diff options
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/ipa/ipa_auth.c | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_hbac_common.c | 9 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_selinux.c | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async.h | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 32 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 14 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_private.h | 1 | ||||
| -rw-r--r-- | src/providers/proxy/proxy_id.c | 8 | ||||
| -rw-r--r-- | src/providers/simple/simple_access.c | 2 |
10 files changed, 50 insertions, 23 deletions
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index ee15afa5c..b409542d6 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -358,6 +358,7 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) attrs[1] = NULL; ret = sysdb_search_user_by_name(state, state->be_req->be_ctx->sysdb, + state->be_req->be_ctx->domain, state->pd->user, attrs, &user_msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_name failed.\n")); diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 73789bd1e..9ccab7846 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -410,6 +410,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *username, struct hbac_request_element **user_element); @@ -462,10 +463,10 @@ hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - ret = hbac_eval_user_element(eval_req, user_dom->sysdb, + ret = hbac_eval_user_element(eval_req, user_dom->sysdb, user_dom, pd->user, &eval_req->user); } else { - ret = hbac_eval_user_element(eval_req, sysdb, + ret = hbac_eval_user_element(eval_req, sysdb, domain, pd->user, &eval_req->user); } if (ret != EOK) goto done; @@ -515,6 +516,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *username, struct hbac_request_element **user_element) { @@ -543,7 +545,8 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, * This will give us the list of both POSIX and * non-POSIX groups that this user belongs to. */ - ret = sysdb_search_user_by_name(tmp_ctx, sysdb, users->name, attrs, &msg); + ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, + users->name, attrs, &msg); if (ret != EOK) { DEBUG(1, ("Could not determine user memberships for [%s]\n", users->name)); diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 7a6156776..744dc46c2 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -141,7 +141,7 @@ ipa_selinux_create_op_ctx(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, } op_ctx->be_req = be_req; - ret = sss_selinux_extract_user(op_ctx, sysdb, username, &op_ctx->user); + ret = sss_selinux_extract_user(op_ctx, sysdb, domain, username, &op_ctx->user); if (ret != EOK) { goto fail; } diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index c5dc17037..69590b9ed 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -268,6 +268,7 @@ sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, @@ -282,6 +283,7 @@ sdap_get_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index fe540e8c3..c4957fb1f 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1262,7 +1262,7 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state, /* We need to skip over zero-length usernames */ if (member_name[0] == '\0') continue; - ret = sysdb_search_user_by_name(state, state->sysdb, + ret = sysdb_search_user_by_name(state, state->sysdb, state->dom, member_name, NULL, &msg); if (ret == EOK) { /* diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 66be76e66..ad794b8d3 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -300,6 +300,7 @@ done: struct sdap_initgr_rfc2307_state { struct tevent_context *ev; struct sysdb_ctx *sysdb; + struct sss_domain_info *domain; struct sdap_options *opts; struct sdap_handle *sh; const char **attrs; @@ -324,6 +325,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sdap_handle *sh, const char *name) { @@ -339,6 +341,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, state->ev = ev; state->opts = opts; state->sysdb = sysdb; + state->domain = domain; state->sh = sh; state->op = NULL; state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); @@ -502,8 +505,8 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq) } /* Search for all groups for which this user is a member */ - ret = get_sysdb_grouplist(state, state->sysdb, state->name, - &sysdb_grouplist); + ret = get_sysdb_grouplist(state, state->sysdb, state->domain, + state->name, &sysdb_grouplist); if (ret != EOK) { tevent_req_error(req, ret); return; @@ -2712,7 +2715,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) switch (state->opts->schema_type) { case SDAP_SCHEMA_RFC2307: subreq = sdap_initgr_rfc2307_send(state, state->ev, state->opts, - state->sysdb, state->sh, + state->sysdb, state->dom, state->sh, cname); if (!subreq) { tevent_req_error(req, ENOMEM); @@ -2736,18 +2739,26 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) /* Take advantage of AD's tokenGroups mechanism to look up all * parent groups in a single request. */ - subreq = sdap_get_ad_tokengroups_initgroups_send( - state, state->ev, state->opts, state->sysdb, - state->sh, cname, orig_dn, state->timeout); + subreq = sdap_get_ad_tokengroups_initgroups_send(state, state->ev, + state->opts, + state->sysdb, + state->dom, + state->sh, + cname, orig_dn, + state->timeout); } else if (state->opts->support_matching_rule && dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_INITGROUPS)) { /* Take advantage of AD's extensibleMatch filter to look up * all parent groups in a single request. */ - subreq = sdap_get_ad_match_rule_initgroups_send( - state, state->ev, state->opts, state->sysdb, - state->sh, cname, orig_dn, state->timeout); + subreq = sdap_get_ad_match_rule_initgroups_send(state, state->ev, + state->opts, + state->sysdb, + state->dom, + state->sh, + cname, orig_dn, + state->timeout); } else { subreq = sdap_initgr_rfc2307bis_send( state, state->ev, state->opts, state->sysdb, @@ -2965,6 +2976,7 @@ int sdap_get_initgr_recv(struct tevent_req *req) errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name, char ***grouplist) { @@ -2982,7 +2994,7 @@ errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; - ret = sysdb_search_user_by_name(tmp_ctx, sysdb, name, + ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, name, attrs, &msg); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 8c0e7062b..9b1acd6a8 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -31,6 +31,7 @@ struct sdap_ad_match_rule_initgr_state { struct tevent_context *ev; struct sdap_options *opts; struct sysdb_ctx *sysdb; + struct sss_domain_info *domain; struct sdap_handle *sh; const char *name; const char *orig_dn; @@ -57,6 +58,7 @@ sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, @@ -75,6 +77,7 @@ sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx, state->ev = ev; state->opts = opts; state->sysdb = sysdb; + state->domain = domain; state->sh = sh; state->name = name; state->orig_dn = orig_dn; @@ -252,8 +255,8 @@ sdap_get_ad_match_rule_initgroups_step(struct tevent_req *subreq) /* Get the current sysdb group list for this user * so we can update it. */ - ret = get_sysdb_grouplist(state, state->sysdb, state->name, - &sysdb_grouplist); + ret = get_sysdb_grouplist(state, state->sysdb, state->domain, + state->name, &sysdb_grouplist); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not get the list of groups for [%s] in the sysdb: " @@ -297,6 +300,7 @@ struct sdap_ad_tokengroups_initgr_state { struct tevent_context *ev; struct sdap_options *opts; struct sysdb_ctx *sysdb; + struct sss_domain_info *domain; struct sdap_handle *sh; const char *username; }; @@ -309,6 +313,7 @@ sdap_get_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, @@ -326,6 +331,7 @@ sdap_get_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, state->ev = ev; state->opts = opts; state->sysdb = sysdb; + state->domain = domain; state->sh = sh; state->username = name; @@ -515,8 +521,8 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) /* Get the current sysdb group list for this user * so we can update it. */ - ret = get_sysdb_grouplist(state, state->sysdb, state->username, - &sysdb_grouplist); + ret = get_sysdb_grouplist(state, state->sysdb, state->domain, + state->username, &sysdb_grouplist); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not get the list of groups for [%s] in the sysdb: " diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h index c0faab50e..871cce4e4 100644 --- a/src/providers/ldap/sdap_async_private.h +++ b/src/providers/ldap/sdap_async_private.h @@ -116,6 +116,7 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name, char ***grouplist); #endif /* _SDAP_ASYNC_PRIVATE_H_ */ diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index 76f279551..574494171 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -515,6 +515,7 @@ done: static errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sysdb_attrs *group_attrs, struct group *grp, time_t now); @@ -561,7 +562,7 @@ static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom, } /* Create ghost users */ - ret = proxy_process_missing_users(sysdb, attrs, grp, now); + ret = proxy_process_missing_users(sysdb, dom, attrs, grp, now); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add missing members\n")); goto done; @@ -642,6 +643,7 @@ done: } static errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sysdb_attrs *group_attrs, struct group *grp, time_t now) @@ -657,8 +659,8 @@ static errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb, if (!tmp_ctx) return ENOMEM; for (i = 0; grp->gr_mem[i]; i++) { - ret = sysdb_search_user_by_name(tmp_ctx, sysdb, grp->gr_mem[i], - NULL, &msg); + ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, + grp->gr_mem[i], NULL, &msg); if (ret == EOK) { /* Member already exists in the cache */ DEBUG(SSSDBG_TRACE_INTERNAL, diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c index 70d1f0728..05388af49 100644 --- a/src/providers/simple/simple_access.c +++ b/src/providers/simple/simple_access.c @@ -107,7 +107,7 @@ errno_t simple_access_check(struct simple_ctx *ctx, const char *username, goto done; } - ret = sysdb_search_user_by_name(tmp_ctx, ctx->sysdb, + ret = sysdb_search_user_by_name(tmp_ctx, ctx->sysdb, ctx->domain, username, user_attrs, &msg); if (ret != EOK) { DEBUG(1, ("Could not look up username [%s]: [%d][%s]\n", |