summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-09-16 15:33:03 -0400
committerStephen Gallagher <sgallagh@redhat.com>2011-11-02 11:12:12 -0400
commitfd94a375467ade9233e34513863571fc51fec2ed (patch)
tree8555ac503d78f270ad86400fab0861196fbbc96d /src/providers/ldap
parenta0e406e5219068aec1a531e2b09ee30309b266cf (diff)
downloadsssd-fd94a375467ade9233e34513863571fc51fec2ed.tar.gz
sssd-fd94a375467ade9233e34513863571fc51fec2ed.tar.bz2
sssd-fd94a375467ade9233e34513863571fc51fec2ed.zip
LDAP: Support multiple netgroup search bases
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/ldap_id_netgroup.c1
-rw-r--r--src/providers/ldap/sdap_async.h3
-rw-r--r--src/providers/ldap/sdap_async_netgroups.c75
3 files changed, 65 insertions, 14 deletions
diff --git a/src/providers/ldap/ldap_id_netgroup.c b/src/providers/ldap/ldap_id_netgroup.c
index 6e21956d..e05aaa75 100644
--- a/src/providers/ldap/ldap_id_netgroup.c
+++ b/src/providers/ldap/ldap_id_netgroup.c
@@ -152,6 +152,7 @@ static void netgroup_get_connect_done(struct tevent_req *subreq)
subreq = sdap_get_netgroups_send(state, state->ev,
state->domain, state->sysdb,
state->ctx->opts,
+ state->ctx->opts->netgroup_search_bases,
sdap_id_op_handle(state->op),
state->attrs, state->filter,
state->timeout);
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index c1637be5..2ef5ff24 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -70,9 +70,10 @@ struct tevent_req *sdap_get_netgroups_send(TALLOC_CTX *memctx,
struct sss_domain_info *dom,
struct sysdb_ctx *sysdb,
struct sdap_options *opts,
+ struct sdap_search_base **search_bases,
struct sdap_handle *sh,
const char **attrs,
- const char *wildcard,
+ const char *filter,
int timeout);
int sdap_get_netgroups_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx, char **timestamp,
diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index 586d079e..1f0d1dd2 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -25,6 +25,7 @@
#include "util/util.h"
#include "db/sysdb.h"
#include "providers/ldap/sdap_async_private.h"
+#include "providers/ldap/ldap_common.h"
static bool is_dn(const char *str)
{
@@ -570,13 +571,19 @@ struct sdap_get_netgroups_state {
struct sss_domain_info *dom;
struct sysdb_ctx *sysdb;
const char **attrs;
- const char *filter;
+ const char *base_filter;
+ char *filter;
+ int timeout;
char *higher_timestamp;
struct sysdb_attrs **netgroups;
size_t count;
+
+ size_t base_iter;
+ struct sdap_search_base **search_bases;
};
+static errno_t sdap_get_netgroups_next_base(struct tevent_req *req);
static void sdap_get_netgroups_process(struct tevent_req *subreq);
static void netgr_translate_members_done(struct tevent_req *subreq);
@@ -585,12 +592,14 @@ struct tevent_req *sdap_get_netgroups_send(TALLOC_CTX *memctx,
struct sss_domain_info *dom,
struct sysdb_ctx *sysdb,
struct sdap_options *opts,
+ struct sdap_search_base **search_bases,
struct sdap_handle *sh,
const char **attrs,
const char *filter,
int timeout)
{
- struct tevent_req *req, *subreq;
+ errno_t ret;
+ struct tevent_req *req;
struct sdap_get_netgroups_state *state;
req = tevent_req_create(memctx, &state, struct sdap_get_netgroups_state);
@@ -601,26 +610,55 @@ struct tevent_req *sdap_get_netgroups_send(TALLOC_CTX *memctx,
state->dom = dom;
state->sh = sh;
state->sysdb = sysdb;
- state->filter = filter;
state->attrs = attrs;
state->higher_timestamp = NULL;
state->netgroups = NULL;
state->count = 0;
+ state->timeout = timeout;
+ state->base_filter = filter;
+ state->base_iter = 0;
+ state->search_bases = search_bases;
- subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
- dp_opt_get_string(state->opts->basic,
- SDAP_NETGROUP_SEARCH_BASE),
- LDAP_SCOPE_SUBTREE,
- state->filter, state->attrs,
- state->opts->netgroup_map,
- SDAP_OPTS_NETGROUP, timeout);
+ ret = sdap_get_netgroups_next_base(req);
+ if (ret != EOK) {
+ tevent_req_error(req, ret);
+ tevent_req_post(req, state->ev);
+ }
+ return req;
+}
+
+static errno_t sdap_get_netgroups_next_base(struct tevent_req *req)
+{
+ struct tevent_req *subreq;
+ struct sdap_get_netgroups_state *state;
+
+ state = tevent_req_data(req, struct sdap_get_netgroups_state);
+
+ talloc_zfree(state->filter);
+ state->filter = sdap_get_id_specific_filter(state,
+ state->base_filter,
+ state->search_bases[state->base_iter]->filter);
+ if (!state->filter) {
+ return ENOMEM;
+ }
+
+ DEBUG(SSSDBG_TRACE_FUNC,
+ ("Searching for netgroups with base [%s]\n",
+ state->search_bases[state->base_iter]->basedn));
+
+ subreq = sdap_get_generic_send(
+ state, state->ev, state->opts, state->sh,
+ state->search_bases[state->base_iter]->basedn,
+ state->search_bases[state->base_iter]->scope,
+ state->filter, state->attrs,
+ state->opts->netgroup_map, SDAP_OPTS_NETGROUP,
+ state->timeout);
if (!subreq) {
- talloc_zfree(req);
- return NULL;
+ return ENOMEM;
}
tevent_req_set_callback(subreq, sdap_get_netgroups_process, req);
- return req;
+ return EOK;
}
static void sdap_get_netgroups_process(struct tevent_req *subreq)
@@ -642,6 +680,17 @@ static void sdap_get_netgroups_process(struct tevent_req *subreq)
DEBUG(6, ("Search for netgroups, returned %d results.\n", state->count));
if (state->count == 0) {
+ /* No netgroups found in this search */
+ state->base_iter++;
+ if (state->search_bases[state->base_iter]) {
+ /* There are more search bases to try */
+ ret = sdap_get_netgroups_next_base(req);
+ if (ret != EOK) {
+ tevent_req_error(req, ENOENT);
+ }
+ return;
+ }
+
tevent_req_error(req, ENOENT);
return;
}