summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/responder/autofs/autofssrv_cmd.c2
-rw-r--r--src/responder/common/negcache.c7
-rw-r--r--src/responder/common/negcache.h2
-rw-r--r--src/responder/common/responder.h3
-rw-r--r--src/responder/common/responder_common.c37
-rw-r--r--src/responder/nss/nsssrv.c2
-rw-r--r--src/responder/nss/nsssrv_cmd.c6
-rw-r--r--src/responder/nss/nsssrv_netgroup.c2
-rw-r--r--src/responder/nss/nsssrv_services.c2
-rw-r--r--src/responder/pam/pamsrv.c2
-rw-r--r--src/responder/pam/pamsrv_cmd.c2
-rw-r--r--src/responder/ssh/sshsrv_cmd.c4
-rw-r--r--src/responder/sudo/sudosrv_cmd.c2
13 files changed, 51 insertions, 22 deletions
diff --git a/src/responder/autofs/autofssrv_cmd.c b/src/responder/autofs/autofssrv_cmd.c
index 7497a18fc..ebf68b84a 100644
--- a/src/responder/autofs/autofssrv_cmd.c
+++ b/src/responder/autofs/autofssrv_cmd.c
@@ -386,7 +386,7 @@ setautomntent_send(TALLOC_CTX *mem_ctx,
state->mapname, domname?domname:"<ALL>"));
if (domname) {
- dctx->domain = responder_get_domain(client->rctx->domains, domname);
+ dctx->domain = responder_get_domain(dctx, client->rctx, domname);
if (!dctx->domain) {
goto fail;
}
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 47f4c3235..dd4c0008a 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -566,13 +566,14 @@ int sss_ncache_reset_permament(struct sss_nc_ctx *ctx)
errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
struct confdb_ctx *cdb,
struct sss_names_ctx *names_ctx,
- struct sss_domain_info *domain_list)
+ struct resp_ctx *rctx)
{
errno_t ret;
bool filter_set = false;
char **filter_list = NULL;
char *name = NULL;
struct sss_domain_info *dom = NULL;
+ struct sss_domain_info *domain_list = rctx->domains;
char *domainname = NULL;
char *conf_path = NULL;
TALLOC_CTX *tmpctx = talloc_new(NULL);
@@ -649,7 +650,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
continue;
}
if (domainname) {
- dom = responder_get_domain(domain_list, domainname);
+ dom = responder_get_domain(tmpctx, rctx, domainname);
if (!dom) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Invalid domain name [%s]\n", domainname));
@@ -746,7 +747,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
continue;
}
if (domainname) {
- dom = responder_get_domain(domain_list, domainname);
+ dom = responder_get_domain(tmpctx, rctx, domainname);
if (!dom) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Invalid domain name [%s]\n", domainname));
diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
index 74f7ff344..9d070c697 100644
--- a/src/responder/common/negcache.h
+++ b/src/responder/common/negcache.h
@@ -73,6 +73,6 @@ int sss_ncache_reset_permament(struct sss_nc_ctx *ctx);
errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
struct confdb_ctx *cdb,
struct sss_names_ctx *names_ctx,
- struct sss_domain_info *domain_list);
+ struct resp_ctx *rctx);
#endif /* _NSS_NEG_CACHE_H_ */
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index f331fee33..30a7101d4 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -157,7 +157,8 @@ int sss_parse_name(TALLOC_CTX *memctx,
int sss_dp_get_domain_conn(struct resp_ctx *rctx, const char *domain,
struct be_conn **_conn);
struct sss_domain_info *
-responder_get_domain(struct sss_domain_info *doms, const char *domain);
+responder_get_domain(TALLOC_CTX *sd_mem_ctx, struct resp_ctx *rctx,
+ const char *domain);
/* responder_cmd.c */
int sss_cmd_empty_packet(struct sss_packet *packet);
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 661483872..2c1ae28be 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -633,16 +633,43 @@ int sss_dp_get_domain_conn(struct resp_ctx *rctx, const char *domain,
}
struct sss_domain_info *
-responder_get_domain(struct sss_domain_info *doms, const char *domain)
+responder_get_domain(TALLOC_CTX *sd_mem_ctx, struct resp_ctx *rctx,
+ const char *domain)
{
+ time_t now = time(NULL);
+ time_t time_diff;
struct sss_domain_info *dom;
+ struct sss_domain_info *ret_dom = NULL;
+ int i;
- for (dom = doms; dom; dom = dom->next) {
- if (strcasecmp(dom->name, domain) == 0) break;
+ for (dom = rctx->domains; dom; dom = dom->next) {
+ if (strcasecmp(dom->name, domain) == 0) {
+ ret_dom = dom;
+ break;
+ }
+
+ for (i = 0; i < dom->subdomain_count; i++) {
+ if (strcasecmp(dom->subdomains[i]->name, domain) == 0 ||
+ (dom->subdomains[i]->flat_name != NULL &&
+ strcasecmp(dom->subdomains[i]->flat_name, domain) == 0)) {
+ /* Sub-domains may come and go, so we better copy the struct
+ * for each request. */
+ ret_dom = copy_subdomain(sd_mem_ctx, dom->subdomains[i]);
+ break;
+ }
+ }
+
+ time_diff = now - dom->subdomains_last_checked.tv_sec;
+ if (i < dom->subdomain_count && time_diff < rctx->domains_timeout) break;
+ }
+ /* FIXME: we might want to return a real error, e.g. if copy_subdomain
+ * fails. */
+ if (!ret_dom) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Unknown domain [%s], checking for"
+ "possible subdomains!\n", domain));
}
- if (!dom) DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown domain [%s]!\n", domain));
- return dom;
+ return ret_dom;
}
int responder_logrotate(DBusMessage *message,
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index f2c893033..1a0dcf439 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -163,7 +163,7 @@ static int nss_get_config(struct nss_ctx *nctx,
}
ret = sss_ncache_prepopulate(nctx->ncache, cdb, nctx->rctx->names,
- nctx->rctx->domains);
+ nctx->rctx);
if (ret != EOK) {
goto done;
}
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 50296251b..2c9a08330 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -886,7 +886,7 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx)
cmdctx->name, domname?domname:"<ALL>"));
if (domname) {
- dctx->domain = responder_get_domain(cctx->rctx->domains, domname);
+ dctx->domain = responder_get_domain(dctx, cctx->rctx, domname);
if (!dctx->domain) {
ret = ENOENT;
goto done;
@@ -2203,7 +2203,7 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx)
cmdctx->name, domname?domname:"<ALL>"));
if (domname) {
- dctx->domain = responder_get_domain(cctx->rctx->domains, domname);
+ dctx->domain = responder_get_domain(dctx, cctx->rctx, domname);
if (!dctx->domain) {
ret = ENOENT;
goto done;
@@ -3257,7 +3257,7 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx)
cmdctx->name, domname?domname:"<ALL>"));
if (domname) {
- dctx->domain = responder_get_domain(cctx->rctx->domains, domname);
+ dctx->domain = responder_get_domain(dctx, cctx->rctx, domname);
if (!dctx->domain) {
ret = ENOENT;
goto done;
diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
index c9fae8263..87b105719 100644
--- a/src/responder/nss/nsssrv_netgroup.c
+++ b/src/responder/nss/nsssrv_netgroup.c
@@ -206,7 +206,7 @@ static struct tevent_req *setnetgrent_send(TALLOC_CTX *mem_ctx,
state->netgr_shortname, domname?domname:"<ALL>"));
if (domname) {
- dctx->domain = responder_get_domain(client->rctx->domains, domname);
+ dctx->domain = responder_get_domain(dctx, client->rctx, domname);
if (!dctx->domain) {
ret = EINVAL;
goto error;
diff --git a/src/responder/nss/nsssrv_services.c b/src/responder/nss/nsssrv_services.c
index b5eae4fce..2e539f135 100644
--- a/src/responder/nss/nsssrv_services.c
+++ b/src/responder/nss/nsssrv_services.c
@@ -839,7 +839,7 @@ int nss_cmd_getservbyname(struct cli_ctx *cctx)
domname ? domname : "<ALL>"));
if (domname) {
- dctx->domain = responder_get_domain(cctx->rctx->domains, domname);
+ dctx->domain = responder_get_domain(dctx, cctx->rctx, domname);
if (!dctx->domain) {
ret = ENOENT;
goto done;
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index fdb232940..ecbf7d9a5 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -172,7 +172,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
}
ret = sss_ncache_prepopulate(pctx->ncache, cdb, pctx->rctx->names,
- pctx->rctx->domains);
+ pctx->rctx);
if (ret != EOK) {
goto done;
}
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 1fdcc5b5c..7d6d213dc 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -942,7 +942,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
/* now check user is valid */
if (pd->domain) {
- preq->domain = responder_get_domain(cctx->rctx->domains, pd->domain);
+ preq->domain = responder_get_domain(preq, cctx->rctx, pd->domain);
if (!preq->domain) {
ret = ENOENT;
goto done;
diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c
index 149137070..91b888ef4 100644
--- a/src/responder/ssh/sshsrv_cmd.c
+++ b/src/responder/ssh/sshsrv_cmd.c
@@ -67,7 +67,7 @@ sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx)
cmd_ctx->name, cmd_ctx->domname ? cmd_ctx->domname : "<ALL>"));
if (cmd_ctx->domname) {
- cmd_ctx->domain = responder_get_domain(cctx->rctx->domains,
+ cmd_ctx->domain = responder_get_domain(cmd_ctx, cctx->rctx,
cmd_ctx->domname);
if (!cmd_ctx->domain) {
ret = ENOENT;
@@ -111,7 +111,7 @@ sss_ssh_cmd_get_host_pubkeys(struct cli_ctx *cctx)
cmd_ctx->domname ? cmd_ctx->domname : "<ALL>"));
if (cmd_ctx->domname) {
- cmd_ctx->domain = responder_get_domain(cctx->rctx->domains,
+ cmd_ctx->domain = responder_get_domain(cmd_ctx, cctx->rctx,
cmd_ctx->domname);
if (!cmd_ctx->domain) {
ret = ENOENT;
diff --git a/src/responder/sudo/sudosrv_cmd.c b/src/responder/sudo/sudosrv_cmd.c
index e3dd38422..0f31df15a 100644
--- a/src/responder/sudo/sudosrv_cmd.c
+++ b/src/responder/sudo/sudosrv_cmd.c
@@ -226,7 +226,7 @@ static int sudosrv_cmd_get_sudorules(struct cli_ctx *cli_ctx)
cmd_ctx->username, domname ? domname : "<ALL>"));
if (domname) {
- dctx->domain = responder_get_domain(cli_ctx->rctx->domains, domname);
+ dctx->domain = responder_get_domain(dctx, cli_ctx->rctx, domname);
if (!dctx->domain) {
ret = ENOENT;
goto done;