diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-12-13 19:11:47 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-12-18 17:33:13 +0100 |
| commit | 6df937237ef5c8341cca7abd669610e55c94ce62 (patch) | |
| tree | d9936cf1d4cc64344a11a8ba7901e8d8e5899f69 /src | |
| parent | 214481d379fa2eeee2bfbe42ad813864218ee95a (diff) | |
| download | sssd-6df937237ef5c8341cca7abd669610e55c94ce62.tar.gz sssd-6df937237ef5c8341cca7abd669610e55c94ce62.tar.xz sssd-6df937237ef5c8341cca7abd669610e55c94ce62.zip | |
AD: Refresh subdomain data structures on startup
Previously, if no changes were done to the list of subdomains, the SSSD
didn't update its list of sdap_domain mappings for the new subdomain.
This resulted in errors as no id_ctx was present for the subdomain
during lookup.
This patch moves the block of code performed during update to a function
of its own and calls it during provider initialization as well.
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/ad/ad_subdomains.c | 49 |
1 files changed, 32 insertions, 17 deletions
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 100fb13e9..e438a688c 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -414,6 +414,31 @@ done: return ret; } +static errno_t ad_subdom_reinit(struct ad_subdomains_ctx *ctx) +{ + errno_t ret; + + ret = sysdb_update_subdomains(ctx->be_ctx->domain); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_update_subdomains failed.\n")); + return ret; + } + + ret = sss_write_domain_mappings(ctx->be_ctx->domain, false); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("sss_krb5_write_mappings failed.\n")); + /* Just continue */ + } + + ret = ads_store_sdap_subdom(ctx, ctx->be_ctx->domain); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("ads_store_sdap_subdom failed.\n")); + return ret; + } + + return EOK; +} + static void ad_subdomains_get_conn_done(struct tevent_req *req); static void ad_subdomains_master_dom_done(struct tevent_req *req); static errno_t ad_subdomains_get_slave(struct ad_subdomains_req_ctx *ctx); @@ -619,25 +644,15 @@ static void ad_subdomains_get_slave_domain_done(struct tevent_req *req) goto done; } - if (refresh_has_changes) { - ret = sysdb_update_subdomains(ctx->sd_ctx->be_ctx->domain); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("sysdb_update_subdomains failed.\n")); - goto done; - } + DEBUG(SSSDBG_TRACE_LIBS, ("There are %schanges\n", + refresh_has_changes ? "" : "no ")); - ret = ads_store_sdap_subdom(ctx->sd_ctx, ctx->sd_ctx->be_ctx->domain); + if (refresh_has_changes) { + ret = ad_subdom_reinit(ctx->sd_ctx); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("ads_store_sdap_subdom failed.\n")); + DEBUG(SSSDBG_OP_FAILURE, ("Could not reinitialize subdomains\n")); goto done; } - - ret = sss_write_domain_mappings(ctx->sd_ctx->be_ctx->domain, false); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("sss_krb5_write_mappings failed.\n")); - /* Just continue */ - } } ret = EOK; @@ -783,9 +798,9 @@ int ad_subdom_init(struct be_ctx *be_ctx, return EFAULT; } - ret = sysdb_update_subdomains(be_ctx->domain); + ret = ad_subdom_reinit(ctx); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, ("Could not load the list of subdomains. " + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not reinitialize subdomains. " "Users from trusted domains might not be resolved correctly\n")); /* Ignore this error and try to discover the subdomains later */ } |