|
5cd47f |
|
|
|
5cd47f |
- DEBUG(SSSDBG_TRACE_FUNC, "Issuing LDAP lookup with base [%s]\n",
|
|
|
5cd47f |
- state->cur_base->basedn);
|
|
|
5cd47f |
+ base_dn = state->base_dn != NULL ? state->base_dn : state->cur_base->basedn;
|
|
|
5cd47f |
+
|
|
|
5cd47f |
+ DEBUG(SSSDBG_TRACE_FUNC, "Issuing LDAP lookup with base [%s]\n", base_dn);
|
|
|
5cd47f |
|
|
|
5cd47f |
subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
|
|
|
5cd47f |
- state->cur_base->basedn,
|
|
|
5cd47f |
- state->cur_base->scope, filter,
|
|
|
5cd47f |
+ base_dn, state->cur_base->scope, filter,
|
|
|
5cd47f |
state->attrs, state->map,
|
|
|
5cd47f |
state->map_num_attrs, state->timeout,
|
|
|
5cd47f |
state->allow_paging);
|
|
|
5cd47f |
@@ -253,11 +257,12 @@ sdap_search_bases_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
bool allow_paging,
|
|
|
5cd47f |
int timeout,
|
|
|
5cd47f |
const char *filter,
|
|
|
5cd47f |
- const char **attrs)
|
|
|
5cd47f |
+ const char **attrs,
|
|
|
5cd47f |
+ const char *base_dn)
|
|
|
5cd47f |
{
|
|
|
5cd47f |
return sdap_search_bases_ex_send(mem_ctx, ev, opts, sh, bases, map,
|
|
|
5cd47f |
allow_paging, false, timeout,
|
|
|
5cd47f |
- filter, attrs);
|
|
|
5cd47f |
+ filter, attrs, base_dn);
|
|
|
5cd47f |
}
|
|
|
5cd47f |
|
|
|
5cd47f |
int sdap_search_bases_recv(struct tevent_req *req,
|
|
|
5cd47f |
@@ -278,11 +283,12 @@ sdap_search_bases_return_first_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
bool allow_paging,
|
|
|
5cd47f |
int timeout,
|
|
|
5cd47f |
const char *filter,
|
|
|
5cd47f |
- const char **attrs)
|
|
|
5cd47f |
+ const char **attrs,
|
|
|
5cd47f |
+ const char *base_dn)
|
|
|
5cd47f |
{
|
|
|
5cd47f |
return sdap_search_bases_ex_send(mem_ctx, ev, opts, sh, bases, map,
|
|
|
5cd47f |
allow_paging, true, timeout,
|
|
|
5cd47f |
- filter, attrs);
|
|
|
5cd47f |
+ filter, attrs, base_dn);
|
|
|
5cd47f |
}
|
|
|
5cd47f |
|
|
|
5cd47f |
int sdap_search_bases_return_first_recv(struct tevent_req *req,
|
|
|
5cd47f |
diff --git a/src/providers/ldap/sdap_ops.h b/src/providers/ldap/sdap_ops.h
|
|
|
5cd47f |
index cc9de00d2..648a2b68c 100644
|
|
|
5cd47f |
--- a/src/providers/ldap/sdap_ops.h
|
|
|
5cd47f |
+++ b/src/providers/ldap/sdap_ops.h
|
|
|
5cd47f |
@@ -34,7 +34,8 @@ struct tevent_req *sdap_search_bases_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
bool allow_paging,
|
|
|
5cd47f |
int timeout,
|
|
|
5cd47f |
const char *filter,
|
|
|
5cd47f |
- const char **attrs);
|
|
|
5cd47f |
+ const char **attrs,
|
|
|
5cd47f |
+ const char *base_dn);
|
|
|
5cd47f |
|
|
|
5cd47f |
int sdap_search_bases_recv(struct tevent_req *req,
|
|
|
5cd47f |
TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
@@ -51,7 +52,8 @@ sdap_search_bases_return_first_send(TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
bool allow_paging,
|
|
|
5cd47f |
int timeout,
|
|
|
5cd47f |
const char *filter,
|
|
|
5cd47f |
- const char **attrs);
|
|
|
5cd47f |
+ const char **attrs,
|
|
|
5cd47f |
+ const char *base_dn);
|
|
|
5cd47f |
|
|
|
5cd47f |
int sdap_search_bases_return_first_recv(struct tevent_req *req,
|
|
|
5cd47f |
TALLOC_CTX *mem_ctx,
|
|
|
5cd47f |
--
|
|
|
5cd47f |
2.20.1
|
|
|
5cd47f |
|