diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-21 17:18:03 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-07 00:14:12 +0200 |
| commit | dcb44c39dda9699cdd6488fd116a51ced0687de3 (patch) | |
| tree | 71b463b2c64a5de1f7c0983d74700b264892bb96 | |
| parent | 7119f0c483049a8850d3075c0b1062f35200a538 (diff) | |
| download | sssd-dcb44c39dda9699cdd6488fd116a51ced0687de3.tar.gz sssd-dcb44c39dda9699cdd6488fd116a51ced0687de3.tar.bz2 sssd-dcb44c39dda9699cdd6488fd116a51ced0687de3.zip | |
LDAP: sdap_id_ctx might contain several connections
With some LDAP server implementations, one server might provide
different "views" of the identites on different ports. One example is
the Active Directory Global catalog. The provider would contact
different view depending on which operation it is performing and against
which SSSD domain.
At the same time, these views run on the same server, which means the same
server options, enumeration, cleanup or Kerberos service should be used.
So instead of using several different failover ports or several
instances of sdap_id_ctx, this patch introduces a new "struct
sdap_id_conn_ctx" that contains the connection cache to the particular
view and an instance of "struct sdap_options" that contains the URI.
No functional changes are present in this patch, currently all providers
use a single connection. Multiple connections will be used later in the
upcoming patches.
23 files changed, 175 insertions, 115 deletions
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index d5488ad0..aada14ec 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -135,29 +135,36 @@ sssm_ad_id_init(struct be_ctx *bectx, ad_ctx->ad_options = ad_options; ad_options->id_ctx = ad_ctx; - sdap_ctx = talloc_zero(ad_options, struct sdap_id_ctx); - if (!sdap_ctx) { + sdap_ctx = sdap_id_ctx_new(ad_options, bectx, ad_options->service->sdap); + if (sdap_ctx == NULL) { return ENOMEM; } - sdap_ctx->be = bectx; - sdap_ctx->service = ad_options->service->sdap; ad_ctx->sdap_id_ctx = sdap_ctx; - ret = ad_get_id_options(ad_options, bectx->cdb, - bectx->conf_path, - &sdap_ctx->opts); + ret = ad_dyndns_init(sdap_ctx->be, ad_options); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Failure setting up automatic DNS update\n")); + /* Continue without DNS updates */ + } + + ret = sdap_id_setup_tasks(sdap_ctx); if (ret != EOK) { goto done; } - ret = setup_tls_config(sdap_ctx->opts->basic); + ret = sdap_setup_child(); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("setup_tls_config failed [%s]\n", strerror(ret))); + DEBUG(SSSDBG_FATAL_FAILURE, + ("setup_child failed [%d][%s].\n", + ret, strerror(ret))); goto done; } - ret = sdap_id_conn_cache_create(sdap_ctx, sdap_ctx, &sdap_ctx->conn_cache); + /* Set up various SDAP options */ + ret = ad_get_id_options(ad_options, bectx->cdb, + bectx->conf_path, + &sdap_ctx->opts); if (ret != EOK) { goto done; } @@ -166,23 +173,11 @@ sssm_ad_id_init(struct be_ctx *bectx, ret = sdap_idmap_init(sdap_ctx, sdap_ctx, &sdap_ctx->opts->idmap_ctx); if (ret != EOK) goto done; - ret = ad_dyndns_init(sdap_ctx->be, ad_options); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Failure setting up automatic DNS update\n")); - /* Continue without DNS updates */ - } - ret = sdap_id_setup_tasks(sdap_ctx); - if (ret != EOK) { - goto done; - } - - ret = sdap_setup_child(); + ret = setup_tls_config(sdap_ctx->opts->basic); if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - ("setup_child failed [%d][%s].\n", - ret, strerror(ret))); + DEBUG(SSSDBG_CRIT_FAILURE, + ("setup_tls_config failed [%s]\n", strerror(ret))); goto done; } diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 51c69554..da0c85e7 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -93,7 +93,7 @@ static void ad_subdomains_retrieve(struct ad_subdomains_ctx *ctx, req_ctx->reply = NULL; req_ctx->sdap_op = sdap_id_op_create(req_ctx, - ctx->sdap_id_ctx->conn_cache); + ctx->sdap_id_ctx->conn->conn_cache); if (req_ctx->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index c43974e3..3760c6f7 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -208,7 +208,7 @@ static int hbac_retry(struct hbac_ctx *hbac_ctx) if (!offline) { if (hbac_ctx->sdap_op == NULL) { hbac_ctx->sdap_op = sdap_id_op_create(hbac_ctx, - hbac_ctx->sdap_ctx->conn_cache); + hbac_ctx->sdap_ctx->conn->conn_cache); if (hbac_ctx->sdap_op == NULL) { DEBUG(1, ("sdap_id_op_create failed.\n")); return EIO; diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index b528c544..651196a9 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -71,7 +71,8 @@ static struct tevent_req *get_password_migration_flag_send(TALLOC_CTX *memctx, state->password_migration = false; state->ipa_realm = ipa_realm; - state->sdap_op = sdap_id_op_create(state, state->sdap_id_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, + state->sdap_id_ctx->conn->conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); goto fail; diff --git a/src/providers/ipa/ipa_hostid.c b/src/providers/ipa/ipa_hostid.c index cb37e9a4..a697dbf6 100644 --- a/src/providers/ipa/ipa_hostid.c +++ b/src/providers/ipa/ipa_hostid.c @@ -165,7 +165,7 @@ hosts_get_send(TALLOC_CTX *memctx, state->ctx = hostid_ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, ctx->conn_cache); + state->op = sdap_id_op_create(state, ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 5f94eb2c..b7ae81f6 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -174,7 +174,7 @@ static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx, state->ctx = ipa_ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, ctx->conn_cache); + state->op = sdap_id_op_create(state, ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 9676b781..8363ca6d 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -138,12 +138,10 @@ int sssm_ipa_id_init(struct be_ctx *bectx, ipa_options->id_ctx = ipa_ctx; ipa_ctx->ipa_options = ipa_options; - sdap_ctx = talloc_zero(ipa_options, struct sdap_id_ctx); - if (!sdap_ctx) { + sdap_ctx = sdap_id_ctx_new(ipa_options, bectx, ipa_options->service->sdap); + if (sdap_ctx == NULL) { return ENOMEM; } - sdap_ctx->be = bectx; - sdap_ctx->service = ipa_options->service->sdap; ipa_ctx->sdap_id_ctx = sdap_ctx; ret = ipa_get_id_options(ipa_options, bectx->cdb, @@ -188,10 +186,6 @@ int sssm_ipa_id_init(struct be_ctx *bectx, goto done; } - ret = sdap_id_conn_cache_create(sdap_ctx, sdap_ctx, &sdap_ctx->conn_cache); - if (ret != EOK) { - goto done; - } /* Set up the ID mapping object */ ret = sdap_idmap_init(sdap_ctx, sdap_ctx, &sdap_ctx->opts->idmap_ctx); diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index ce8f39cc..39bebebf 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -864,7 +864,8 @@ ipa_get_selinux_send(TALLOC_CTX *mem_ctx, } if (!offline) { - state->op = sdap_id_op_create(state, selinux_ctx->id_ctx->sdap_id_ctx->conn_cache); + state->op = sdap_id_op_create(state, + selinux_ctx->id_ctx->sdap_id_ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 95a11198..18878ae3 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -558,7 +558,7 @@ static void ipa_subdomains_retrieve(struct ipa_subdomains_ctx *ctx, struct be_re req_ctx->reply = NULL; req_ctx->sdap_op = sdap_id_op_create(req_ctx, - ctx->sdap_id_ctx->conn_cache); + ctx->sdap_id_ctx->conn->conn_cache); if (req_ctx->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index ea313cba..7fa09bd9 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -66,7 +66,7 @@ struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 1e92400d..856c57e4 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -1628,3 +1628,50 @@ sdap_attrs_get_sid_str(TALLOC_CTX *mem_ctx, return EOK; } + +struct sdap_id_conn_ctx * +sdap_id_ctx_conn_add(struct sdap_id_ctx *id_ctx, + struct sdap_service *sdap_service) +{ + struct sdap_id_conn_ctx *conn; + errno_t ret; + + conn = talloc_zero(id_ctx, struct sdap_id_conn_ctx); + if (conn == NULL) { + return NULL; + } + conn->service = talloc_steal(conn, sdap_service); + conn->id_ctx = id_ctx; + + /* Create a connection cache */ + ret = sdap_id_conn_cache_create(conn, id_ctx, conn, &conn->conn_cache); + if (ret != EOK) { + talloc_free(conn); + return NULL; + } + DLIST_ADD_END(id_ctx->conn, conn, struct sdap_id_conn_ctx *); + + return conn; +} + +struct sdap_id_ctx * +sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, + struct sdap_service *sdap_service) +{ + struct sdap_id_ctx *sdap_ctx; + + sdap_ctx = talloc_zero(mem_ctx, struct sdap_id_ctx); + if (sdap_ctx == NULL) { + return NULL; + } + sdap_ctx->be = bectx; + + /* There should be at least one connection context */ + sdap_ctx->conn = sdap_id_ctx_conn_add(sdap_ctx, sdap_service); + if (sdap_ctx->conn == NULL) { + talloc_free(sdap_ctx); + return NULL; + } + + return sdap_ctx; +} diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 2d17b755..8c608354 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -42,17 +42,26 @@ /* a fd the child process would log into */ extern int ldap_child_debug_fd; +struct sdap_id_ctx; + +struct sdap_id_conn_ctx { + struct sdap_id_ctx *id_ctx; + + struct sdap_service *service; + /* LDAP connection cache */ + struct sdap_id_conn_cache *conn_cache; + /* dlinklist pointers */ + struct sdap_id_conn_ctx *prev, *next; +}; + struct sdap_id_ctx { struct be_ctx *be; struct sdap_options *opts; - struct fo_service *fo_service; - struct sdap_service *service; /* If using GSSAPI */ struct krb5_service *krb5_service; - - /* LDAP connection cache */ - struct sdap_id_conn_cache *conn_cache; + /* connection to a server */ + struct sdap_id_conn_ctx *conn; /* enumeration loop timer */ struct timeval last_enum; @@ -235,4 +244,12 @@ sdap_set_sasl_options(struct sdap_options *id_opts, char *default_realm, const char *keytab_path); +struct sdap_id_conn_ctx * +sdap_id_ctx_conn_add(struct sdap_id_ctx *id_ctx, + struct sdap_service *sdap_service); + +struct sdap_id_ctx * +sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, + struct sdap_service *sdap_service); + #endif /* _LDAP_COMMON_H_ */ diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 13b607ac..a7987810 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -80,7 +80,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; @@ -403,7 +403,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; @@ -698,7 +698,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; @@ -862,7 +862,7 @@ void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx) check_ctx->be_req = be_req; req = sdap_cli_connect_send(be_req, be_ctx->ev, ctx->opts, - be_ctx, ctx->service, false, + be_ctx, ctx->conn->service, false, CON_TLS_DFL, false); if (req == NULL) { DEBUG(1, ("sdap_cli_connect_send failed.\n")); @@ -1280,7 +1280,7 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, state->id_ctx = id_ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->id_ctx->conn_cache); + state->op = sdap_id_op_create(state, state->id_ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c index 6c5a378e..7a2129d9 100644 --- a/src/providers/ldap/ldap_id_enum.c +++ b/src/providers/ldap/ldap_id_enum.c @@ -212,7 +212,7 @@ struct tevent_req *ldap_id_enumerate_send(struct tevent_context *ev, state->ev = ev; state->ctx = ctx; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); talloc_zfree(req); diff --git a/src/providers/ldap/ldap_id_netgroup.c b/src/providers/ldap/ldap_id_netgroup.c index 5080cfb6..6788a52e 100644 --- a/src/providers/ldap/ldap_id_netgroup.c +++ b/src/providers/ldap/ldap_id_netgroup.c @@ -70,7 +70,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, state->ctx = ctx; state->dp_error = DP_ERR_FATAL; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_id_services.c b/src/providers/ldap/ldap_id_services.c index 5699bf0d..5c3c53f2 100644 --- a/src/providers/ldap/ldap_id_services.c +++ b/src/providers/ldap/ldap_id_services.c @@ -82,7 +82,7 @@ services_get_send(TALLOC_CTX *mem_ctx, state->protocol = protocol; state->filter_type = filter_type; - state->op = sdap_id_op_create(state, state->id_ctx->conn_cache); + state->op = sdap_id_op_create(state, state->id_ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_MINOR_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index f70c8f1b..56339961 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -87,11 +87,13 @@ int sssm_ldap_id_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { - struct sdap_id_ctx *ctx; + struct sdap_id_ctx *ctx = NULL; const char *urls; const char *backup_urls; const char *dns_service_name; const char *sasl_mech; + struct sdap_service *sdap_service; + struct sdap_options *opts; int ret; /* If we're already set up, just return that */ @@ -103,37 +105,40 @@ int sssm_ldap_id_init(struct be_ctx *bectx, return EOK; } - ctx = talloc_zero(bectx, struct sdap_id_ctx); - if (!ctx) return ENOMEM; - - ctx->be = bectx; - - ret = ldap_get_options(ctx, bectx->cdb, - bectx->conf_path, &ctx->opts); + ret = ldap_get_options(bectx, bectx->cdb, + bectx->conf_path, &opts); if (ret != EOK) { goto done; } - dns_service_name = dp_opt_get_string(ctx->opts->basic, + dns_service_name = dp_opt_get_string(opts->basic, SDAP_DNS_SERVICE_NAME); - DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name)); + DEBUG(SSSDBG_CONF_SETTINGS, + ("Service name for discovery set to %s\n", dns_service_name)); - urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI); - backup_urls = dp_opt_get_string(ctx->opts->basic, SDAP_BACKUP_URI); + urls = dp_opt_get_string(opts->basic, SDAP_URI); + backup_urls = dp_opt_get_string(opts->basic, SDAP_BACKUP_URI); - ret = sdap_service_init(ctx, ctx->be, "LDAP", + ret = sdap_service_init(bectx, bectx, "LDAP", dns_service_name, urls, backup_urls, - &ctx->service); + &sdap_service); if (ret != EOK) { - DEBUG(1, ("Failed to initialize failover service!\n")); + DEBUG(SSSDBG_OP_FAILURE, ("Failed to initialize failover service!\n")); goto done; } + ctx = sdap_id_ctx_new(bectx, bectx, sdap_service); + if (!ctx) { + ret = ENOMEM; + goto done; + } + ctx->opts = talloc_steal(ctx, opts); + sasl_mech = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_MECH); if (sasl_mech && strcasecmp(sasl_mech, "GSSAPI") == 0) { if (dp_opt_get_bool(ctx->opts->basic, SDAP_KRB5_KINIT)) { ret = sdap_gssapi_init(ctx, ctx->opts->basic, - ctx->be, ctx->service, + ctx->be, ctx->conn->service, &ctx->krb5_service); if (ret != EOK) { DEBUG(1, ("sdap_gssapi_init failed [%d][%s].\n", @@ -150,11 +155,6 @@ int sssm_ldap_id_init(struct be_ctx *bectx, goto done; } - ret = sdap_id_conn_cache_create(ctx, ctx, &ctx->conn_cache); - if (ret != EOK) { - goto done; - } - /* Set up the ID mapping object */ ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx); if (ret != EOK) goto done; @@ -185,6 +185,7 @@ int sssm_ldap_id_init(struct be_ctx *bectx, done: if (ret != EOK) { + talloc_free(opts); talloc_free(ctx); } return ret; @@ -208,7 +209,7 @@ int sssm_ldap_auth_init(struct be_ctx *bectx, ctx->be = bectx; ctx->opts = id_ctx->opts; - ctx->service = id_ctx->service; + ctx->service = id_ctx->conn->service; ctx->chpass_service = NULL; *ops = &sdap_auth_ops; diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 1b2f6993..e7454234 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -718,7 +718,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, DEBUG(6, ("Checking filter against LDAP\n")); - state->sdap_op = sdap_id_op_create(state, state->sdap_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, + state->sdap_ctx->conn->conn_cache); if (!state->sdap_op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/sdap_autofs.c b/src/providers/ldap/sdap_autofs.c index 0bb211aa..e7947c9b 100644 --- a/src/providers/ldap/sdap_autofs.c +++ b/src/providers/ldap/sdap_autofs.c @@ -154,7 +154,7 @@ sdap_autofs_get_map_send(TALLOC_CTX *mem_ctx, state->dp_error = DP_ERR_FATAL; state->map_name = map_name; - state->op = sdap_id_op_create(state, state->ctx->conn_cache); + state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c index d7e20ca4..8fe2011d 100644 --- a/src/providers/ldap/sdap_dyndns.c +++ b/src/providers/ldap/sdap_dyndns.c @@ -500,7 +500,7 @@ sdap_dyndns_get_addrs_send(TALLOC_CTX *mem_ctx, } /* Detect DYNDNS address from LDAP connection */ - state->sdap_op = sdap_id_op_create(state, sdap_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, sdap_ctx->conn->conn_cache); if (!state->sdap_op) { ret = ENOMEM; DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); @@ -664,7 +664,7 @@ sdap_dyndns_timer_conn_send(TALLOC_CTX *mem_ctx, state->dyndns_ctx->timer_in_progress = true; /* Make sure to have a valid LDAP connection */ - state->sdap_op = sdap_id_op_create(state, state->sdap_ctx->conn_cache); + state->sdap_op = sdap_id_op_create(state, state->sdap_ctx->conn->conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c index 02142103..be25b5da 100644 --- a/src/providers/ldap/sdap_id_op.c +++ b/src/providers/ldap/sdap_id_op.c @@ -28,7 +28,7 @@ /* LDAP async connection cache */ struct sdap_id_conn_cache { - struct sdap_id_ctx *id_ctx; + struct sdap_id_conn_ctx *id_conn; /* list of all open connections */ struct sdap_id_conn_data *connections; @@ -103,6 +103,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq); /* Create a connection cache */ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, + struct sdap_id_conn_ctx *id_conn, struct sdap_id_conn_cache** conn_cache_out) { int ret; @@ -113,9 +114,9 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, goto fail; } - conn_cache->id_ctx = id_ctx; + conn_cache->id_conn = id_conn; - ret = be_add_offline_cb(conn_cache, id_ctx->be, + ret = be_add_offline_cb(conn_cache, id_conn->id_ctx->be, sdap_id_conn_cache_be_offline_cb, conn_cache, NULL); if (ret != EOK) { @@ -123,7 +124,7 @@ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, goto fail; } - ret = be_add_reconnect_cb(conn_cache, id_ctx->be, + ret = be_add_reconnect_cb(conn_cache, id_conn->id_ctx->be, sdap_id_conn_cache_fo_reconnect_cb, conn_cache, NULL); if (ret != EOK) { @@ -224,7 +225,7 @@ static bool sdap_can_reuse_connection(struct sdap_id_conn_data *conn_data) return false; } - timeout = dp_opt_get_int(conn_data->conn_cache->id_ctx->opts->basic, + timeout = dp_opt_get_int(conn_data->conn_cache->id_conn->id_ctx->opts->basic, SDAP_OPT_TIMEOUT); return !sdap_is_connection_expired(conn_data, timeout); } @@ -242,7 +243,7 @@ static int sdap_id_conn_data_set_expire_timer(struct sdap_id_conn_data *conn_dat return EOK; } - timeout = dp_opt_get_int(conn_data->conn_cache->id_ctx->opts->basic, + timeout = dp_opt_get_int(conn_data->conn_cache->id_conn->id_ctx->opts->basic, SDAP_OPT_TIMEOUT); if (timeout > 0) { tv.tv_sec -= timeout; @@ -255,10 +256,10 @@ static int sdap_id_conn_data_set_expire_timer(struct sdap_id_conn_data *conn_dat talloc_zfree(conn_data->expire_timer); conn_data->expire_timer = - tevent_add_timer(conn_data->conn_cache->id_ctx->be->ev, - conn_data, tv, - sdap_id_conn_data_expire_handler, - conn_data); + tevent_add_timer(conn_data->conn_cache->id_conn->id_ctx->be->ev, + conn_data, tv, + sdap_id_conn_data_expire_handler, + conn_data); if (!conn_data->expire_timer) { return ENOMEM; } @@ -349,8 +350,8 @@ static bool sdap_id_op_can_reconnect(struct sdap_id_op *op) int max_retries; int count; - count = be_fo_get_server_count(op->conn_cache->id_ctx->be, - op->conn_cache->id_ctx->service->name); + count = be_fo_get_server_count(op->conn_cache->id_conn->id_ctx->be, + op->conn_cache->id_conn->service->name); max_retries = 2 * count -1; if (max_retries < 1) { max_retries = 1; @@ -361,7 +362,7 @@ static bool sdap_id_op_can_reconnect(struct sdap_id_op *op) /* state of connect request */ struct sdap_id_op_connect_state { - struct sdap_id_ctx *id_ctx; + struct sdap_id_conn_ctx *id_conn; struct tevent_context *ev; struct sdap_id_op *op; int dp_error; @@ -411,8 +412,8 @@ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op, talloc_set_destructor((void*)state, sdap_id_op_connect_state_destroy); - state->id_ctx = op->conn_cache->id_ctx; - state->ev = state->id_ctx->be->ev; + state->id_conn = op->conn_cache->id_conn; + state->ev = state->id_conn->id_ctx->be->ev; state->op = op; op->connect_req = req; @@ -489,9 +490,9 @@ static int sdap_id_op_connect_step(struct tevent_req *req) conn_data->conn_cache = conn_cache; subreq = sdap_cli_connect_send(conn_data, state->ev, - state->id_ctx->opts, - state->id_ctx->be, - state->id_ctx->service, false, + state->id_conn->id_ctx->opts, + state->id_conn->id_ctx->be, + state->id_conn->service, false, CON_TLS_DFL, false); if (!subreq) { @@ -555,12 +556,12 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) /* be is going offline as there is no more servers to try */ DEBUG(1, ("Failed to connect, going offline (%d [%s])\n", ret, strerror(ret))); - be_mark_offline(conn_cache->id_ctx->be); + be_mark_offline(conn_cache->id_conn->id_ctx->be); is_offline = true; } if (ret == EOK) { - current_srv_opts = conn_cache->id_ctx->srv_opts; + current_srv_opts = conn_cache->id_conn->id_ctx->srv_opts; if (current_srv_opts) { DEBUG(8, ("Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn)); @@ -579,7 +580,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) } } ret = sdap_id_conn_data_set_expire_timer(conn_data); - sdap_steal_server_opts(conn_cache->id_ctx, &srv_opts); + sdap_steal_server_opts(conn_cache->id_conn->id_ctx, &srv_opts); } if (can_retry) { @@ -596,7 +597,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) /* do not attempt to retry on errors like ENOMEM */ can_retry = false; is_offline = true; - be_mark_offline(conn_cache->id_ctx->be); + be_mark_offline(conn_cache->id_conn->id_ctx->be); break; } } @@ -635,7 +636,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (can_retry) { /* determining whether retry is possible */ - if (be_is_offline(conn_cache->id_ctx->be)) { + if (be_is_offline(conn_cache->id_conn->id_ctx->be)) { /* be is offline, no retry possible */ if (ret == EOK) { DEBUG(9, ("skipping automatic retry on op #%d as be is offline\n", notify_count)); @@ -686,12 +687,12 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if ((ret == EOK) && conn_data->sh->connected && - !be_is_offline(conn_cache->id_ctx->be)) { + !be_is_offline(conn_cache->id_conn->id_ctx->be)) { DEBUG(9, ("caching successful connection after %d notifies\n", notify_count)); conn_cache->cached_connection = conn_data; /* Run any post-connection routines */ - be_run_online_cb(conn_cache->id_ctx->be); + be_run_online_cb(conn_cache->id_conn->id_ctx->be); } else { if (conn_cache->cached_connection == conn_data) { @@ -704,9 +705,9 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) if (reinit) { DEBUG(SSSDBG_TRACE_FUNC, ("Server reinitialization detected. " "Cleaning cache.\n")); - reinit_req = sdap_reinit_cleanup_send(conn_cache->id_ctx->be, - conn_cache->id_ctx->be, - conn_cache->id_ctx); + reinit_req = sdap_reinit_cleanup_send(conn_cache->id_conn->id_ctx->be, + conn_cache->id_conn->id_ctx->be, + conn_cache->id_conn->id_ctx); if (reinit_req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to perform reinitialization " "clean up.\n")); @@ -804,14 +805,14 @@ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) op->conn_cache->cached_connection = NULL; DEBUG(5, ("communication error on cached connection, moving to next server\n")); - be_fo_try_next_server(op->conn_cache->id_ctx->be, - op->conn_cache->id_ctx->service->name); + be_fo_try_next_server(op->conn_cache->id_conn->id_ctx->be, + op->conn_cache->id_conn->service->name); } int dp_err; if (retval == EOK) { dp_err = DP_ERR_OK; - } else if (be_is_offline(op->conn_cache->id_ctx->be)) { + } else if (be_is_offline(op->conn_cache->id_conn->id_ctx->be)) { /* if backend is already offline, just report offline, do not duplicate errors */ dp_err = DP_ERR_OFFLINE; retval = EAGAIN; diff --git a/src/providers/ldap/sdap_id_op.h b/src/providers/ldap/sdap_id_op.h index f36037a9..b808dd89 100644 --- a/src/providers/ldap/sdap_id_op.h +++ b/src/providers/ldap/sdap_id_op.h @@ -26,6 +26,7 @@ #define _SDAP_ID_OP_H_ struct sdap_id_ctx; +struct sdap_id_conn_ctx; /* LDAP async connection cache */ struct sdap_id_conn_cache; @@ -38,6 +39,7 @@ struct sdap_id_op; /* Create a connection cache */ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, + struct sdap_id_conn_ctx *id_conn, struct sdap_id_conn_cache** conn_cache_out); /* Create an operation object */ diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index 3472da67..315f254a 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -508,7 +508,7 @@ void sdap_sudo_handler(struct be_req *be_req) case BE_REQ_SUDO_RULES: DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a refresh of specific sudo rules\n")); req = sdap_sudo_rules_refresh_send(be_req, sudo_ctx, id_ctx->be, - id_ctx->opts, id_ctx->conn_cache, + id_ctx->opts, id_ctx->conn->conn_cache, sudo_req->rules); break; default: @@ -585,7 +585,7 @@ static struct tevent_req *sdap_sudo_full_refresh_send(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a full refresh of sudo rules\n")); subreq = sdap_sudo_refresh_send(state, id_ctx->be, id_ctx->opts, - id_ctx->conn_cache, + id_ctx->conn->conn_cache, ldap_full_filter, sysdb_filter); if (subreq == NULL) { ret = ENOMEM; @@ -901,7 +901,7 @@ static struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, "(USN > %s)\n", (usn == NULL ? "0" : usn))); subreq = sdap_sudo_refresh_send(state, id_ctx->be, id_ctx->opts, - id_ctx->conn_cache, + id_ctx->conn->conn_cache, ldap_full_filter, NULL); if (subreq == NULL) { ret = ENOMEM; |