From ffb0b820394a7a0326d98dcf780e7fbf0aa73e71 Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Tue, 14 Jun 2016 12:58:29 +0200 Subject: [PATCH 4/5] AD_PROVIDER: ad_enabled_domains - other then master We can skip looking up other domains if option ad_enabled_domains doesn't contain them. Resolves: https://fedorahosted.org/sssd/ticket/2828 --- src/providers/ad/ad_subdomains.c | 80 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 381143bf945a419cb3a3163bb7fdc1acc8d0107b..4c62d4569d116832e240b15eb012fda11cd5ca7f 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -1010,6 +1010,68 @@ fail: return ret; } +static errno_t filter_enabled_domains(TALLOC_CTX *mem_ctx, + char **enabled_domains_list, + struct sysdb_attrs **subdoms, + size_t subdoms_count, + struct sysdb_attrs ***_filtered_subdoms, + size_t *_filtered_subdoms_count) +{ + errno_t ret; + const char *subdom_name; + bool is_enabled; + struct sysdb_attrs **filtered_subdoms = NULL; + size_t fsd_count = 0; + TALLOC_CTX *tmp_ctx = NULL; + + if (enabled_domains_list == NULL) { + return EINVAL; + } + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + for (size_t i = 0; i < subdoms_count; i++) { + + ret = sysdb_attrs_get_string(subdoms[i], AD_AT_TRUST_PARTNER, + &subdom_name); + if (ret != EOK) { + ret = ENOENT; + goto done; + } + + is_enabled = false; + for (size_t j = 0; enabled_domains_list[j] != NULL; j++) { + if (strcmp(subdom_name, enabled_domains_list[j]) == 0) { + is_enabled = true; + break; + } + } + + if (is_enabled) { + filtered_subdoms = talloc_realloc(tmp_ctx, filtered_subdoms, + struct sysdb_attrs *, + fsd_count + 1); + if (filtered_subdoms == NULL) { + ret = ENOMEM; + goto done; + } + filtered_subdoms[fsd_count] = talloc_steal(mem_ctx, subdoms[i]); + fsd_count++; + } + } + + *_filtered_subdoms = talloc_steal(mem_ctx, filtered_subdoms); + *_filtered_subdoms_count = fsd_count; + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + static void ad_subdomains_get_slave_domain_done(struct tevent_req *req) { int ret; @@ -1020,6 +1082,9 @@ static void ad_subdomains_get_slave_domain_done(struct tevent_req *req) bool refresh_has_changes = false; size_t nsubdoms; struct sysdb_attrs **subdoms; + struct sysdb_attrs **filtered_subdoms = NULL; + size_t nfsubdoms = 0; + ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx); @@ -1077,8 +1142,21 @@ static void ad_subdomains_get_slave_domain_done(struct tevent_req *req) return; } + ret = filter_enabled_domains(ctx, + ctx->sd_ctx->ad_enabled_domains, + subdoms, nsubdoms, + &filtered_subdoms, &nfsubdoms); + if (ret == EINVAL) { + filtered_subdoms = subdoms; + nfsubdoms = nsubdoms; + } else if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Cannot filter enabled subdomains\n")); + tevent_req_error(req, ret); + return; + } + /* Got all the subdomains, let's process them */ - ret = ad_subdomains_refresh(ctx->sd_ctx, nsubdoms, false, subdoms, + ret = ad_subdomains_refresh(ctx->sd_ctx, nfsubdoms, false, filtered_subdoms, &refresh_has_changes); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Failed to refresh subdomains.\n"); -- 2.5.5