>From bed8db62a72b731752e9c668a52c1494f35f9c78 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 21 May 2013 17:18:03 +0200 Subject: [PATCH 02/15] LDAP: sdap_id_ctx might contain several connections With some LDAP server implementations, one server might provide different "views" of the identites on different ports. One example is the Active Directory Global catalog. The provider would contact different view depending on which operation it is performing and against which SSSD domain. At the same time, these views run on the same server, which means the same server options, enumeration, cleanup or Kerberos service should be used. So instead of using several different failover ports or several instances of sdap_id_ctx, this patch introduces a new "struct sdap_id_conn_ctx" that contains the connection cache to the particular view and an instance of "struct sdap_options" that contains the URI. No functional changes are present in this patch, currently all providers use a single connection. Multiple connections will be used later in the upcoming patches. --- src/providers/ad/ad_init.c | 49 ++++++++++++--------------- src/providers/ad/ad_subdomains.c | 2 +- src/providers/ipa/ipa_access.c | 2 +- src/providers/ipa/ipa_auth.c | 3 +- src/providers/ipa/ipa_hostid.c | 2 +- src/providers/ipa/ipa_id.c | 2 +- src/providers/ipa/ipa_init.c | 10 ++---- src/providers/ipa/ipa_selinux.c | 3 +- src/providers/ipa/ipa_subdomains.c | 2 +- src/providers/ipa/ipa_subdomains_id.c | 2 +- src/providers/ldap/ldap_common.c | 47 ++++++++++++++++++++++++++ src/providers/ldap/ldap_common.h | 32 ++++++++++++++---- src/providers/ldap/ldap_id.c | 10 +++--- src/providers/ldap/ldap_id_enum.c | 2 +- src/providers/ldap/ldap_id_netgroup.c | 2 +- src/providers/ldap/ldap_id_services.c | 2 +- src/providers/ldap/ldap_init.c | 42 +++++++++++------------ src/providers/ldap/sdap_access.c | 3 +- src/providers/ldap/sdap_autofs.c | 2 +- src/providers/ldap/sdap_dyndns.c | 4 +-- src/providers/ldap/sdap_id_op.c | 63 ++++++++++++++++++----------------- src/providers/ldap/sdap_id_op.h | 2 ++ src/providers/ldap/sdap_sudo.c | 6 ++-- 23 files changed, 177 insertions(+), 117 deletions(-) diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index d5488ad07d179f654a53e6d10824b8db7e842bef..aada14ec7dadb2db5cc67ecc0e1d9c631c974f07 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -135,37 +135,12 @@ sssm_ad_id_init(struct be_ctx *bectx, ad_ctx->ad_options = ad_options; ad_options->id_ctx = ad_ctx; - sdap_ctx = talloc_zero(ad_options, struct sdap_id_ctx); - if (!sdap_ctx) { + sdap_ctx = sdap_id_ctx_new(ad_options, bectx, ad_options->service->sdap); + if (sdap_ctx == NULL) { return ENOMEM; } - sdap_ctx->be = bectx; - sdap_ctx->service = ad_options->service->sdap; ad_ctx->sdap_id_ctx = sdap_ctx; - ret = ad_get_id_options(ad_options, bectx->cdb, - bectx->conf_path, - &sdap_ctx->opts); - if (ret != EOK) { - goto done; - } - - ret = setup_tls_config(sdap_ctx->opts->basic); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("setup_tls_config failed [%s]\n", strerror(ret))); - goto done; - } - - ret = sdap_id_conn_cache_create(sdap_ctx, sdap_ctx, &sdap_ctx->conn_cache); - if (ret != EOK) { - goto done; - } - - /* Set up the ID mapping object */ - ret = sdap_idmap_init(sdap_ctx, sdap_ctx, &sdap_ctx->opts->idmap_ctx); - if (ret != EOK) goto done; - ret = ad_dyndns_init(sdap_ctx->be, ad_options); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -186,6 +161,26 @@ sssm_ad_id_init(struct be_ctx *bectx, goto done; } + /* Set up various SDAP options */ + ret = ad_get_id_options(ad_options, bectx->cdb, + bectx->conf_path, + &sdap_ctx->opts); + if (ret != EOK) { + goto done; + } + + /* Set up the ID mapping object */ + ret = sdap_idmap_init(sdap_ctx, sdap_ctx, &sdap_ctx->opts->idmap_ctx); + if (ret != EOK) goto done; + + + ret = setup_tls_config(sdap_ctx->opts->basic); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("setup_tls_config failed [%s]\n", strerror(ret))); + goto done; + } + /* setup SRV lookup plugin */ hostname = dp_opt_get_string(ad_options->basic, AD_HOSTNAME); if (dp_opt_get_bool(ad_options->basic, AD_ENABLE_DNS_SITES)) { diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 51c6955410fffa3e8c8c8bd124594d96aa882f6a..da0c85e760ff65272970ae68f7024c71c8c28421 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -93,7 +93,7 @@ static void ad_subdomains_retrieve(struct ad_subdomains_ctx *ctx, req_ctx->reply = NULL; req_ctx->sdap_op = sdap_id_op_create(req_ctx, - ctx->sdap_id_ctx->conn_cache); + ctx->sdap_id_ctx->conn->conn_cache); if (req_ctx->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index c43974e3c208fdd89930e67ca4c7052108c09d7b..3760c6f71f77154bf97ef4708fe43af42990fedc 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -208,7 +208,7 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) if (!offline) { if (hbac_ctx->sdap_op == NULL) { hbac_ctx->sdap_op = sdap_id_op_create(hbac_ctx, - hbac_ctx->sdap_ctx->conn_cache); + hbac_ctx->sdap_ctx->conn->conn_cache); if (hbac_ctx->sdap_op == NULL) { DEBUG(1, ("sdap_id_op_create failed.\n")); return EIO; diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index b528c544df90efd30570273d9731223b531e77f6..651196a96400ebbc4e3575d0f447accdf5da408d 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -71,7 +71,8 @@ static struct tevent_req *get_password_migration_flag_send(TALLOC_CTX *memctx, state->password_migration = false; state->ipa_realm = ipa_realm; - state->sdap_op = sdap_id_op_create(state, state->sdap_id_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, + state->sdap_id_ctx->conn->conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); goto fail; diff --git a/src/providers/ipa/ipa_hostid.c b/src/providers/ipa/ipa_hostid.c index cb37e9a4dc8b5986d14b616db74b5e2980cb5567..a697dbf665d4c7e6d41ffb979b5147468144cc44 100644 --- a/src/providers/ipa/ipa_hostid.c +++ b/src/providers/ipa/ipa_hostid.c @@ -165,7 +165,7 @@ hosts_get_send(TALLOC_CTX *memctx, state->ctx = hostid_ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, ctx->conn_cache); + state->op = sdap_id_op_create(state, ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 5f94eb2c1089dea6b231fc75fa15a223742ed63e..b7ae81f6629b922b252b6f2cfb4d566a6c207947 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -174,7 +174,7 @@ static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx, state->ctx = ipa_ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, ctx->conn_cache); + state->op = sdap_id_op_create(state, ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 9676b781d1880b0869792a04e97a244d85e6417a..8363ca6d78346ba0ae49491191764c163a42052b 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -138,12 +138,10 @@ int sssm_ipa_id_init(struct be_ctx *bectx, ipa_options->id_ctx = ipa_ctx; ipa_ctx->ipa_options = ipa_options; - sdap_ctx = talloc_zero(ipa_options, struct sdap_id_ctx); - if (!sdap_ctx) { + sdap_ctx = sdap_id_ctx_new(ipa_options, bectx, ipa_options->service->sdap); + if (sdap_ctx == NULL) { return ENOMEM; } - sdap_ctx->be = bectx; - sdap_ctx->service = ipa_options->service->sdap; ipa_ctx->sdap_id_ctx = sdap_ctx; ret = ipa_get_id_options(ipa_options, bectx->cdb, @@ -188,10 +186,6 @@ int sssm_ipa_id_init(struct be_ctx *bectx, goto done; } - ret = sdap_id_conn_cache_create(sdap_ctx, sdap_ctx, &sdap_ctx->conn_cache); - if (ret != EOK) { - goto done; - } /* Set up the ID mapping object */ ret = sdap_idmap_init(sdap_ctx, sdap_ctx, &sdap_ctx->opts->idmap_ctx); diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index ce8f39cccaedc86771e6642a64ec88b33ab15c45..39bebebfd8f4880c4093dfd922f2dfaa79c38a2e 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -864,7 +864,8 @@ ipa_get_selinux_send(TALLOC_CTX *mem_ctx, } if (!offline) { - state->op = sdap_id_op_create(state, selinux_ctx->id_ctx->sdap_id_ctx->conn_cache); + state->op = sdap_id_op_create(state, + selinux_ctx->id_ctx->sdap_id_ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 95a11198a99aa60e93a1f5af18c88ff918dcd53a..18878ae33dc014639cfce0be54f9ca3a44c4ddbb 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -558,7 +558,7 @@ static void ipa_subdomains_retrieve(struct ipa_subdomains_ctx *ctx, struct be_re req_ctx->reply = NULL; req_ctx->sdap_op = sdap_id_op_create(req_ctx, - ctx->sdap_id_ctx->conn_cache); + ctx->sdap_id_ctx->conn->conn_cache); if (req_ctx->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index ea313cbafe65273d332f1aac1198336604e7da18..7fa09bd98cb5b2b87290daeaf0c34c2504b1be90 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -66,7 +66,7 @@ struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 155019ec7a430b133dbdf6e57a6ec81a46f0dc0b..7939cd0e99c6747d2edf5101238a0502b8d1141a 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -1614,3 +1614,50 @@ sdap_attrs_get_sid_str(TALLOC_CTX *mem_ctx, return EOK; } + +struct sdap_id_conn_ctx * +sdap_id_ctx_conn_add(struct sdap_id_ctx *id_ctx, + struct sdap_service *sdap_service) +{ + struct sdap_id_conn_ctx *conn; + errno_t ret; + + conn = talloc_zero(id_ctx, struct sdap_id_conn_ctx); + if (conn == NULL) { + return NULL; + } + conn->service = talloc_steal(conn, sdap_service); + conn->id_ctx = id_ctx; + + /* Create a connection cache */ + ret = sdap_id_conn_cache_create(conn, id_ctx, conn, &conn->conn_cache); + if (ret != EOK) { + talloc_free(conn); + return NULL; + } + DLIST_ADD_END(id_ctx->conn, conn, struct sdap_id_conn_ctx *); + + return conn; +} + +struct sdap_id_ctx * +sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, + struct sdap_service *sdap_service) +{ + struct sdap_id_ctx *sdap_ctx; + + sdap_ctx = talloc_zero(mem_ctx, struct sdap_id_ctx); + if (sdap_ctx == NULL) { + return NULL; + } + sdap_ctx->be = bectx; + + /* There should be at least one connection context */ + sdap_ctx->conn = sdap_id_ctx_conn_add(sdap_ctx, sdap_service); + if (sdap_ctx->conn == NULL) { + talloc_free(sdap_ctx); + return NULL; + } + + return sdap_ctx; +} diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 2d17b755808e58831b458bcc86a50eb74b1f1057..367be449e4ccb90eb4b927d20ff7db502abd9e51 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -42,17 +42,27 @@ /* a fd the child process would log into */ extern int ldap_child_debug_fd; -struct sdap_id_ctx { - struct be_ctx *be; - struct sdap_options *opts; +struct sdap_id_ctx; + +struct sdap_id_conn_ctx { + struct sdap_id_ctx *id_ctx; + struct fo_service *fo_service; struct sdap_service *service; - - /* If using GSSAPI */ - struct krb5_service *krb5_service; - /* LDAP connection cache */ struct sdap_id_conn_cache *conn_cache; + /* dlinklist pointers */ + struct sdap_id_conn_ctx *prev, *next; +}; + +struct sdap_id_ctx { + struct be_ctx *be; + struct sdap_options *opts; + + /* If using GSSAPI */ + struct krb5_service *krb5_service; + /* connection to a server */ + struct sdap_id_conn_ctx *conn; /* enumeration loop timer */ struct timeval last_enum; @@ -235,4 +245,12 @@ sdap_set_sasl_options(struct sdap_options *id_opts, char *default_realm, const char *keytab_path); +struct sdap_id_conn_ctx * +sdap_id_ctx_conn_add(struct sdap_id_ctx *id_ctx, + struct sdap_service *sdap_service); + +struct sdap_id_ctx * +sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, + struct sdap_service *sdap_service); + #endif /* _LDAP_COMMON_H_ */ diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 72fdd9c260383913e1fe24bf4daa283415840d0e..bad25f89614e1f2a91518a9e8816c0448cb19197 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -80,7 +80,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; @@ -403,7 +403,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; @@ -698,7 +698,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; @@ -862,7 +862,7 @@ void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx) check_ctx->be_req = be_req; req = sdap_cli_connect_send(be_req, be_ctx->ev, ctx->opts, - be_ctx, ctx->service, false, + be_ctx, ctx->conn->service, false, CON_TLS_DFL, false); if (req == NULL) { DEBUG(1, ("sdap_cli_connect_send failed.\n")); @@ -1280,7 +1280,7 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, state->id_ctx = id_ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->id_ctx->conn_cache); + state->op = sdap_id_op_create(state, state->id_ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c index 6c5a378ed93d8ad8194d00f24caf0bcaba280758..7a2129d97fcbcae49e627ff3bca481dd3f568201 100644 --- a/src/providers/ldap/ldap_id_enum.c +++ b/src/providers/ldap/ldap_id_enum.c @@ -212,7 +212,7 @@ struct tevent_req *ldap_id_enumerate_send(struct tevent_context *ev, state->ev = ev; state->ctx = ctx; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); talloc_zfree(req); diff --git a/src/providers/ldap/ldap_id_netgroup.c b/src/providers/ldap/ldap_id_netgroup.c index 5080cfb62fa1c37667155744fdb12fc82a50233f..6788a52e52fdc11663f8a264717cceb3145d6f34 100644 --- a/src/providers/ldap/ldap_id_netgroup.c +++ b/src/providers/ldap/ldap_id_netgroup.c @@ -70,7 +70,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_id_services.c b/src/providers/ldap/ldap_id_services.c index 5699bf0dce6a2bf63791e493ec28c813c6dd259b..5c3c53f2a6bea73eb26e43e00cb4dca723660c9d 100644 --- a/src/providers/ldap/ldap_id_services.c +++ b/src/providers/ldap/ldap_id_services.c @@ -82,7 +82,7 @@ services_get_send(TALLOC_CTX *mem_ctx, state->protocol = protocol; state->filter_type = filter_type; - state->op = sdap_id_op_create(state, state->id_ctx->conn_cache); + state->op = sdap_id_op_create(state, state->id_ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_MINOR_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index f70c8f1b0b03e4acf434c6559a11ad79f9139b42..cc502d53798d1f8c3a385a72468d2ffb68b2a38e 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -92,6 +92,8 @@ int sssm_ldap_id_init(struct be_ctx *bectx, const char *backup_urls; const char *dns_service_name; const char *sasl_mech; + struct sdap_service *sdap_service; + struct sdap_options *opts; int ret; /* If we're already set up, just return that */ @@ -103,37 +105,40 @@ int sssm_ldap_id_init(struct be_ctx *bectx, return EOK; } - ctx = talloc_zero(bectx, struct sdap_id_ctx); - if (!ctx) return ENOMEM; - - ctx->be = bectx; - - ret = ldap_get_options(ctx, bectx->cdb, - bectx->conf_path, &ctx->opts); + ret = ldap_get_options(bectx, bectx->cdb, + bectx->conf_path, &opts); if (ret != EOK) { goto done; } - dns_service_name = dp_opt_get_string(ctx->opts->basic, + dns_service_name = dp_opt_get_string(opts->basic, SDAP_DNS_SERVICE_NAME); - DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name)); + DEBUG(SSSDBG_CONF_SETTINGS, + ("Service name for discovery set to %s\n", dns_service_name)); - urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI); - backup_urls = dp_opt_get_string(ctx->opts->basic, SDAP_BACKUP_URI); + urls = dp_opt_get_string(opts->basic, SDAP_URI); + backup_urls = dp_opt_get_string(opts->basic, SDAP_BACKUP_URI); - ret = sdap_service_init(ctx, ctx->be, "LDAP", + ret = sdap_service_init(bectx, bectx, "LDAP", dns_service_name, urls, backup_urls, - &ctx->service); + &sdap_service); if (ret != EOK) { - DEBUG(1, ("Failed to initialize failover service!\n")); + DEBUG(SSSDBG_OP_FAILURE, ("Failed to initialize failover service!\n")); goto done; } + ctx = sdap_id_ctx_new(bectx, bectx, sdap_service); + if (!ctx) { + ret = ENOMEM; + goto done; + } + ctx->opts = talloc_steal(ctx, opts); + sasl_mech = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_MECH); if (sasl_mech && strcasecmp(sasl_mech, "GSSAPI") == 0) { if (dp_opt_get_bool(ctx->opts->basic, SDAP_KRB5_KINIT)) { ret = sdap_gssapi_init(ctx, ctx->opts->basic, - ctx->be, ctx->service, + ctx->be, ctx->conn->service, &ctx->krb5_service); if (ret != EOK) { DEBUG(1, ("sdap_gssapi_init failed [%d][%s].\n", @@ -150,11 +155,6 @@ int sssm_ldap_id_init(struct be_ctx *bectx, goto done; } - ret = sdap_id_conn_cache_create(ctx, ctx, &ctx->conn_cache); - if (ret != EOK) { - goto done; - } - /* Set up the ID mapping object */ ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx); if (ret != EOK) goto done; @@ -208,7 +208,7 @@ int sssm_ldap_auth_init(struct be_ctx *bectx, ctx->be = bectx; ctx->opts = id_ctx->opts; - ctx->service = id_ctx->service; + ctx->service = id_ctx->conn->service; ctx->chpass_service = NULL; *ops = &sdap_auth_ops; diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 1b2f6993d162f97b2d3dedb74c9bdd192c04f50d..e74542346631e0edfa04435a7839456ae9182fe8 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -718,7 +718,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, DEBUG(6, ("Checking filter against LDAP\n")); - state->sdap_op = sdap_id_op_create(state, state->sdap_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, + state->sdap_ctx->conn->conn_cache); if (!state->sdap_op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/sdap_autofs.c b/src/providers/ldap/sdap_autofs.c index 0bb211aa3e3ae9ec822e117f8febf8378bb09f79..e7947c9b223636cf1263b22889c53fd18106a02d 100644 --- a/src/providers/ldap/sdap_autofs.c +++ b/src/providers/ldap/sdap_autofs.c @@ -154,7 +154,7 @@ sdap_autofs_get_map_send(TALLOC_CTX *mem_ctx, state->dp_error = DP_ERR_FATAL; state->map_name = map_name; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c index d7e20ca4ffada5e775d45b86f73b69bddb2180a1..8fe2011d14ad0dda71b1cf2992b9493e6ae5ec90 100644 --- a/src/providers/ldap/sdap_dyndns.c +++ b/src/providers/ldap/sdap_dyndns.c @@ -500,7 +500,7 @@ sdap_dyndns_get_addrs_send(TALLOC_CTX *mem_ctx, } /* Detect DYNDNS address from LDAP connection */ - state->sdap_op = sdap_id_op_create(state, sdap_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, sdap_ctx->conn->conn_cache); if (!state->sdap_op) { ret = ENOMEM; DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); @@ -664,7 +664,7 @@ sdap_dyndns_timer_conn_send(TALLOC_CTX *mem_ctx, state->dyndns_ctx->timer_in_progress = true; /* Make sure to have a valid LDAP connection */ - state->sdap_op = sdap_id_op_create(state, state->sdap_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, state->sdap_ctx->conn->conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c index 02142103b1266e00b2728f0ea7441560a133cb7a..be25b5da45ef764b8eb0ce0ac4360785cebbeb39 100644 --- a/src/providers/ldap/sdap_id_op.c +++ b/src/providers/ldap/sdap_id_op.c @@ -28,7 +28,7 @@ /* LDAP async connection cache */ struct sdap_id_conn_cache { - struct sdap_id_ctx *id_ctx; + struct sdap_id_conn_ctx *id_conn; /* list of all open connections */ struct sdap_id_conn_data *connections; @@ -103,6 +103,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq); /* Create a connection cache */ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, + struct sdap_id_conn_ctx *id_conn, struct sdap_id_conn_cache** conn_cache_out) { int ret; @@ -113,9 +114,9 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, goto fail; } - conn_cache->id_ctx = id_ctx; + conn_cache->id_conn = id_conn; - ret = be_add_offline_cb(conn_cache, id_ctx->be, + ret = be_add_offline_cb(conn_cache, id_conn->id_ctx->be, sdap_id_conn_cache_be_offline_cb, conn_cache, NULL); if (ret != EOK) { @@ -123,7 +124,7 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, goto fail; } - ret = be_add_reconnect_cb(conn_cache, id_ctx->be, + ret = be_add_reconnect_cb(conn_cache, id_conn->id_ctx->be, sdap_id_conn_cache_fo_reconnect_cb, conn_cache, NULL); if (ret != EOK) { @@ -224,7 +225,7 @@ static bool sdap_can_reuse_connection(struct sdap_id_conn_data *conn_data) return false; } - timeout = dp_opt_get_int(conn_data->conn_cache->id_ctx->opts->basic, + timeout = dp_opt_get_int(conn_data->conn_cache->id_conn->id_ctx->opts->basic, SDAP_OPT_TIMEOUT); return !sdap_is_connection_expired(conn_data, timeout); } @@ -242,7 +243,7 @@ static int sdap_id_conn_data_set_expire_timer(struct sdap_id_conn_data *conn_dat return EOK; } - timeout = dp_opt_get_int(conn_data->conn_cache->id_ctx->opts->basic, + timeout = dp_opt_get_int(conn_data->conn_cache->id_conn->id_ctx->opts->basic, SDAP_OPT_TIMEOUT); if (timeout > 0) { tv.tv_sec -= timeout; @@ -255,10 +256,10 @@ static int sdap_id_conn_data_set_expire_timer(struct sdap_id_conn_data *conn_dat talloc_zfree(conn_data->expire_timer); conn_data->expire_timer = - tevent_add_timer(conn_data->conn_cache->id_ctx->be->ev, - conn_data, tv, - sdap_id_conn_data_expire_handler, - conn_data); + tevent_add_timer(conn_data->conn_cache->id_conn->id_ctx->be->ev, + conn_data, tv, + sdap_id_conn_data_expire_handler, + conn_data); if (!conn_data->expire_timer) { return ENOMEM; } @@ -349,8 +350,8 @@ static bool sdap_id_op_can_reconnect(struct sdap_id_op *op) int max_retries; int count; - count = be_fo_get_server_count(op->conn_cache->id_ctx->be, - op->conn_cache->id_ctx->service->name); + count = be_fo_get_server_count(op->conn_cache->id_conn->id_ctx->be, + op->conn_cache->id_conn->service->name); max_retries = 2 * count -1; if (max_retries < 1) { max_retries = 1; @@ -361,7 +362,7 @@ static bool sdap_id_op_can_reconnect(struct sdap_id_op *op) /* state of connect request */ struct sdap_id_op_connect_state { - struct sdap_id_ctx *id_ctx; + struct sdap_id_conn_ctx *id_conn; struct tevent_context *ev; struct sdap_id_op *op; int dp_error; @@ -411,8 +412,8 @@ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op, talloc_set_destructor((void*)state, sdap_id_op_connect_state_destroy); - state->id_ctx = op->conn_cache->id_ctx; - state->ev = state->id_ctx->be->ev; + state->id_conn = op->conn_cache->id_conn; + state->ev = state->id_conn->id_ctx->be->ev; state->op = op; op->connect_req = req; @@ -489,9 +490,9 @@ static int sdap_id_op_connect_step(struct tevent_req *req) conn_data->conn_cache = conn_cache; subreq = sdap_cli_connect_send(conn_data, state->ev, - state->id_ctx->opts, - state->id_ctx->be, - state->id_ctx->service, false, + state->id_conn->id_ctx->opts, + state->id_conn->id_ctx->be, + state->id_conn->service, false, CON_TLS_DFL, false); if (!subreq) { @@ -555,12 +556,12 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) /* be is going offline as there is no more servers to try */ DEBUG(1, ("Failed to connect, going offline (%d [%s])\n", ret, strerror(ret))); - be_mark_offline(conn_cache->id_ctx->be); + be_mark_offline(conn_cache->id_conn->id_ctx->be); is_offline = true; } if (ret == EOK) { - current_srv_opts = conn_cache->id_ctx->srv_opts; + current_srv_opts = conn_cache->id_conn->id_ctx->srv_opts; if (current_srv_opts) { DEBUG(8, ("Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn)); @@ -579,7 +580,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) } } ret = sdap_id_conn_data_set_expire_timer(conn_data); - sdap_steal_server_opts(conn_cache->id_ctx, &srv_opts); + sdap_steal_server_opts(conn_cache->id_conn->id_ctx, &srv_opts); } if (can_retry) { @@ -596,7 +597,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) /* do not attempt to retry on errors like ENOMEM */ can_retry = false; is_offline = true; - be_mark_offline(conn_cache->id_ctx->be); + be_mark_offline(conn_cache->id_conn->id_ctx->be); break; } } @@ -635,7 +636,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (can_retry) { /* determining whether retry is possible */ - if (be_is_offline(conn_cache->id_ctx->be)) { + if (be_is_offline(conn_cache->id_conn->id_ctx->be)) { /* be is offline, no retry possible */ if (ret == EOK) { DEBUG(9, ("skipping automatic retry on op #%d as be is offline\n", notify_count)); @@ -686,12 +687,12 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if ((ret == EOK) && conn_data->sh->connected && - !be_is_offline(conn_cache->id_ctx->be)) { + !be_is_offline(conn_cache->id_conn->id_ctx->be)) { DEBUG(9, ("caching successful connection after %d notifies\n", notify_count)); conn_cache->cached_connection = conn_data; /* Run any post-connection routines */ - be_run_online_cb(conn_cache->id_ctx->be); + be_run_online_cb(conn_cache->id_conn->id_ctx->be); } else { if (conn_cache->cached_connection == conn_data) { @@ -704,9 +705,9 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (reinit) { DEBUG(SSSDBG_TRACE_FUNC, ("Server reinitialization detected. " "Cleaning cache.\n")); - reinit_req = sdap_reinit_cleanup_send(conn_cache->id_ctx->be, - conn_cache->id_ctx->be, - conn_cache->id_ctx); + reinit_req = sdap_reinit_cleanup_send(conn_cache->id_conn->id_ctx->be, + conn_cache->id_conn->id_ctx->be, + conn_cache->id_conn->id_ctx); if (reinit_req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to perform reinitialization " "clean up.\n")); @@ -804,14 +805,14 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) op->conn_cache->cached_connection = NULL; DEBUG(5, ("communication error on cached connection, moving to next server\n")); - be_fo_try_next_server(op->conn_cache->id_ctx->be, - op->conn_cache->id_ctx->service->name); + be_fo_try_next_server(op->conn_cache->id_conn->id_ctx->be, + op->conn_cache->id_conn->service->name); } int dp_err; if (retval == EOK) { dp_err = DP_ERR_OK; - } else if (be_is_offline(op->conn_cache->id_ctx->be)) { + } else if (be_is_offline(op->conn_cache->id_conn->id_ctx->be)) { /* if backend is already offline, just report offline, do not duplicate errors */ dp_err = DP_ERR_OFFLINE; retval = EAGAIN; diff --git a/src/providers/ldap/sdap_id_op.h b/src/providers/ldap/sdap_id_op.h index f36037a9c942da57400dd24ba2452863f96775e2..b808dd89aebb096b7163c10df39784a54b7e0b03 100644 --- a/src/providers/ldap/sdap_id_op.h +++ b/src/providers/ldap/sdap_id_op.h @@ -26,6 +26,7 @@ #define _SDAP_ID_OP_H_ struct sdap_id_ctx; +struct sdap_id_conn_ctx; /* LDAP async connection cache */ struct sdap_id_conn_cache; @@ -38,6 +39,7 @@ struct sdap_id_op; /* Create a connection cache */ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, + struct sdap_id_conn_ctx *id_conn, struct sdap_id_conn_cache** conn_cache_out); /* Create an operation object */ diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index 3472da67c0b211ebae0782828addc361bbfeeab3..315f254a3a0c00d48c36d439e0da23e76f2ffce0 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -508,7 +508,7 @@ void sdap_sudo_handler(struct be_req *be_req) case BE_REQ_SUDO_RULES: DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a refresh of specific sudo rules\n")); req = sdap_sudo_rules_refresh_send(be_req, sudo_ctx, id_ctx->be, - id_ctx->opts, id_ctx->conn_cache, + id_ctx->opts, id_ctx->conn->conn_cache, sudo_req->rules); break; default: @@ -585,7 +585,7 @@ static struct tevent_req *sdap_sudo_full_refresh_send(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a full refresh of sudo rules\n")); subreq = sdap_sudo_refresh_send(state, id_ctx->be, id_ctx->opts, - id_ctx->conn_cache, + id_ctx->conn->conn_cache, ldap_full_filter, sysdb_filter); if (subreq == NULL) { ret = ENOMEM; @@ -901,7 +901,7 @@ static struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, "(USN > %s)\n", (usn == NULL ? "0" : usn))); subreq = sdap_sudo_refresh_send(state, id_ctx->be, id_ctx->opts, - id_ctx->conn_cache, + id_ctx->conn->conn_cache, ldap_full_filter, NULL); if (subreq == NULL) { ret = ENOMEM; -- 1.8.2.1