Skip to content

Refactor sdap_cli_connect #8282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pbrezina wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Refactor sdap_cli_connect #8282

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
490fbf5
errors: add ERR_SERVER_FAILURE
pbrezina Dec 9, 2025
88af601
sdap: remove be context from sdap_cli_connect code
pbrezina Dec 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions src/providers/ipa/ipa_auth.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,11 +329,11 @@ static void ipa_pam_auth_handler_flag_done(struct tevent_req *subreq)

if (password_migration) {
sdap_auth_ctx = state->auth_ctx->sdap_auth_ctx;
subreq = sdap_cli_connect_send(state, state->ev,
sdap_auth_ctx->opts,
sdap_auth_ctx->be,
sdap_auth_ctx->service,
true, CON_TLS_ON, true);
subreq = sdap_cli_resolve_and_connect_send(state, state->ev,
sdap_auth_ctx->opts,
sdap_auth_ctx->be,
sdap_auth_ctx->service,
true, CON_TLS_ON, true);
if (subreq == NULL) {
state->pd->pam_status = PAM_SYSTEM_ERR;
goto done;
Expand Down Expand Up @@ -373,7 +373,7 @@ static void ipa_pam_auth_handler_connect_done(struct tevent_req *subreq)

state->pd->pam_status = PAM_SYSTEM_ERR;

ret = sdap_cli_connect_recv(subreq, state, NULL, &sh, NULL);
ret = sdap_cli_resolve_and_connect_recv(subreq, state, NULL, &sh, NULL);
talloc_free(subreq);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Cannot connect to LDAP server to perform "
Expand Down
25 changes: 14 additions & 11 deletions src/providers/ldap/ldap_auth.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -797,11 +797,12 @@ static struct tevent_req *auth_connect_send(struct tevent_req *req)
use_tls = false;
}

subreq = sdap_cli_connect_send(state, state->ev, state->ctx->opts,
state->ctx->be,
state->sdap_service, false,
use_tls ? CON_TLS_ON : CON_TLS_OFF,
skip_conn_auth);
subreq = sdap_cli_resolve_and_connect_send(state, state->ev,
state->ctx->opts,
state->ctx->be,
state->sdap_service, false,
use_tls ? CON_TLS_ON : CON_TLS_OFF,
skip_conn_auth);

if (subreq == NULL) {
tevent_req_error(req, ENOMEM);
Expand Down Expand Up @@ -850,16 +851,18 @@ static void auth_connect_done(struct tevent_req *subreq)
struct auth_state);
int ret;

ret = sdap_cli_connect_recv(subreq, state, NULL, &state->sh, NULL);
ret = sdap_cli_resolve_and_connect_recv(subreq, state, NULL, &state->sh,
NULL);
talloc_zfree(subreq);
if (ret != EOK) {
/* As sdap_cli_connect_recv() returns EIO in case all the servers are
* down and we have to go offline, let's treat it accordingly here and
* allow the PAM responder to switch to offline authentication.
/* As sdap_cli_resolve_and_connect_recv() returns EIO in case all the
* servers are down and we have to go offline, let's treat it
* accordingly here and allow the PAM responder to switch to offline
* authentication.
*
* Unfortunately, there's not much pattern within our code and the way
* to indicate we're going down in this part of the code is returning
* an ETIMEDOUT.
* to indicate we're going down in this part of the code is returning an
* ETIMEDOUT.
*/
if (ret == EIO) {
tevent_req_error(req, ETIMEDOUT);
Expand Down
28 changes: 24 additions & 4 deletions src/providers/ldap/sdap_async.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -213,17 +213,37 @@ enum connect_tls {
struct tevent_req *sdap_cli_connect_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct sdap_options *opts,
struct be_ctx *be,
struct sdap_service *service,
const char *uri,
struct sockaddr *sockaddr,
socklen_t sockaddr_len,
bool skip_rootdse,
enum connect_tls force_tls,
bool skip_auth);
bool skip_auth,
time_t kinit_expire_time);

int sdap_cli_connect_recv(struct tevent_req *req,
TALLOC_CTX *memctx,
bool *can_retry,
struct sdap_handle **gsh,
struct sdap_server_opts **srv_opts);

struct tevent_req *
sdap_cli_resolve_and_connect_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sdap_options *opts,
struct be_ctx *be,
struct sdap_service *service,
bool skip_rootdse,
enum connect_tls force_tls,
bool skip_auth);

errno_t
sdap_cli_resolve_and_connect_recv(struct tevent_req *req,
TALLOC_CTX *memctx,
bool *can_retry,
struct sdap_handle **gsh,
struct sdap_server_opts **srv_opts);


/* Exposes all options of generic send while allowing to parse by map */
struct tevent_req *sdap_get_and_parse_generic_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
Expand Down
Loading
Loading