diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-04-19 11:54:14 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-02 19:33:56 +0200 |
| commit | 498dcbdfdfffa1aee65d53e83c7eafd5e3b084a5 (patch) | |
| tree | d8713f11a64febeec3704a250f90e0a8dadeac1b | |
| parent | f427b36b0cecc426856ab3f77a9c684ac355659d (diff) | |
| download | sssd2-498dcbdfdfffa1aee65d53e83c7eafd5e3b084a5.tar.gz sssd2-498dcbdfdfffa1aee65d53e83c7eafd5e3b084a5.tar.xz sssd2-498dcbdfdfffa1aee65d53e83c7eafd5e3b084a5.zip | |
Add responder_get_domain_by_id()
This new call is similar to responder_get_domain() but uses the domain
SID as search parameter. Since the length of the stored domain SID is
used in the comparison, SIDs of users and groups and be used directly
without stripping the RID component.
The functionality is not merged into responder_get_domain() to allow to
calculate the timeout correctly and return a specific error code if the
entry is expired.
| -rw-r--r-- | src/responder/common/responder.h | 3 | ||||
| -rw-r--r-- | src/responder/common/responder_common.c | 49 |
2 files changed, 52 insertions, 0 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 9c540412..68b4ebb2 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -171,6 +171,9 @@ int sss_dp_get_domain_conn(struct resp_ctx *rctx, const char *domain, struct sss_domain_info * responder_get_domain(struct resp_ctx *rctx, const char *domain); +errno_t responder_get_domain_by_id(struct resp_ctx *rctx, const char *id, + struct sss_domain_info **_ret_dom); + /* responder_cmd.c */ int sss_cmd_empty_packet(struct sss_packet *packet); int sss_cmd_send_empty(struct cli_ctx *cctx, TALLOC_CTX *freectx); diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 008d622d..54701d6f 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -923,6 +923,55 @@ responder_get_domain(struct resp_ctx *rctx, const char *name) return ret_dom; } +errno_t responder_get_domain_by_id(struct resp_ctx *rctx, const char *id, + struct sss_domain_info **_ret_dom) +{ + struct sss_domain_info *dom; + struct sss_domain_info *ret_dom = NULL; + size_t id_len; + size_t dom_id_len; + int ret; + + if (id == NULL || _ret_dom == NULL) { + return EINVAL; + } + + id_len = strlen(id); + + for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) { + if (dom->disabled || dom->domain_id == NULL) { + continue; + } + + dom_id_len = strlen(dom->domain_id); + if ((id_len >= dom_id_len) && + strncasecmp(dom->domain_id, id, dom_id_len) == 0) { + if (IS_SUBDOMAIN(dom) && + ((time(NULL) - dom->parent->subdomains_last_checked.tv_sec) > + rctx->domains_timeout)) { + DEBUG(SSSDBG_TRACE_FUNC, ("Domain entry with id [%s] " \ + "is expired.\n", id)); + ret = EAGAIN; + goto done; + } + ret_dom = dom; + break; + } + } + + if (ret_dom == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("Unknown domain id [%s], checking for" + "possible subdomains!\n", id)); + ret = ENOENT; + } else { + *_ret_dom = ret_dom; + ret = EOK; + } + +done: + return ret; +} + int responder_logrotate(DBusMessage *message, struct sbus_connection *conn) { |