>From 199f814dea03a68918d333380879e00d99973414 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 5 Oct 2015 16:11:14 +0200 Subject: [PATCH 2/2] AD: Consolidate connection list construction on ad_common.c --- src/providers/ad/ad_common.c | 32 ++++++++++++++++++++++++++++++++ src/providers/ad/ad_common.h | 5 +++++ src/providers/ad/ad_id.c | 18 +----------------- src/tests/cmocka/test_ad_common.c | 34 ++++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 17 deletions(-) diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index a40cdac935d88ea0ad5a2b7d713d026c5cd3110f..16a646ee2b6e01c90edf45569dccb4ae2c160d6b 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -1293,3 +1293,35 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx, clist[1] = NULL; return clist; } + +struct sdap_id_conn_ctx ** +ad_user_conn_list(TALLOC_CTX *mem_ctx, + struct ad_id_ctx *ad_ctx, + struct sss_domain_info *dom) +{ + struct sdap_id_conn_ctx **clist; + int cindex = 0; + + clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3); + if (clist == NULL) { + return NULL; + } + + /* Try GC first for users from trusted domains, but go to LDAP + * for users from non-trusted domains to get all POSIX attrs + */ + if (dp_opt_get_bool(ad_ctx->ad_options->basic, AD_ENABLE_GC) + && IS_SUBDOMAIN(dom)) { + clist[cindex] = ad_ctx->gc_ctx; + clist[cindex]->ignore_mark_offline = true; + cindex++; + } + + /* Users from primary domain can be just downloaded from LDAP. + * The domain's LDAP connection also works as a fallback + */ + clist[cindex] = ad_get_dom_ldap_conn(ad_ctx, dom); + set_con_properties(clist[cindex], dom); + + return clist; +} diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index 701e461987cb286ca7add2766ffb4dc496bde01e..0cefa1859aaa75731267917e66ab9a1905528e91 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -153,6 +153,11 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom); +struct sdap_id_conn_ctx ** +ad_user_conn_list(TALLOC_CTX *mem_ctx, + struct ad_id_ctx *ad_ctx, + struct sss_domain_info *dom); + struct sdap_id_conn_ctx * ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom); diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index be0cb3b12f2e3a2b53d740ecf3befc07fd853f8b..51d378863a5c7394ca3a2b8bd72f8c131a2b02b1 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -244,25 +244,10 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom, struct be_acct_req *ar) { struct sdap_id_conn_ctx **clist; - int cindex = 0; switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ - clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3); - if (clist == NULL) return NULL; - - /* Try GC first for users from trusted domains */ - if (dp_opt_get_bool(ad_ctx->ad_options->basic, AD_ENABLE_GC) - && IS_SUBDOMAIN(dom)) { - clist[cindex] = ad_ctx->gc_ctx; - clist[cindex]->ignore_mark_offline = true; - cindex++; - } - - /* Users from primary domain can be just downloaded from LDAP. - * The domain's LDAP connection also works as a fallback - */ - clist[cindex] = ad_get_dom_ldap_conn(ad_ctx, dom); + clist = ad_user_conn_list(breq, ad_ctx, dom); break; case BE_REQ_BY_SECID: /* by SID */ case BE_REQ_USER_AND_GROUP: /* get SID */ @@ -270,7 +255,6 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, case BE_REQ_INITGROUPS: /* init groups for user */ clist = ad_gc_conn_list(breq, ad_ctx, dom); break; - default: /* Requests for other object should only contact LDAP by default */ clist = ad_ldap_conn_list(breq, ad_ctx, dom); diff --git a/src/tests/cmocka/test_ad_common.c b/src/tests/cmocka/test_ad_common.c index d2b59a23dfbff0bfda8ec7a52a71aec99f56baf3..b0cf4b5e6b0559c2896273bfcfb1af99cad195a3 100644 --- a/src/tests/cmocka/test_ad_common.c +++ b/src/tests/cmocka/test_ad_common.c @@ -446,6 +446,37 @@ void test_ldap_conn_list(void **state) talloc_free(conn_list); } +void test_user_conn_list(void **state) +{ + struct sdap_id_conn_ctx **conn_list; + + struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, + struct ad_common_test_ctx); + assert_non_null(test_ctx); + + conn_list = ad_user_conn_list(test_ctx, + test_ctx->ad_ctx, + test_ctx->dom); + assert_non_null(conn_list); + + assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx); + assert_false(conn_list[0]->ignore_mark_offline); + assert_null(conn_list[1]); + talloc_free(conn_list); + + conn_list = ad_user_conn_list(test_ctx, + test_ctx->ad_ctx, + test_ctx->subdom); + assert_non_null(conn_list); + + assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx); + assert_true(conn_list[0]->ignore_mark_offline); + assert_true(conn_list[1] == test_ctx->subdom_ad_ctx->ldap_ctx); + /* Subdomain error should not set the backend offline! */ + assert_true(conn_list[1]->ignore_mark_offline); + talloc_free(conn_list); +} + int main(int argc, const char *argv[]) { poptContext pc; @@ -473,6 +504,9 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_ldap_conn_list, test_ldap_conn_setup, test_ldap_conn_teardown), + cmocka_unit_test_setup_teardown(test_user_conn_list, + test_ldap_conn_setup, + test_ldap_conn_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ -- 2.4.3