Since we enumerate in background and use the member/memberof scheme you
can't do group enumerations without also doing a user enumeration first.
So turn the enumeration option into a boolean with warnings if the old
syntax is used.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From 710330f9b76fd3b9041be7ed9ddc6b2d2accc4a3 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Mon, 31 Aug 2009 10:10:59 -0400
Subject: [PATCH] Turn enumeration into a boolean value
---
server/confdb/confdb.c | 21 +++++++++++++++++----
server/confdb/confdb.h | 2 +-
server/responder/nss/nsssrv.h | 4 ----
server/responder/nss/nsssrv_cmd.c | 8 ++++----
4 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index 70710d1..ef98fe9 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -683,7 +683,7 @@ int confdb_get_domain(struct confdb_ctx *cdb,
TALLOC_CTX *tmp_ctx;
struct ldb_dn *dn;
const char *tmp;
- int ret;
+ int ret, val;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) return ENOMEM;
@@ -744,9 +744,21 @@ int confdb_get_domain(struct confdb_ctx *cdb,
"timeout", 0);
/* Determine if this domain can be enumerated */
- domain->enumerate = ldb_msg_find_attr_as_int(res->msgs[0],
- "enumerate", 0);
- if (domain->enumerate == 0) {
+
+ /* TEMP: test if the old bitfield conf value is used and warn it has been
+ * superceeded. */
+ val = ldb_msg_find_attr_as_int(res->msgs[0], "enumerate", 0);
+ if (val > 0) { /* ok there was a number in here */
+ DEBUG(0, ("Warning: enumeration parameter in %s still uses integers! "
+ "Enunmeration is now a boolean and takes true/false values. "
+ "Interpreting as true\n", domain->name));
+ domain->enumerate = true;
+ } else { /* assume the new format */
+ if (ldb_msg_find_attr_as_bool(res->msgs[0], "enumerate", 0)) {
+ domain->enumerate = true;
+ }
+ }
+ if (!domain->enumerate) {
DEBUG(1, ("No enumeration for [%s]!\n", domain->name));
}
@@ -782,6 +794,7 @@ int confdb_get_domain(struct confdb_ctx *cdb,
}
*_domain = domain;
+ ret = EOK;
done:
talloc_free(tmp_ctx);
diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h
index 91eeff7..f565088 100644
--- a/server/confdb/confdb.h
+++ b/server/confdb/confdb.h
@@ -43,7 +43,7 @@ struct sss_domain_info {
char *name;
char *provider;
int timeout;
- int enumerate;
+ bool enumerate;
bool fqnames;
bool legacy;
bool mpg;
diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h
index e9bae0f..c5a7bb3 100644
--- a/server/responder/nss/nsssrv.h
+++ b/server/responder/nss/nsssrv.h
@@ -39,10 +39,6 @@
#define NSS_PACKET_MAX_RECV_SIZE 1024
-#define NSS_ENUM_USERS 0x01
-#define NSS_ENUM_GROUPS 0x02
-#define NSS_ENUM_ALL 0x03
-
#define NSS_SRV_CONFIG "config/services/nss"
struct getent_ctx;
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c
index 30fbc15..88749e9 100644
--- a/server/responder/nss/nsssrv_cmd.c
+++ b/server/responder/nss/nsssrv_cmd.c
@@ -1022,7 +1022,7 @@ static void nss_cmd_setpwent_callback(void *ptr, int status,
/* do not reply until all domain searches are done */
for (dom = dctx->domain->next; dom; dom = dom->next) {
- if ((dom->enumerate & NSS_ENUM_USERS) != 0) break;
+ if (dom->enumerate != 0) break;
}
dctx->domain = dom;
@@ -1150,7 +1150,7 @@ static int nss_cmd_setpwent_ext(struct cli_ctx *cctx, bool immediate)
/* check if enumeration is enabled in any domain */
for (dom = cctx->rctx->domains; dom; dom = dom->next) {
- if ((dom->enumerate & NSS_ENUM_USERS) != 0) break;
+ if (dom->enumerate != 0) break;
}
dctx->domain = dom;
@@ -2350,7 +2350,7 @@ static void nss_cmd_setgrent_callback(void *ptr, int status,
/* do not reply until all domain searches are done */
for (dom = dctx->domain->next; dom; dom = dom->next) {
- if ((dom->enumerate & NSS_ENUM_GROUPS) != 0) break;
+ if (dom->enumerate != 0) break;
}
dctx->domain = dom;
@@ -2478,7 +2478,7 @@ static int nss_cmd_setgrent_ext(struct cli_ctx *cctx, bool immediate)
/* check if enumeration is enabled in any domain */
for (dom = cctx->rctx->domains; dom; dom = dom->next) {
- if ((dom->enumerate & NSS_ENUM_GROUPS) != 0) break;
+ if (dom->enumerate != 0) break;
}
dctx->domain = dom;
--
1.6.2.5
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
