diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/db/sysdb.h | 1 | ||||
-rw-r--r-- | src/db/sysdb_ops.c | 3 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_common.c | 1 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_private.h | 1 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_users.c | 4 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id_cleanup.c | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 16 | ||||
-rw-r--r-- | src/providers/ldap/sdap_reinit.c | 23 | ||||
-rw-r--r-- | src/tools/sss_cache.c | 3 |
9 files changed, 35 insertions, 19 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 96f329271..e180b6827 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -755,6 +755,7 @@ int sysdb_asq_search(TALLOC_CTX *mem_ctx, int sysdb_search_users(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 6b5a1c40d..4a0ed57b2 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2346,6 +2346,7 @@ fail: int sysdb_search_users(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, @@ -2362,7 +2363,7 @@ int sysdb_search_users(TALLOC_CTX *mem_ctx, } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, - SYSDB_TMPL_USER_BASE, sysdb->domain->name); + SYSDB_TMPL_USER_BASE, domain->name); if (!basedn) { DEBUG(2, ("Failed to build base dn\n")); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index a4a411ca3..5cc96c4bb 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -314,6 +314,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the users */ ret = hbac_user_attrs_to_rule(new_rule, hbac_ctx_sysdb(hbac_ctx), + hbac_ctx->be_req->domain, new_rule->name, hbac_ctx->rules[idx], &new_rule->users); diff --git a/src/providers/ipa/ipa_hbac_private.h b/src/providers/ipa/ipa_hbac_private.h index 4f2991609..b0a3dd633 100644 --- a/src/providers/ipa/ipa_hbac_private.h +++ b/src/providers/ipa/ipa_hbac_private.h @@ -147,6 +147,7 @@ get_ipa_servicegroupname(TALLOC_CTX *mem_ctx, errno_t hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **users); diff --git a/src/providers/ipa/ipa_hbac_users.c b/src/providers/ipa/ipa_hbac_users.c index e25de6ad0..7b59c321b 100644 --- a/src/providers/ipa/ipa_hbac_users.c +++ b/src/providers/ipa/ipa_hbac_users.c @@ -149,6 +149,7 @@ done: errno_t hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **users) @@ -231,7 +232,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, } /* First check if this is a user */ - ret = sysdb_search_users(tmp_ctx, sysdb, filter, attrs, &count, &msgs); + ret = sysdb_search_users(tmp_ctx, sysdb, domain, + filter, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; if (ret == EOK && count == 0) { ret = ENOENT; diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c index 9c2faabb2..6e138b31b 100644 --- a/src/providers/ldap/ldap_id_cleanup.c +++ b/src/providers/ldap/ldap_id_cleanup.c @@ -290,7 +290,7 @@ static int cleanup_users(TALLOC_CTX *memctx, struct sdap_id_ctx *ctx) goto done; } - ret = sysdb_search_users(tmpctx, sysdb, + ret = sysdb_search_users(tmpctx, sysdb, ctx->be->domain, subfilter, attrs, &count, &msgs); if (ret) { if (ret == ENOENT) { diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 4fdacae66..fde83ee81 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -94,6 +94,7 @@ done: static errno_t sdap_get_members_with_primary_gid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, gid_t gid, char ***_localdn, size_t *_ndn) { static const char *search_attrs[] = { SYSDB_NAME, NULL }; @@ -113,7 +114,7 @@ sdap_get_members_with_primary_gid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, return ENOMEM; } - ret = sysdb_search_users(mem_ctx, sysdb, filter, + ret = sysdb_search_users(mem_ctx, sysdb, domain, filter, search_attrs, &count, &msgs); talloc_free(filter); if (ret == ENOENT) { @@ -148,7 +149,8 @@ sdap_get_members_with_primary_gid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, static errno_t sdap_dn_by_primary_gid(TALLOC_CTX *mem_ctx, struct sysdb_attrs *ldap_attrs, - struct sysdb_ctx *sysdb, struct sdap_options *opts, + struct sysdb_ctx *sysdb, struct sss_domain_info *domain, + struct sdap_options *opts, char ***_dn_list, size_t *_count) { gid_t gid; @@ -166,7 +168,7 @@ sdap_dn_by_primary_gid(TALLOC_CTX *mem_ctx, struct sysdb_attrs *ldap_attrs, return ret; } - ret = sdap_get_members_with_primary_gid(mem_ctx, sysdb, gid, + ret = sdap_get_members_with_primary_gid(mem_ctx, sysdb, domain, gid, _dn_list, _count); if (ret) return ret; @@ -660,7 +662,7 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, * are reported with tokenGroups, too */ if (opts->schema_type == SDAP_SCHEMA_AD) { - ret = sdap_dn_by_primary_gid(memctx, attrs, ctx, opts, + ret = sdap_dn_by_primary_gid(memctx, attrs, ctx, dom, opts, &userdns, &nuserdns); if (ret != EOK) { goto fail; @@ -1201,7 +1203,7 @@ sdap_process_missing_member_2307(struct sdap_process_group_state *state, goto done; } - ret = sysdb_search_users(tmp_ctx, state->sysdb, filter, + ret = sysdb_search_users(tmp_ctx, state->sysdb, state->dom, filter, attrs, &count, &msgs); if (ret == EOK && count > 0) { /* Entry exists but the group references it with an alias. */ @@ -2147,7 +2149,7 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } - ret = sysdb_search_users(tmp_ctx, sysdb, filter, + ret = sysdb_search_users(tmp_ctx, sysdb, domain, filter, search_attrs, &count, &msgs); talloc_zfree(filter); talloc_zfree(clean_orig_dn); @@ -2981,7 +2983,7 @@ sdap_nested_group_check_cache(TALLOC_CTX *mem_ctx, } /* Try users first */ - ret = sysdb_search_users(tmp_ctx, sysdb, filter, attrs, &count, &msgs); + ret = sysdb_search_users(tmp_ctx, sysdb, dom, filter, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) { ret = EIO; goto fail; diff --git a/src/providers/ldap/sdap_reinit.c b/src/providers/ldap/sdap_reinit.c index 4c75f6c36..cc836ae53 100644 --- a/src/providers/ldap/sdap_reinit.c +++ b/src/providers/ldap/sdap_reinit.c @@ -29,12 +29,15 @@ #include "db/sysdb_services.h" struct sdap_reinit_cleanup_state { + struct sss_domain_info *domain; struct sysdb_ctx *sysdb; }; -static errno_t sdap_reinit_clear_usn(struct sysdb_ctx *sysdb); +static errno_t sdap_reinit_clear_usn(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain); static void sdap_reinit_cleanup_done(struct tevent_req *subreq); -static errno_t sdap_reinit_delete_records(struct sysdb_ctx *sysdb); +static errno_t sdap_reinit_delete_records(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain); struct tevent_req* sdap_reinit_cleanup_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, @@ -61,6 +64,7 @@ struct tevent_req* sdap_reinit_cleanup_send(TALLOC_CTX *mem_ctx, } state->sysdb = be_ctx->domain->sysdb; + state->domain = be_ctx->domain; if (!be_ctx->domain->enumerate) { /* enumeration is disabled, this whole process is meaningless */ @@ -68,7 +72,7 @@ struct tevent_req* sdap_reinit_cleanup_send(TALLOC_CTX *mem_ctx, goto immediately; } - ret = sdap_reinit_clear_usn(state->sysdb); + ret = sdap_reinit_clear_usn(state->sysdb, state->domain); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to clear USN attributes [%d]: %s\n", ret, strerror(ret))); @@ -115,7 +119,8 @@ static void sdap_delete_msgs_usn(struct sysdb_ctx *sysdb, } } -static errno_t sdap_reinit_clear_usn(struct sysdb_ctx *sysdb) +static errno_t sdap_reinit_clear_usn(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain) { TALLOC_CTX *tmp_ctx = NULL; bool in_transaction = false; @@ -138,7 +143,8 @@ static errno_t sdap_reinit_clear_usn(struct sysdb_ctx *sysdb) in_transaction = true; /* reset users' usn */ - ret = sysdb_search_users(tmp_ctx, sysdb, "", attrs, &msgs_num, &msgs); + ret = sysdb_search_users(tmp_ctx, sysdb, domain, + "", attrs, &msgs_num, &msgs); if (ret != EOK) { goto done; } @@ -211,7 +217,7 @@ static void sdap_reinit_cleanup_done(struct tevent_req *subreq) /* This error is non-fatal, so continue */ } - ret = sdap_reinit_delete_records(state->sysdb); + ret = sdap_reinit_delete_records(state->sysdb, state->domain); if (ret != EOK) { goto fail; } @@ -239,7 +245,8 @@ static void sdap_delete_msgs_dn(struct sysdb_ctx *sysdb, } } -static errno_t sdap_reinit_delete_records(struct sysdb_ctx *sysdb) +static errno_t sdap_reinit_delete_records(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain) { TALLOC_CTX *tmp_ctx = NULL; bool in_transaction = false; @@ -262,7 +269,7 @@ static errno_t sdap_reinit_delete_records(struct sysdb_ctx *sysdb) in_transaction = true; /* purge untouched users */ - ret = sysdb_search_users(tmp_ctx, sysdb, "(!("SYSDB_USN"=*))", + ret = sysdb_search_users(tmp_ctx, sysdb, domain, "(!("SYSDB_USN"=*))", attrs, &msgs_num, &msgs); if (ret != EOK) { goto done; diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c index 9c08b9a2a..0c6112cca 100644 --- a/src/tools/sss_cache.c +++ b/src/tools/sss_cache.c @@ -292,7 +292,8 @@ static bool invalidate_entries(TALLOC_CTX *ctx, switch (entry_type) { case TYPE_USER: type_string = "user"; - ret = sysdb_search_users(ctx, sysdb, filter, attrs, &msg_count, &msgs); + ret = sysdb_search_users(ctx, sysdb, dinfo, + filter, attrs, &msg_count, &msgs); break; case TYPE_GROUP: type_string = "group"; |