Modified responder_get_domain()

Now it checks for subdomains as well as for the domain itself

4 files changed, 39 insertions, 10 deletions

diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 47f4c3235..dd4c0008a 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -566,13 +566,14 @@ int sss_ncache_reset_permament(struct sss_nc_ctx *ctx)
 errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
                                struct confdb_ctx *cdb,
                                struct sss_names_ctx *names_ctx,
-                               struct sss_domain_info *domain_list)
+                               struct resp_ctx *rctx)
 {
     errno_t ret;
     bool filter_set = false;
     char **filter_list = NULL;
     char *name = NULL;
     struct sss_domain_info *dom = NULL;
+    struct sss_domain_info *domain_list = rctx->domains;
     char *domainname = NULL;
     char *conf_path = NULL;
     TALLOC_CTX *tmpctx = talloc_new(NULL);
@@ -649,7 +650,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
             continue;
         }
         if (domainname) {
-            dom = responder_get_domain(domain_list, domainname);
+            dom = responder_get_domain(tmpctx, rctx, domainname);
             if (!dom) {
                 DEBUG(SSSDBG_CRIT_FAILURE,
                       ("Invalid domain name [%s]\n", domainname));
@@ -746,7 +747,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
             continue;
         }
         if (domainname) {
-            dom = responder_get_domain(domain_list, domainname);
+            dom = responder_get_domain(tmpctx, rctx, domainname);
             if (!dom) {
                 DEBUG(SSSDBG_CRIT_FAILURE,
                       ("Invalid domain name [%s]\n", domainname));
diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
index 74f7ff344..9d070c697 100644
--- a/src/responder/common/negcache.h
+++ b/src/responder/common/negcache.h
@@ -73,6 +73,6 @@ int sss_ncache_reset_permament(struct sss_nc_ctx *ctx);
 errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
                                struct confdb_ctx *cdb,
                                struct sss_names_ctx *names_ctx,
-                               struct sss_domain_info *domain_list);
+                               struct resp_ctx *rctx);
 
 #endif /* _NSS_NEG_CACHE_H_ */
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index f331fee33..30a7101d4 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -157,7 +157,8 @@ int sss_parse_name(TALLOC_CTX *memctx,
 int sss_dp_get_domain_conn(struct resp_ctx *rctx, const char *domain,
                            struct be_conn **_conn);
 struct sss_domain_info *
-responder_get_domain(struct sss_domain_info *doms, const char *domain);
+responder_get_domain(TALLOC_CTX *sd_mem_ctx, struct resp_ctx *rctx,
+                     const char *domain);
 
 /* responder_cmd.c */
 int sss_cmd_empty_packet(struct sss_packet *packet);
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 661483872..2c1ae28be 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -633,16 +633,43 @@ int sss_dp_get_domain_conn(struct resp_ctx *rctx, const char *domain,
 }
 
 struct sss_domain_info *
-responder_get_domain(struct sss_domain_info *doms, const char *domain)
+responder_get_domain(TALLOC_CTX *sd_mem_ctx, struct resp_ctx *rctx,
+                     const char *domain)
 {
+    time_t now = time(NULL);
+    time_t time_diff;
     struct sss_domain_info *dom;
+    struct sss_domain_info *ret_dom = NULL;
+    int i;
 
-    for (dom = doms; dom; dom = dom->next) {
-        if (strcasecmp(dom->name, domain) == 0) break;
+    for (dom = rctx->domains; dom; dom = dom->next) {
+        if (strcasecmp(dom->name, domain) == 0) {
+            ret_dom = dom;
+            break;
+        }
+
+        for (i = 0; i < dom->subdomain_count; i++) {
+            if (strcasecmp(dom->subdomains[i]->name, domain) == 0 ||
+                (dom->subdomains[i]->flat_name != NULL &&
+                 strcasecmp(dom->subdomains[i]->flat_name, domain) == 0)) {
+                /* Sub-domains may come and go, so we better copy the struct
+                 * for each request. */
+                ret_dom = copy_subdomain(sd_mem_ctx, dom->subdomains[i]);
+                break;
+            }
+        }
+
+        time_diff = now - dom->subdomains_last_checked.tv_sec;
+        if (i < dom->subdomain_count && time_diff < rctx->domains_timeout) break;
+    }
+    /* FIXME: we might want to return a real error, e.g. if copy_subdomain
+     * fails. */
+    if (!ret_dom) {
+        DEBUG(SSSDBG_OP_FAILURE, ("Unknown domain [%s], checking for"
+                                  "possible subdomains!\n", domain));
     }
-    if (!dom) DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown domain [%s]!\n", domain));
 
-    return dom;
+    return ret_dom;
 }
 
 int responder_logrotate(DBusMessage *message,