rpms/sssd
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b4343b24b6
sssd/0014-AD-Remember-last-site-discovered.patch
Lukas Slebodnik 1dedfbb334 Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout 
Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
                          or machine swaps
Resolves: failure in glibc tests
          https://sourceware.org/bugzilla/show_bug.cgi?id=22530
Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
                          auth_provider ldap, login fails if the LDAP server
                          is not allowing anonymous binds
Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
                          corrected with AD
Resolves: upstream#3586 - Give a more detailed debug and system-log message
                          if krb5_init_context() failed
Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
                         in /etc/systemd/system
Backport few upstream features from 1.16.1
2017-12-04 21:42:37 +01:00

109 lines
3.4 KiB
Diff
Raw Blame History

From ceb9cc228793551eb0fc42234ee3f9b3c9d6cb9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 18 Oct 2017 15:20:34 +0200
Subject: [PATCH 14/79] AD: Remember last site discovered
To discover Active Directory site for a client we must first contact any
directory controller for an LDAP ping. This is done by searching
domain-wide DNS tree which may however contain servers that are not
reachable from current site and than we face long timeouts or failure.
This patch makes sssd remember the last successfuly discovered site
and use this for DNS search to lookup a site and forest again similar
to what we do when ad_site option is set.
Resolves:
https://pagure.io/SSSD/sssd/issue/3265
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
src/providers/ad/ad_srv.c | 44 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 43 insertions(+), 1 deletion(-)
diff --git a/src/providers/ad/ad_srv.c b/src/providers/ad/ad_srv.c
index ff01ee95c4d2c6875a989394489f1a0495cc3003..be1ba0f237add894566ae713ce5e29fd202d414c 100644
--- a/src/providers/ad/ad_srv.c
+++ b/src/providers/ad/ad_srv.c
@@ -481,6 +481,7 @@ struct ad_srv_plugin_ctx {
const char *hostname;
const char *ad_domain;
const char *ad_site_override;
+ const char *current_site;
};
struct ad_srv_plugin_ctx *
@@ -518,6 +519,11 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
if (ctx->ad_site_override == NULL) {
goto fail;
}
+
+ ctx->current_site = talloc_strdup(ctx, ad_site_override);
+ if (ctx->current_site == NULL) {
+ goto fail;
+ }
}
return ctx;
@@ -527,6 +533,32 @@ fail:
return NULL;
}
+static errno_t
+ad_srv_plugin_ctx_switch_site(struct ad_srv_plugin_ctx *ctx,
+ const char *new_site)
+{
+ const char *site;
+ errno_t ret;
+
+ if (new_site == NULL) {
+ return EOK;
+ }
+
+ if (ctx->current_site != NULL && strcmp(ctx->current_site, new_site) == 0) {
+ return EOK;
+ }
+
+ site = talloc_strdup(ctx, new_site);
+ if (site == NULL) {
+ return ENOMEM;
+ }
+
+ talloc_zfree(ctx->current_site);
+ ctx->current_site = site;
+
+ return EOK;
+}
+
struct ad_srv_plugin_state {
struct tevent_context *ev;
struct ad_srv_plugin_ctx *ctx;
@@ -613,7 +645,7 @@ struct tevent_req *ad_srv_plugin_send(TALLOC_CTX *mem_ctx,
subreq = ad_get_dc_servers_send(state, ev, ctx->be_res->resolv,
state->discovery_domain,
- state->ctx->ad_site_override);
+ state->ctx->current_site);
if (subreq == NULL) {
ret = ENOMEM;
goto immediately;
@@ -709,6 +741,16 @@ static void ad_srv_plugin_site_done(struct tevent_req *subreq)
backup_domain = NULL;
if (ret == EOK) {
+ /* Remember current site so it can be used during next lookup so
+ * we can contact directory controllers within a known reachable
+ * site first. */
+ ret = ad_srv_plugin_ctx_switch_site(state->ctx, state->site);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set site [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto done;
+ }
+
if (strcmp(state->service, "gc") == 0) {
if (state->forest != NULL) {
if (state->site != NULL) {
--
2.15.1
Reference in New Issue View Git Blame Copy Permalink