diff options
| author | Sumit Bose <sbose@redhat.com> | 2012-10-18 18:04:06 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-05 00:14:05 +0100 |
| commit | 3d05f3430006f6fe2f623c07eecfbe734519df5e (patch) | |
| tree | 10aad306849637aaf09f1bb6d84e3339e8372be3 /src/providers | |
| parent | 905579cfac2e0fe4b88bd204051264104a3f1700 (diff) | |
| download | sssd-3d05f3430006f6fe2f623c07eecfbe734519df5e.tar.gz sssd-3d05f3430006f6fe2f623c07eecfbe734519df5e.tar.xz sssd-3d05f3430006f6fe2f623c07eecfbe734519df5e.zip | |
check_ccache_files: search sub-domains as well
If sssd is configured to renew Kerberos tickets automatically ticket of
sub-domain uses should be renewed as well.
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/krb5/krb5_renew_tgt.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c index 2ad5592e9..217e03d32 100644 --- a/src/providers/krb5/krb5_renew_tgt.c +++ b/src/providers/krb5/krb5_renew_tgt.c @@ -373,7 +373,8 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) { TALLOC_CTX *tmp_ctx; int ret; - const char *ccache_filter = "("SYSDB_CCACHE_FILE"=*)"; + const char *ccache_filter = "(&("SYSDB_CCACHE_FILE"=*)" \ + "("SYSDB_OBJECTCLASS"="SYSDB_USER_CLASS"))"; const char *ccache_attrs[] = { SYSDB_CCACHE_FILE, SYSDB_UPN, SYSDB_NAME, NULL }; size_t msgs_count = 0; @@ -382,6 +383,7 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) const char *ccache_file; const char *upn; const char *user_name; + struct ldb_dn *base_dn; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -389,10 +391,18 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) return ENOMEM; } - ret = sysdb_search_users(tmp_ctx, renew_tgt_ctx->be_ctx->sysdb, - ccache_filter, ccache_attrs, &msgs_count, &msgs); + base_dn = sysdb_base_dn(renew_tgt_ctx->be_ctx->sysdb, tmp_ctx); + if (base_dn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_base_dn failed.\n")); + ret = ENOMEM; + goto done; + } + + ret = sysdb_search_entry(tmp_ctx, renew_tgt_ctx->be_ctx->sysdb, base_dn, + LDB_SCOPE_SUBTREE, ccache_filter, ccache_attrs, + &msgs_count, &msgs); if (ret != EOK) { - DEBUG(1, ("sysdb_search_users failed.\n")); + DEBUG(1, ("sysdb_search_entry failed.\n")); goto done; } |