summaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-04-07 19:25:48 -0400
committerSimo Sorce <ssorce@redhat.com>2009-04-08 10:55:03 -0400
commit6b5d45693f01eec55128eb3508266cda73071d93 (patch)
treec51ca00f2fb243e5eaf06128e8092583fba1bd8c /server
parente8a7526b06acf4af322fdab593c8bafbd9f4a103 (diff)
downloadsssd2-6b5d45693f01eec55128eb3508266cda73071d93.tar.gz
sssd2-6b5d45693f01eec55128eb3508266cda73071d93.tar.xz
sssd2-6b5d45693f01eec55128eb3508266cda73071d93.zip
Change the way we retrieve domains
To be able to correctly filter out duplicate names when multiple non-fully qualified domains are in use we need to be able to specify the domains order. This is now accomplished by the configuration paramets 'domains' in the config/domains entry. 'domains' is a comma separated list of domain names. This paramter allows also to have disbaled domains in the configuration without requiring to completely delete them. The domains list is now kept in a linked list of sss_domain_info objects. The first domain is also the "default" domain.
Diffstat (limited to 'server')
-rw-r--r--server/confdb/confdb.c144
-rw-r--r--server/confdb/confdb.h10
-rw-r--r--server/examples/config.ldif1
-rw-r--r--server/infopipe/infopipe.c24
-rw-r--r--server/infopipe/infopipe_groups.c21
-rw-r--r--server/infopipe/infopipe_private.h2
-rw-r--r--server/infopipe/infopipe_users.c35
-rw-r--r--server/monitor/monitor.c21
-rw-r--r--server/responder/common/responder.h3
-rw-r--r--server/responder/common/responder_common.c36
-rw-r--r--server/responder/nss/nsssrv.c32
-rw-r--r--server/responder/nss/nsssrv_cmd.c232
-rw-r--r--server/responder/pam/pam_LOCAL_domain.c5
-rw-r--r--server/responder/pam/pam_LOCAL_domain.h2
-rw-r--r--server/responder/pam/pamsrv_cmd.c29
-rw-r--r--server/tools/sss_groupadd.c9
-rw-r--r--server/tools/sss_groupdel.c12
-rw-r--r--server/tools/sss_groupmod.c11
-rw-r--r--server/tools/sss_useradd.c10
-rw-r--r--server/tools/sss_userdel.c11
-rw-r--r--server/tools/sss_usermod.c12
-rw-r--r--server/tools/tools_util.h2
22 files changed, 273 insertions, 391 deletions
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index 0c46100b..88700e30 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -640,58 +640,86 @@ int confdb_init(TALLOC_CTX *mem_ctx,
return EOK;
}
-/* domain names are case insensitive for now
- * NOTE: this function is not utf-8 safe,
- * only ASCII names for now */
-static int _domain_comparator(const void *key1, const void *key2)
-{
- int ret;
-
- ret = strcasecmp((const char *)key1, (const char *)key2);
- if (ret) {
- /* special case LOCAL to be always the first domain */
- if (strcmp(key1, "LOCAL") == 0) return -1;
- if (strcmp(key2, "LOCAL") == 0) return 1;
- }
- return ret;
-}
-
int confdb_get_domains(struct confdb_ctx *cdb,
TALLOC_CTX *mem_ctx,
- struct btreemap **domains)
+ struct sss_domain_info **domains)
{
TALLOC_CTX *tmp_ctx;
struct ldb_dn *dn;
struct ldb_result *res;
- struct btreemap *domain_map;
- struct sss_domain_info *domain;
+ struct sss_domain_info *domain, *prevdom;
+ struct sss_domain_info *first = NULL;
+ const char *attrs[] = { "domains", NULL };
const char *tmp;
- int ret, i;
+ char *cur, *p, *t;
+ int ret;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) return ENOMEM;
- dn = ldb_dn_new(tmp_ctx,cdb->ldb, CONFDB_DOMAIN_BASEDN);
+ dn = ldb_dn_new(tmp_ctx, cdb->ldb, CONFDB_DOMAIN_BASEDN);
if (!dn) {
ret = EIO;
goto done;
}
ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn,
- LDB_SCOPE_ONELEVEL, NULL, NULL);
+ LDB_SCOPE_BASE, attrs, NULL);
if (ret != LDB_SUCCESS) {
ret = EIO;
goto done;
}
- domain_map = NULL;
- for(i = 0; i < res->count; i++) {
- /* allocate the domain on the tmp_ctx. It will be stolen
- * by btreemap_set_value
- */
+ if (res->count != 1) {
+ ret = EFAULT;
+ goto done;
+ }
+
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0], "domains", NULL);
+ if (!tmp) {
+ DEBUG(0, ("No domains configured, fatal error!\n"));
+ ret = EINVAL;
+ goto done;
+ }
+ cur = p = talloc_strdup(tmp_ctx, tmp);
+
+ while (p && *p) {
+
+ for (cur = p; (*cur == ' ' || *cur == '\t'); cur++) /* trim */ ;
+ if (!*cur) break;
+
+ p = strchr(cur, ',');
+ if (p) {
+ /* terminate element */
+ *p = '\0';
+ /* trim spaces */
+ for (t = p-1; (*t == ' ' || *t == '\t'); t--) *t = '\0';
+ p++;
+ }
+
+ dn = ldb_dn_new_fmt(tmp_ctx, cdb->ldb,
+ "cn=%s,%s", cur, CONFDB_DOMAIN_BASEDN);
+ if (!dn) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn,
+ LDB_SCOPE_BASE, NULL, NULL);
+ if (ret != LDB_SUCCESS) {
+ ret = EIO;
+ goto done;
+ }
+
+ if (res->count != 1) {
+ DEBUG(0, ("Unknown domain [%s]\n", cur));
+ ret = EINVAL;
+ goto done;
+ }
+
domain = talloc_zero(mem_ctx, struct sss_domain_info);
- tmp = ldb_msg_find_attr_as_string(res->msgs[i], "cn", NULL);
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0], "cn", NULL);
if (!tmp) {
DEBUG(0, ("Invalid configuration entry, fatal error!\n"));
ret = EINVAL;
@@ -703,7 +731,7 @@ int confdb_get_domains(struct confdb_ctx *cdb,
goto done;
}
- tmp = ldb_msg_find_attr_as_string(res->msgs[i], "provider", NULL);
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0], "provider", NULL);
if (tmp) {
domain->provider = talloc_strdup(domain, tmp);
if (!domain->provider) {
@@ -712,82 +740,54 @@ int confdb_get_domains(struct confdb_ctx *cdb,
}
}
- domain->timeout = ldb_msg_find_attr_as_int(res->msgs[i],
+ domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0],
"timeout", 0);
/* Determine if this domain can be enumerated */
- domain->enumerate = ldb_msg_find_attr_as_int(res->msgs[i],
+ domain->enumerate = ldb_msg_find_attr_as_int(res->msgs[0],
"enumerate", 0);
if (domain->enumerate == 0) {
DEBUG(1, ("No enumeration for [%s]!\n", domain->name));
}
/* Determine if this is a legacy domain */
- if (ldb_msg_find_attr_as_bool(res->msgs[i], "legacy", 0)) {
+ if (ldb_msg_find_attr_as_bool(res->msgs[0], "legacy", 0)) {
domain->legacy = true;
}
/* Determine if this is domain uses MPG */
- if (ldb_msg_find_attr_as_bool(res->msgs[i], CONFDB_MPG, 0)) {
+ if (ldb_msg_find_attr_as_bool(res->msgs[0], CONFDB_MPG, 0)) {
domain->mpg = true;
}
/* Determine if user/group names will be Fully Qualified
* in NSS interfaces */
- if (ldb_msg_find_attr_as_bool(res->msgs[i], CONFDB_FQ, 0)) {
+ if (ldb_msg_find_attr_as_bool(res->msgs[0], CONFDB_FQ, 0)) {
domain->fqnames = true;
}
-
- domain->id_min = ldb_msg_find_attr_as_uint(res->msgs[i],
+ domain->id_min = ldb_msg_find_attr_as_uint(res->msgs[0],
"minId", SSSD_MIN_ID);
- domain->id_max = ldb_msg_find_attr_as_uint(res->msgs[i],
+ domain->id_max = ldb_msg_find_attr_as_uint(res->msgs[0],
"maxId", 0);
- ret = btreemap_set_value(mem_ctx, &domain_map,
- domain->name, domain,
- _domain_comparator);
- if (ret != EOK) {
- DEBUG(1, ("Failed to store domain info for [%s]!\n", domain->name));
- talloc_free(domain_map);
- goto done;
+ if (first == NULL) {
+ first = domain;
+ prevdom = first;
+ } else {
+ prevdom->next = domain;
+ prevdom = domain;
}
}
- if (domain_map == NULL) {
+ if (first == NULL) {
DEBUG(0, ("No domains configured, fatal error!\n"));
ret = EINVAL;
}
- *domains = domain_map;
+ *domains = first;
done:
talloc_free(tmp_ctx);
return ret;
}
-
-int confdb_get_domains_list(struct confdb_ctx *cdb,
- TALLOC_CTX *mem_ctx,
- struct btreemap **domain_map,
- const char ***domain_names,
- int *count)
-{
- const void **names;
- int num;
- int ret;
-
- if (*domain_map == NULL) {
- ret = confdb_get_domains(cdb, mem_ctx, domain_map);
- if (ret != EOK) return ret;
- }
-
- ret = btreemap_get_keys(mem_ctx, *domain_map, &names, &num);
- if (ret != EOK) {
- DEBUG(0, ("Couldn't get domain list\n"));
- return ret;
- }
-
- *domain_names = (const char **)names;
- *count = num;
- return EOK;
-}
diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h
index 6d385443..b366d60d 100644
--- a/server/confdb/confdb.h
+++ b/server/confdb/confdb.h
@@ -40,6 +40,8 @@ struct sss_domain_info {
bool mpg;
uint32_t id_min;
uint32_t id_max;
+
+ struct sss_domain_info *next;
};
struct confdb_ctx;
@@ -76,12 +78,6 @@ int confdb_init(TALLOC_CTX *mem_ctx,
int confdb_get_domains(struct confdb_ctx *cdb,
TALLOC_CTX *mem_ctx,
- struct btreemap **domains);
-
-int confdb_get_domains_list(struct confdb_ctx *cdb,
- TALLOC_CTX *mem_ctx,
- struct btreemap **domain_map,
- const char ***domain_names,
- int *count);
+ struct sss_domain_info **domains);
#endif
diff --git a/server/examples/config.ldif b/server/examples/config.ldif
index 6101f085..b9eb3340 100644
--- a/server/examples/config.ldif
+++ b/server/examples/config.ldif
@@ -41,6 +41,7 @@ description: InfoPipe Configuration
dn: cn=domains,cn=config
cn: domains
description: Domains served by SSSD
+domains: LOCAL, EXAMPLE.COM, TEST
dn: cn=LOCAL,cn=domains,cn=config
cn: LOCAL
diff --git a/server/infopipe/infopipe.c b/server/infopipe/infopipe.c
index 535d41e3..72998301 100644
--- a/server/infopipe/infopipe.c
+++ b/server/infopipe/infopipe.c
@@ -36,8 +36,6 @@
#define INFP_CONF_ENTRY "config/services/info"
-struct infp_ctx;
-
static int service_identity(DBusMessage *message, struct sbus_conn_ctx *sconn)
{
dbus_uint16_t version = INFOPIPE_VERSION;
@@ -366,23 +364,13 @@ static int infp_process_init(TALLOC_CTX *mem_ctx,
}
/* Read in the domain map */
- ret = confdb_get_domains(cdb, infp_ctx, &infp_ctx->domain_map);
+ ret = confdb_get_domains(cdb, infp_ctx, &infp_ctx->domains);
if (ret != EOK) {
DEBUG(0, ("Failed to populate the domain map\n"));
talloc_free(infp_ctx);
return EIO;
}
- if (infp_ctx->domain_map == NULL) {
- /* No domains configured!
- * Note: this should never happen, since LOCAL
- * should always be configured
- */
- DEBUG(0, ("No domains configured on this client!\n"));
- talloc_free(infp_ctx);
- return EIO;
- }
-
infp_ctx->cache_timeout = 600; /* FIXME: read from confdb */
/* Add the infp_ctx to the sbus_conn_ctx private data
@@ -482,9 +470,15 @@ bool infp_get_permissions(const char *caller,
return false;
}
-struct sss_domain_info *infp_get_domain_obj(struct infp_ctx *infp, const char *domain_name)
+struct sss_domain_info *infp_get_domain_obj(struct infp_ctx *infp,
+ const char *domain_name)
{
- return talloc_get_type(btreemap_get_value(infp->domain_map, (const void *) domain_name), struct sss_domain_info);
+ struct sss_domain_info *dom;
+
+ for (dom = infp->domains; dom; dom = dom->next) {
+ if (strcasecmp(dom->name, domain_name) == 0) break;
+ }
+ return dom;
}
/* CheckPermissions(STRING domain, STRING object, STRING instance
diff --git a/server/infopipe/infopipe_groups.c b/server/infopipe/infopipe_groups.c
index 4b2c881c..34e78958 100644
--- a/server/infopipe/infopipe_groups.c
+++ b/server/infopipe/infopipe_groups.c
@@ -150,9 +150,8 @@ int infp_groups_create(DBusMessage *message, struct sbus_conn_ctx *sconn)
}
grcreate_req->infp_req->domain =
- btreemap_get_value(grcreate_req->infp_req->infp->domain_map,
- (const void *)arg_domain);
- if(grcreate_req->infp_req->domain == NULL) {
+ infp_get_domain_obj(grcreate_req->infp_req->infp, arg_domain);
+ if (grcreate_req->infp_req->domain == NULL) {
einval_msg = talloc_strdup(grcreate_req, "Invalid domain.");
goto einval;
}
@@ -319,9 +318,8 @@ int infp_groups_delete(DBusMessage *message, struct sbus_conn_ctx *sconn)
}
grdel_req->infp_req->domain =
- btreemap_get_value(grdel_req->infp_req->infp->domain_map,
- (const void *)arg_domain);
- if(grdel_req->infp_req->domain == NULL) {
+ infp_get_domain_obj(grdel_req->infp_req->infp, arg_domain);
+ if (grdel_req->infp_req->domain == NULL) {
einval_msg = talloc_strdup(grdel_req, "Invalid domain.");
goto einval;
}
@@ -546,10 +544,9 @@ static int infp_groups_modify_members(DBusMessage *message,
}
grmod_req->infp_req->domain =
- btreemap_get_value(grmod_req->infp_req->infp->domain_map,
- (const void *)arg_domain);
+ infp_get_domain_obj(grmod_req->infp_req->infp, arg_domain);
/* Check for a valid domain */
- if(grmod_req->infp_req->domain == NULL) {
+ if (grmod_req->infp_req->domain == NULL) {
einval_msg = talloc_strdup(grmod_req, "Invalid domain.");
goto einval;
}
@@ -772,11 +769,9 @@ int infp_groups_set_gid(DBusMessage *message, struct sbus_conn_ctx *sconn)
}
grmod_req->infp_req->domain =
- btreemap_get_value(grmod_req->infp_req->infp->domain_map,
- (const void *)arg_domain);
-
+ infp_get_domain_obj(grmod_req->infp_req->infp, arg_domain);
/* Check for a valid domain */
- if(grmod_req->infp_req->domain == NULL) {
+ if (grmod_req->infp_req->domain == NULL) {
einval_msg = talloc_strdup(grmod_req, "Invalid domain.");
goto einval;
}
diff --git a/server/infopipe/infopipe_private.h b/server/infopipe/infopipe_private.h
index 066f11e9..7317f7a6 100644
--- a/server/infopipe/infopipe_private.h
+++ b/server/infopipe/infopipe_private.h
@@ -28,7 +28,7 @@ struct infp_ctx {
struct service_sbus_ctx *ss_ctx;
struct sysbus_ctx *sysbus;
struct sysdb_ctx *sysdb;
- struct btreemap *domain_map;
+ struct sss_domain_info *domains;
char *introspect_xml;
int cache_timeout;
diff --git a/server/infopipe/infopipe_users.c b/server/infopipe/infopipe_users.c
index 656d1525..14037774 100644
--- a/server/infopipe/infopipe_users.c
+++ b/server/infopipe/infopipe_users.c
@@ -144,10 +144,9 @@ int infp_users_get_cached(DBusMessage *message, struct sbus_conn_ctx *sconn)
infp_getcached_req->min_last_login = arg_minlastlogin;
infp_getcached_req->infp_req->domain =
- btreemap_get_value(infp_getcached_req->infp_req->infp->domain_map,
- (const void *)arg_domain);
+ infp_get_domain_obj(infp_getcached_req->infp_req->infp, arg_domain);
/* Check for a valid domain */
- if(infp_getcached_req->infp_req->domain == NULL) {
+ if (infp_getcached_req->infp_req->domain == NULL) {
einval_msg = talloc_strdup(infp_getcached_req, "Invalid domain.");
goto einval;
}
@@ -320,10 +319,10 @@ int infp_users_create(DBusMessage *message, struct sbus_conn_ctx *sconn)
goto denied;
}
- infp_createuser_req->infp_req->domain = btreemap_get_value(infp_createuser_req->infp_req->infp->domain_map,
- (const void *)arg_domain);
+ infp_createuser_req->infp_req->domain =
+ infp_get_domain_obj(infp_createuser_req->infp_req->infp, arg_domain);
/* Check for a valid domain */
- if(infp_createuser_req->infp_req->domain == NULL) {
+ if (infp_createuser_req->infp_req->domain == NULL) {
einval_msg = talloc_strdup(infp_createuser_req, "Invalid domain.");
goto einval;
}
@@ -523,10 +522,9 @@ int infp_users_delete(DBusMessage *message, struct sbus_conn_ctx *sconn)
}
infp_deleteuser_req->infp_req->domain =
- btreemap_get_value(infp_deleteuser_req->infp_req->infp->domain_map,
- (const void *)arg_domain);
+ infp_get_domain_obj(infp_deleteuser_req->infp_req->infp, arg_domain);
/* Check for a valid domain */
- if(infp_deleteuser_req->infp_req->domain == NULL) {
+ if (infp_deleteuser_req->infp_req->domain == NULL) {
einval_msg = talloc_strdup(infp_deleteuser_req, "Invalid domain.");
goto einval;
}
@@ -1213,8 +1211,11 @@ int infp_users_get_attr(DBusMessage *message, struct sbus_conn_ctx *sconn)
goto end;
}
- infp_getattr_req->infp_req->domain = btreemap_get_value(infp_getattr_req->infp_req->infp->domain_map, (const void *)domain);
- infp_getattr_req->check_provider = strcasecmp(domain, "LOCAL");
+ infp_getattr_req->infp_req->domain =
+ infp_get_domain_obj(infp_getattr_req->infp_req->infp, domain);
+ if (infp_getattr_req->infp_req->domain->provider) {
+ infp_getattr_req->check_provider = true;
+ }
/* Copy the username list */
infp_getattr_req->usernames = talloc_array(infp_getattr_req, char *, username_count);
@@ -1469,9 +1470,9 @@ int infp_users_set_attr(DBusMessage *message, struct sbus_conn_ctx *sconn)
}
dbus_message_iter_get_basic(&iter, &domain_name);
- infp_setattr_req->infp_req->domain = btreemap_get_value(infp_setattr_req->infp_req->infp->domain_map,
- (const void *)domain_name);
- if(infp_setattr_req->infp_req->domain == NULL) {
+ infp_setattr_req->infp_req->domain =
+ infp_get_domain_obj(infp_setattr_req->infp_req->infp, domain_name);
+ if (infp_setattr_req->infp_req->domain == NULL) {
einval_msg = talloc_strdup(infp_setattr_req, "Invalid domain.");
goto einval;
}
@@ -1770,10 +1771,10 @@ int infp_users_set_uid(DBusMessage *message, struct sbus_conn_ctx *sconn)
infp_setuid_req->username = talloc_strdup(infp_setuid_req, arg_username);
- infp_setuid_req->infp_req->domain = btreemap_get_value(infp_setuid_req->infp_req->infp->domain_map,
- (const void *)arg_domain);
+ infp_setuid_req->infp_req->domain =
+ infp_get_domain_obj(infp_setuid_req->infp_req->infp, arg_domain);
/* Check for a valid domain */
- if(infp_setuid_req->infp_req->domain == NULL) {
+ if (infp_setuid_req->infp_req->domain == NULL) {
einval_msg = talloc_strdup(infp_setuid_req, "Invalid domain.");
goto einval;
}
diff --git a/server/monitor/monitor.c b/server/monitor/monitor.c
index 9320ed82..7fef0822 100644
--- a/server/monitor/monitor.c
+++ b/server/monitor/monitor.c
@@ -71,7 +71,7 @@ struct mt_svc {
struct mt_ctx {
struct tevent_context *ev;
struct confdb_ctx *cdb;
- struct btreemap *dom_map;
+ struct sss_domain_info *domains;
char **services;
struct mt_svc *svc_list;
struct sbus_srv_ctx *sbus_srv;
@@ -380,8 +380,7 @@ int monitor_process_init(TALLOC_CTX *mem_ctx,
struct mt_ctx *ctx;
struct mt_svc *svc;
struct sysdb_ctx *sysdb;
- const char **doms;
- int dom_count;
+ struct sss_domain_info *dom;
char *path;
int ret, i;
@@ -485,14 +484,14 @@ int monitor_process_init(TALLOC_CTX *mem_ctx,
}
/* now start the data providers */
- ret = confdb_get_domains_list(cdb, ctx,
- &(ctx->dom_map), &doms, &dom_count);
+ ret = confdb_get_domains(cdb, ctx, &ctx->domains);
if (ret != EOK) {
DEBUG(2, ("No domains configured. LOCAL should always exist!\n"));
return ret;
}
- for (i = 0; i < dom_count; i++) {
+ for (dom = ctx->domains; dom; dom = dom->next) {
+
svc = talloc_zero(ctx, struct mt_svc);
if (!svc) {
talloc_free(ctx);
@@ -500,7 +499,7 @@ int monitor_process_init(TALLOC_CTX *mem_ctx,
}
svc->mt_ctx = ctx;
- svc->name = talloc_strdup(svc, doms[i]);
+ svc->name = talloc_strdup(svc, dom->name);
if (!svc->name) {
talloc_free(ctx);
return ENOMEM;
@@ -512,7 +511,7 @@ int monitor_process_init(TALLOC_CTX *mem_ctx,
return ENOMEM;
}
- path = talloc_asprintf(svc, "config/domains/%s", doms[i]);
+ path = talloc_asprintf(svc, "config/domains/%s", svc->name);
if (!path) {
talloc_free(ctx);
return ENOMEM;
@@ -521,7 +520,7 @@ int monitor_process_init(TALLOC_CTX *mem_ctx,
ret = confdb_get_string(cdb, svc, path,
"provider", NULL, &svc->provider);
if (ret != EOK) {
- DEBUG(0, ("Failed to find provider from [%s] configuration\n", doms[i]));
+ DEBUG(0, ("Failed to find provider from [%s] configuration\n", svc->name));
talloc_free(svc);
continue;
}
@@ -529,7 +528,7 @@ int monitor_process_init(TALLOC_CTX *mem_ctx,
ret = confdb_get_string(cdb, svc, path,
"command", NULL, &svc->command);
if (ret != EOK) {
- DEBUG(0, ("Failed to find command from [%s] configuration\n", doms[i]));
+ DEBUG(0, ("Failed to find command from [%s] configuration\n", svc->name));
talloc_free(svc);
continue;
}
@@ -564,7 +563,7 @@ int monitor_process_init(TALLOC_CTX *mem_ctx,
ret = start_service(svc);
if (ret != EOK) {
- DEBUG(0,("Failed to start provider for '%s'\n", doms[i]));
+ DEBUG(0,("Failed to start provider for '%s'\n", svc->name));
talloc_free(svc);
continue;
}
diff --git a/server/responder/common/responder.h b/server/responder/common/responder.h
index 4b6bfeee..6f737a14 100644
--- a/server/responder/common/responder.h
+++ b/server/responder/common/responder.h
@@ -63,8 +63,7 @@ struct resp_ctx {
struct service_sbus_ctx *ss_ctx;
struct service_sbus_ctx *dp_ctx;
- struct btreemap *domain_map;
- char *default_domain;
+ struct sss_domain_info *domains;
struct sbus_method *sss_sbus_methods;
struct sss_cmd_table *sss_cmds;
diff --git a/server/responder/common/responder_common.c b/server/responder/common/responder_common.c
index 855c78a7..50cda623 100644
--- a/server/responder/common/responder_common.c
+++ b/server/responder/common/responder_common.c
@@ -453,40 +453,6 @@ failed:
return EIO;
}
-static int sss_init_domains(struct resp_ctx *rctx)
-{
- int ret;
- int retval;
-
- ret = confdb_get_domains(rctx->cdb, rctx, &rctx->domain_map);
- if (ret != EOK) {
- retval = ret;
- goto done;
- }
-
- if (rctx->domain_map == NULL) {
- /* No domains configured!
- * Note: this should never happen, since LOCAL should
- * always be configured */
- DEBUG(0, ("No domains configured on this client!\n"));
- retval = EINVAL;
- goto done;
- }
-
- ret = confdb_get_string(rctx->cdb, rctx,
- "config/domains", "default",
- NULL, &rctx->default_domain);
- if (ret != EOK) {
- retval = ret;
- goto done;
- }
-
- retval = EOK;
-
-done:
- return retval;
-}
-
int sss_names_init(struct resp_ctx *rctx)
{
struct sss_names_ctx *ctx;
@@ -571,7 +537,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
rctx->confdb_service_path = confdb_service_path;
rctx->dp_methods = dp_methods;
- ret = sss_init_domains(rctx);
+ ret = confdb_get_domains(rctx->cdb, rctx, &rctx->domains);
if (ret != EOK) {
DEBUG(0, ("fatal error setting up domain map\n"));
return ret;
diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c
index 834c42d9..58b09fb3 100644
--- a/server/responder/nss/nsssrv.c
+++ b/server/responder/nss/nsssrv.c
@@ -123,10 +123,10 @@ static int nss_get_config(struct nss_ctx *nctx,
struct confdb_ctx *cdb)
{
TALLOC_CTX *tmpctx;
+ struct sss_domain_info *dom;
char *domain, *name;
- const char **domains;
char **filter_list;
- int ret, num, i, j;
+ int ret, i;
tmpctx = talloc_new(nctx);
if (!tmpctx) return ENOMEM;
@@ -166,20 +166,12 @@ static int nss_get_config(struct nss_ctx *nctx,
continue;
}
} else {
- ret = btreemap_get_keys(tmpctx, rctx->domain_map,
- (const void ***)&domains, &num);
- if (ret != EOK) {
- DEBUG(0, ("Unable to find domains!\n"));
- return ret;
- }
-
- for (j = 0; j < num; j++) {
- ret = nss_ncache_set_user(nctx->ncache,
- true, domains[j], name);
+ for (dom = rctx->domains; dom; dom = dom->next) {
+ ret = nss_ncache_set_user(nctx->ncache, true, dom->name, name);
if (ret != EOK) {
DEBUG(1, ("Failed to store permanent user filter for"
" [%s:%s] (%d [%s])\n",
- domains[j], filter_list[i],
+ dom->name, filter_list[i],
ret, strerror(ret)));
continue;
}
@@ -208,20 +200,12 @@ static int nss_get_config(struct nss_ctx *nctx,
continue;
}
} else {
- ret = btreemap_get_keys(tmpctx, rctx->domain_map,
- (const void ***)&domains, &num);
- if (ret != EOK) {
- DEBUG(0, ("Unable to find domains!\n"));
- return ret;
- }
-
- for (j = 0; j < num; j++) {
- ret = nss_ncache_set_group(nctx->ncache,
- true, domains[j], name);
+ for (dom = rctx->domains; dom; dom = dom->next) {
+ ret = nss_ncache_set_group(nctx->ncache, true, dom->name, name);
if (ret != EOK) {
DEBUG(1, ("Failed to store permanent group filter for"
" [%s:%s] (%d [%s])\n",
- domains[j], filter_list[i],
+ dom->name, filter_list[i],
ret, strerror(ret)));
continue;
}
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c
index 367df36f..41f0c16a 100644
--- a/server/responder/nss/nsssrv_cmd.c
+++ b/server/responder/nss/nsssrv_cmd.c
@@ -80,18 +80,19 @@ static int nss_cmd_send_error(struct nss_cmd_ctx *cmdctx, int err)
} while(0)
static int nss_dom_ctx_init(struct nss_dom_ctx *dctx,
- struct btreemap *domain_map, const char *domain)
+ struct sss_domain_info *doms, const char *domain)
{
- struct sss_domain_info *info;
+ struct sss_domain_info *dom;
- /* Check for registered domain */
- info = btreemap_get_value(domain_map, (void *)domain);
- if (!info) {
+ for (dom = doms; dom; dom = dom->next) {
+ if (strcasecmp(dom->name, domain) == 0) break;
+ }
+ if (!dom) {
return EINVAL;
}
- dctx->domain = info;
- dctx->check_provider = (info->provider != NULL);
+ dctx->domain = dom;
+ dctx->check_provider = (dom->provider != NULL);
return EOK;
}
@@ -101,7 +102,7 @@ static int nss_dom_ctx_init(struct nss_dom_ctx *dctx,
***************************************************************************/
static int fill_pwent(struct sss_packet *packet,
- struct sss_domain_info *info,
+ struct sss_domain_info *dom,
struct nss_ctx *nctx,
bool filter_users,
struct ldb_message **msgs,
@@ -120,8 +121,8 @@ static int fill_pwent(struct sss_packet *packet,
size_t dom_len = 0;
int delim = 1;
int i, ret, num, t;
- bool add_domain = info->fqnames;
- const char *domain = info->name;
+ bool add_domain = dom->fqnames;
+ const char *domain = dom->name;
const char *namefmt = nctx->rctx->names->fq_fmt;
int ncret;
@@ -157,8 +158,8 @@ static int fill_pwent(struct sss_packet *packet,
}
/* check that the uid is valid for this domain */
- if ((info->id_min && (uid < info->id_min)) ||
- (info->id_max && (uid > info->id_max))) {
+ if ((dom->id_min && (uid < dom->id_min)) ||
+ (dom->id_max && (uid > dom->id_max))) {
DEBUG(4, ("User [%s@%s] filtered out! (id out of range)\n",
name, domain));
continue;
@@ -444,14 +445,13 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx)
{
struct nss_cmd_ctx *cmdctx;
struct nss_dom_ctx *dctx;
- struct sss_domain_info *info;
+ struct sss_domain_info *dom;
struct nss_ctx *nctx;
- const char **domains;
const char *rawname;
char *domname;
uint8_t *body;
size_t blen;
- int ret, num, i;
+ int ret;
int ncret;
nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
@@ -502,7 +502,7 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx)
}
dctx->cmdctx = cmdctx;
- ret = nss_dom_ctx_init(dctx, cctx->rctx->domain_map, domname);
+ ret = nss_dom_ctx_init(dctx, cctx->rctx->domains, domname);
if (ret != EOK) {
DEBUG(2, ("Invalid domain name received [%s]\n", domname));
goto done;
@@ -520,30 +520,22 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx)
} else {
dctx = NULL;
- domains = NULL;
- num = 0;
- /* get domains list */
- ret = btreemap_get_keys(cmdctx, cctx->rctx->domain_map,
- (const void ***)&domains, &num);
- if (ret != EOK) goto done;
cmdctx->nr = 0;
- for (i = 0; i < num; i++) {
+ for (dom = cctx->rctx->domains; dom; dom = dom->next) {
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
ncret = nss_ncache_check_user(nctx->ncache, nctx->neg_timeout,
- domains[i], cmdctx->name);
+ dom->name, cmdctx->name);
if (ncret != ENOENT) {
DEBUG(3, ("User [%s] does not exist! (neg cache)\n",
rawname));
continue;
}
- info = btreemap_get_value(cctx->rctx->domain_map, domains[i]);
-
/* skip domains that require FQnames */
- if (info->fqnames) continue;
+ if (dom->fqnames) continue;
cmdctx->nr++;
@@ -554,8 +546,8 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx)
}
dctx->cmdctx = cmdctx;
- dctx->domain = info;
- dctx->check_provider = (info->provider != NULL);
+ dctx->domain = dom;
+ dctx->check_provider = (dom->provider != NULL);
DEBUG(4, ("Requesting info for [%s@%s]\n",
cmdctx->name, dctx->domain->name));
@@ -808,12 +800,11 @@ static int nss_cmd_getpwuid(struct cli_ctx *cctx)
{
struct nss_cmd_ctx *cmdctx;
struct nss_dom_ctx *dctx;
- struct sss_domain_info *info;
+ struct sss_domain_info *dom;
struct nss_ctx *nctx;
- const char **domains;
uint8_t *body;
size_t blen;
- int i, num, ret;
+ int ret;
int ncret;
nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
@@ -836,36 +827,25 @@ static int nss_cmd_getpwuid(struct cli_ctx *cctx)
/* FIXME: Just ask all backends for now, until we check for ranges */
dctx = NULL;
- domains = NULL;
- num = 0;
- /* get domains list */
- ret = btreemap_get_keys(cmdctx, cctx->rctx->domain_map,
- (const void ***)&domains, &num);
- if (ret != EOK) {
- goto done;
- }
-
cmdctx->nr = 0;
- for (i = 0; i < num; i++) {
+ for (dom = cctx->rctx->domains; dom; dom = dom->next) {
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
ncret = nss_ncache_check_uid(nctx->ncache, nctx->neg_timeout,
- cmdctx->id);
+ cmdctx->id);
if (ncret != ENOENT) {
DEBUG(3, ("Uid [%lu] does not exist! (negative cache)\n",
(unsigned long)cmdctx->id));
continue;
}
- info = btreemap_get_value(cctx->rctx->domain_map, domains[i]);
-
/* check that the uid is valid for this domain */
- if ((info->id_min && (cmdctx->id < info->id_min)) ||
- (info->id_max && (cmdctx->id > info->id_max))) {
+ if ((dom->id_min && (cmdctx->id < dom->id_min)) ||
+ (dom->id_max && (cmdctx->id > dom->id_max))) {
DEBUG(4, ("Uid [%lu] does not exist in domain [%s]! "
"(id out of range)\n",
- (unsigned long)cmdctx->id, domains[i]));
+ (unsigned long)cmdctx->id, dom->name));
continue;
}
@@ -878,8 +858,8 @@ static int nss_cmd_getpwuid(struct cli_ctx *cctx)
}
dctx->cmdctx = cmdctx;
- dctx->domain = info;
- dctx->check_provider = (info->provider != NULL);
+ dctx->domain = dom;
+ dctx->check_provider = (dom->provider != NULL);
DEBUG(4, ("Requesting info for [%lu@%s]\n",
cmdctx->id, dctx->domain->name));
@@ -1036,16 +1016,15 @@ static void nss_cmd_setpw_dp_callback(uint16_t err_maj, uint32_t err_min,
static int nss_cmd_setpwent_ext(struct cli_ctx *cctx, bool immediate)
{
- struct sss_domain_info *info;
+ struct sss_domain_info *dom;
struct nss_cmd_ctx *cmdctx;
struct nss_dom_ctx *dctx;
struct getent_ctx *pctx;
struct nss_ctx *nctx;
- const char **domains;
time_t now = time(NULL);
bool cached = false;
int timeout;
- int i, ret, num;
+ int ret;
DEBUG(4, ("Requesting info for all users\n"));
@@ -1067,15 +1046,6 @@ static int nss_cmd_setpwent_ext(struct cli_ctx *cctx, bool immediate)
cmdctx->immediate = immediate;
- domains = NULL;
- num = 0;
- /* get domains list */
- ret = btreemap_get_keys(cmdctx, cctx->rctx->domain_map,
- (const void ***)&domains, &num);
- if (ret != EOK) {
- return ret;
- }
-
/* do not query backends if we have a recent enumeration */
if (nctx->enum_cache_timeout) {
if (nctx->last_user_enum +
@@ -1085,10 +1055,9 @@ static int nss_cmd_setpwent_ext(struct cli_ctx *cctx, bool immediate)
}
/* check if enumeration is enabled in any domain */
- for (i = 0; i < num; i++) {
- info = btreemap_get_value(cctx->rctx->domain_map, domains[i]);
+ for (dom = cctx->rctx->domains; dom; dom = dom->next) {
- if ((info->enumerate & NSS_ENUM_USERS) == 0) {
+ if ((dom->enumerate & NSS_ENUM_USERS) == 0) {
continue;
}
@@ -1099,19 +1068,19 @@ static int nss_cmd_setpwent_ext(struct cli_ctx *cctx, bool immediate)
if (!dctx) return ENOMEM;
dctx->cmdctx = cmdctx;
- dctx->domain = info;
+ dctx->domain = dom;
if (cached) {
dctx->check_provider = false;
} else {
- dctx->check_provider = (info->provider != NULL);
+ dctx->check_provider = (dom->provider != NULL);
}
if (dctx->check_provider) {
- timeout = SSS_CLI_SOCKET_TIMEOUT/(i+2);
+ timeout = SSS_CLI_SOCKET_TIMEOUT;
ret = nss_dp_send_acct_req(cctx->rctx, cmdctx,
nss_cmd_setpw_dp_callback, dctx,
- timeout, domains[i], NSS_DP_USER,
+ timeout, dom->name, NSS_DP_USER,
NULL, 0);
} else {
ret = sysdb_enumpwent(dctx, cctx->rctx->sysdb,
@@ -1121,7 +1090,7 @@ static int nss_cmd_setpwent_ext(struct cli_ctx *cctx, bool immediate)
if (ret != EOK) {
/* FIXME: shutdown ? */
DEBUG(1, ("Failed to send enumeration request for domain [%s]!\n",
- domains[i]));
+ dom->name));
continue;
}
@@ -1274,7 +1243,7 @@ done:
***************************************************************************/
static int fill_grent(struct sss_packet *packet,
- struct sss_domain_info *info,
+ struct sss_domain_info *dom,
struct nss_ctx *nctx,
bool filter_groups,
struct ldb_message **msgs,
@@ -1292,8 +1261,8 @@ static int fill_grent(struct sss_packet *packet,
size_t dom_len = 0;
size_t name_len;
int delim = 1;
- bool add_domain = info->fqnames;
- const char *domain = info->name;
+ bool add_domain = dom->fqnames;
+ const char *domain = dom->name;
const char *namefmt = nctx->rctx->names->fq_fmt;
int ncret;
@@ -1343,8 +1312,8 @@ static int fill_grent(struct sss_packet *packet,
}
/* check that the gid is valid for this domain */
- if ((info->id_min && (gid < info->id_min)) ||
- (info->id_max && (gid > info->id_max))) {
+ if ((dom->id_min && (gid < dom->id_min)) ||
+ (dom->id_max && (gid > dom->id_max))) {
DEBUG(4, ("User [%s@%s] filtered out! (id out of range)\n",
name, domain));
skip_members = true;
@@ -1511,8 +1480,8 @@ static int fill_grent(struct sss_packet *packet,
}
/* check that the uid is valid for this domain */
- if ((info->id_min && (uid < info->id_min)) ||
- (info->id_max && (uid > info->id_max))) {
+ if ((dom->id_min && (uid < dom->id_min)) ||
+ (dom->id_max && (uid > dom->id_max))) {
DEBUG(4, ("User [%s@%s] filtered out! (id out of range)\n",
name, domain));
continue;
@@ -1772,14 +1741,13 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx)
{
struct nss_cmd_ctx *cmdctx;
struct nss_dom_ctx *dctx;
- struct sss_domain_info *info;
+ struct sss_domain_info *dom;
struct nss_ctx *nctx;
- const char **domains;
const char *rawname;
char *domname;
uint8_t *body;
size_t blen;
- int ret, num, i;
+ int ret;
int ncret;
nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
@@ -1828,7 +1796,7 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx)
}
dctx->cmdctx = cmdctx;
- ret = nss_dom_ctx_init(dctx, cctx->rctx->domain_map, domname);
+ ret = nss_dom_ctx_init(dctx, cctx->rctx->domains, domname);
if (ret != EOK) {
DEBUG(2, ("Invalid domain name received [%s]\n", domname));
goto done;
@@ -1846,30 +1814,21 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx)
} else {
dctx = NULL;
- domains = NULL;
- num = 0;
- /* get domains list */
- ret = btreemap_get_keys(cmdctx, cctx->rctx->domain_map,
- (const void ***)&domains, &num);
- if (ret != EOK) goto done;
-
cmdctx->nr = 0;
- for (i = 0; i < num; i++) {
+ for (dom = cctx->rctx->domains; dom; dom = dom->next) {
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
ncret = nss_ncache_check_group(nctx->ncache, nctx->neg_timeout,
- domains[i], cmdctx->name);
+ dom->name, cmdctx->name);
if (ncret != ENOENT) {
DEBUG(3, ("Group [%s] does not exist! (negative cache)\n",
rawname));
continue;
}
- info = btreemap_get_value(cctx->rctx->domain_map, domains[i]);
-
/* skip domains that require FQnames */
- if (info->fqnames) continue;
+ if (dom->fqnames) continue;
cmdctx->nr++;
@@ -1880,8 +1839,8 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx)
}
dctx->cmdctx = cmdctx;
- dctx->domain = info;
- dctx->check_provider = (info->provider != NULL);
+ dctx->domain = dom;
+ dctx->check_provider = (dom->provider != NULL);
DEBUG(4, ("Requesting info for [%s@%s]\n",
cmdctx->name, dctx->domain->name));
@@ -2115,12 +2074,11 @@ static int nss_cmd_getgrgid(struct cli_ctx *cctx)
{
struct nss_cmd_ctx *cmdctx;
struct nss_dom_ctx *dctx;
- struct sss_domain_info *info;
+ struct sss_domain_info *dom;
struct nss_ctx *nctx;
- const char **domains;
uint8_t *body;
size_t blen;
- int i, num, ret;
+ int ret;
int ncret;
nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
@@ -2143,33 +2101,22 @@ static int nss_cmd_getgrgid(struct cli_ctx *cctx)
/* FIXME: Just ask all backends for now, until we check for ranges */
dctx = NULL;
- domains = NULL;
- num = 0;
- /* get domains list */
- ret = btreemap_get_keys(cmdctx, cctx->rctx->domain_map,
- (const void ***)&domains, &num);
- if (ret != EOK) {
- goto done;
- }
-
cmdctx->nr = 0;
- for (i = 0; i < num; i++) {
+ for (dom = cctx->rctx->domains; dom; dom = dom->next) {
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
ncret = nss_ncache_check_gid(nctx->ncache, nctx->neg_timeout,
- cmdctx->id);
+ cmdctx->id);
if (ncret != ENOENT) {
DEBUG(3, ("Gid [%lu] does not exist! (negative cache)\n",
(unsigned long)cmdctx->id));
continue;
}
- info = btreemap_get_value(cctx->rctx->domain_map, domains[i]);
-
/* check that the uid is valid for this domain */
- if ((info->id_min && (cmdctx->id < info->id_min)) ||
- (info->id_max && (cmdctx->id > info->id_max))) {
+ if ((dom->id_min && (cmdctx->id < dom->id_min)) ||
+ (dom->id_max && (cmdctx->id > dom->id_max))) {
DEBUG(4, ("Gid [%lu] does not exist! (id out of range)\n",
(unsigned long)cmdctx->id));
continue;
@@ -2185,8 +2132,8 @@ static int nss_cmd_getgrgid(struct cli_ctx *cctx)
}
dctx->cmdctx = cmdctx;
- dctx->domain = info;
- dctx->check_provider = (info->provider != NULL);
+ dctx->domain = dom;
+ dctx->check_provider = (dom->provider != NULL);
DEBUG(4, ("Requesting info for [%lu@%s]\n",
cmdctx->id, dctx->domain->name));
@@ -2344,16 +2291,15 @@ static void nss_cmd_setgr_dp_callback(uint16_t err_maj, uint32_t err_min,
static int nss_cmd_setgrent_ext(struct cli_ctx *cctx, bool immediate)
{
- struct sss_domain_info *info;
+ struct sss_domain_info *dom;
struct nss_cmd_ctx *cmdctx;
struct nss_dom_ctx *dctx;
struct getent_ctx *gctx;
struct nss_ctx *nctx;
- const char **domains;
time_t now = time(NULL);
bool cached = false;
int timeout;
- int i, ret, num;
+ int ret;
DEBUG(4, ("Requesting info for all groups\n"));
@@ -2375,15 +2321,6 @@ static int nss_cmd_setgrent_ext(struct cli_ctx *cctx, bool immediate)
cmdctx->immediate = immediate;
- domains = NULL;
- num = 0;
- /* get domains list */
- ret = btreemap_get_keys(cmdctx, cctx->rctx->domain_map,
- (const void ***)&domains, &num);
- if(ret != EOK) {
- return ret;
- }
-
/* do not query backends if we have a recent enumeration */
if (nctx->enum_cache_timeout) {
if (nctx->last_group_enum +
@@ -2393,10 +2330,9 @@ static int nss_cmd_setgrent_ext(struct cli_ctx *cctx, bool immediate)
}
/* check if enumeration is enabled in any domain */
- for (i = 0; i < num; i++) {
- info = btreemap_get_value(cctx->rctx->domain_map, domains[i]);
+ for (dom = cctx->rctx->domains; dom; dom = dom->next) {
- if ((info->enumerate & NSS_ENUM_GROUPS) == 0) {
+ if ((dom->enumerate & NSS_ENUM_GROUPS) == 0) {
continue;
}
@@ -2407,19 +2343,19 @@ static int nss_cmd_setgrent_ext(struct cli_ctx *cctx, bool immediate)
if (!dctx) return ENOMEM;
dctx->cmdctx = cmdctx;
- dctx->domain = info;
+ dctx->domain = dom;
if (cached) {
dctx->check_provider = false;
} else {
- dctx->check_provider = (info->provider != NULL);
+ dctx->check_provider = (dom->provider != NULL);
}
if (dctx->check_provider) {
- timeout = SSS_CLI_SOCKET_TIMEOUT/(i+2);
+ timeout = SSS_CLI_SOCKET_TIMEOUT;
ret = nss_dp_send_acct_req(cctx->rctx, cmdctx,
nss_cmd_setgr_dp_callback, dctx,
- timeout, domains[i], NSS_DP_GROUP,
+ timeout, dom->name, NSS_DP_GROUP,
NULL, 0);
} else {
ret = sysdb_enumgrent(dctx, cctx->rctx->sysdb,
@@ -2429,7 +2365,7 @@ static int nss_cmd_setgrent_ext(struct cli_ctx *cctx, bool immediate)
if (ret != EOK) {
/* FIXME: shutdown ? */
DEBUG(1, ("Failed to send enumeration request for domain [%s]!\n",
- domains[i]));
+ dom->name));
continue;
}
@@ -2864,14 +2800,13 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx)
{
struct nss_cmd_ctx *cmdctx;
struct nss_dom_ctx *dctx;
- struct sss_domain_info *info;
+ struct sss_domain_info *dom;
struct nss_ctx *nctx;
- const char **domains;
const char *rawname;
char *domname;
uint8_t *body;
size_t blen;
- int ret, num, i;
+ int ret;
int ncret;
nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
@@ -2920,7 +2855,7 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx)
}
dctx->cmdctx = cmdctx;
- ret = nss_dom_ctx_init(dctx, cctx->rctx->domain_map, domname);
+ ret = nss_dom_ctx_init(dctx, cctx->rctx->domains, domname);
if (ret != EOK) {
DEBUG(2, ("Invalid domain name received [%s]\n", domname));
goto done;
@@ -2938,29 +2873,20 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx)
} else {
dctx = NULL;
- domains = NULL;
- num = 0;
- /* get domains list */
- ret = btreemap_get_keys(cmdctx, cctx->rctx->domain_map,
- (const void ***)&domains, &num);
- if (ret != EOK) goto done;
-
cmdctx->nr = 0;
- for (i = 0; i < num; i++) {
+ for (dom = cctx->rctx->domains; dom; dom = dom->next) {
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
ncret = nss_ncache_check_user(nctx->ncache, nctx->neg_timeout,
- domains[i], cmdctx->name);
+ dom->name, cmdctx->name);
if (ncret != ENOENT) {
DEBUG(3, ("User does not exist! (neg cache)\n"));
continue;
}
- info = btreemap_get_value(cctx->rctx->domain_map, domains[i]);
-
/* skip domains that require FQnames */
- if (info->fqnames) continue;
+ if (dom->fqnames) continue;
cmdctx->nr++;
@@ -2971,8 +2897,8 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx)
}
dctx->cmdctx = cmdctx;
- dctx->domain = info;
- dctx->check_provider = (info->provider != NULL);
+ dctx->domain = dom;
+ dctx->check_provider = (dom->provider != NULL);
DEBUG(4, ("Requesting info for [%s@%s]\n",
cmdctx->name, dctx->domain->name));
diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c
index 49a06ff3..28a95db8 100644
--- a/server/responder/pam/pam_LOCAL_domain.c
+++ b/server/responder/pam/pam_LOCAL_domain.c
@@ -347,7 +347,7 @@ done:
}
int LOCAL_pam_handler(struct cli_ctx *cctx, pam_dp_callback_t callback,
- struct pam_data *pd)
+ struct sss_domain_info *dom, struct pam_data *pd)
{
int ret;
struct LOCAL_request *lreq=NULL;
@@ -377,8 +377,7 @@ int LOCAL_pam_handler(struct cli_ctx *cctx, pam_dp_callback_t callback,
DEBUG(4, ("LOCAL pam handler.\n"));
- lreq->domain_info = btreemap_get_value(lreq->cctx->rctx->domain_map,
- lreq->pd->domain);
+ lreq->domain_info = dom;
NULL_CHECK_OR_JUMP(lreq->domain_info, ("Domain info not found.\n"),
ret, EINVAL, done);
diff --git a/server/responder/pam/pam_LOCAL_domain.h b/server/responder/pam/pam_LOCAL_domain.h
index 6cac6075..bc2064db 100644
--- a/server/responder/pam/pam_LOCAL_domain.h
+++ b/server/responder/pam/pam_LOCAL_domain.h
@@ -4,6 +4,6 @@
#include "responder/pam/pamsrv.h"
int LOCAL_pam_handler(struct cli_ctx *cctx, pam_dp_callback_t callback,
- struct pam_data *pd);
+ struct sss_domain_info *dom, struct pam_data *pd);
#endif /* __PAM_LOCAL_DOMAIN_H__ */
diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c
index 22a2b85d..db5f064f 100644
--- a/server/responder/pam/pamsrv_cmd.c
+++ b/server/responder/pam/pamsrv_cmd.c
@@ -197,7 +197,7 @@ done:
static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
{
- struct sss_domain_info *info;
+ struct sss_domain_info *dom;
uint8_t *body;
size_t blen;
int ret;
@@ -224,30 +224,27 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
pd->response_delay = 0;
pd->resp_list = NULL;
- if (pd->domain == NULL) {
- if (cctx->rctx->default_domain != NULL) {
- pd->domain = cctx->rctx->default_domain;
- } else {
- pd->domain = talloc_strdup(pd, "LOCAL");
- }
- DEBUG(4, ("Using default domain [%s].\n", pd->domain));
- }
if (pd->domain) {
- /* Check for registered domain */
- info = btreemap_get_value(cctx->rctx->domain_map,
- (void *)(pd->domain));
- if (!info) {
+ for (dom = cctx->rctx->domains; dom; dom = dom->next) {
+ if (strcasecmp(dom->name, pd->domain) == 0) break;
+ }
+ if (!dom) {
talloc_free(pd);
return EINVAL;
}
}
+ else {
+ DEBUG(4, ("Domain not provided, using default.\n"));
+ dom = cctx->rctx->domains;
+ pd->domain = dom->name;
+ }
- if (!info->provider) {
- return LOCAL_pam_handler(cctx, pam_reply, pd);
+ if (!dom->provider) {
+ return LOCAL_pam_handler(cctx, pam_reply, dom, pd);
};
- ret=pam_dp_send_req(cctx, pam_reply, PAM_DP_TIMEOUT, pd);
+ ret = pam_dp_send_req(cctx, pam_reply, PAM_DP_TIMEOUT, pd);
DEBUG(4, ("pam_dp_send_req returned %d\n", ret));
return ret;
diff --git a/server/tools/sss_groupadd.c b/server/tools/sss_groupadd.c
index 5363dbba..d0559716 100644
--- a/server/tools/sss_groupadd.c
+++ b/server/tools/sss_groupadd.c
@@ -83,7 +83,7 @@ int main(int argc, const char **argv)
{ "gid", 'g', POPT_ARG_INT, &pc_gid, 0, "The GID of the group", NULL },
POPT_TABLEEND
};
-
+ struct sss_domain_info *dom;
poptContext pc = NULL;
struct tools_ctx *ctx = NULL;
struct group_add_ctx *group_ctx = NULL;
@@ -128,12 +128,15 @@ int main(int argc, const char **argv)
/* arguments processed, go on to actual work */
- group_ctx->domain = btreemap_get_value(ctx->domains, "LOCAL");
- if (group_ctx->domain == NULL) {
+ for (dom = ctx->domains; dom; dom = dom->next) {
+ if (strcasecmp(dom->name, "LOCAL") == 0) break;
+ }
+ if (dom == NULL) {
DEBUG(0, ("Could not get domain info\n"));
ret = EXIT_FAILURE;
goto fini;
}
+ group_ctx->domain = dom;
/* add_group */
ret = sysdb_transaction(ctx, ctx->sysdb, add_group, group_ctx);
diff --git a/server/tools/sss_groupdel.c b/server/tools/sss_groupdel.c
index 1cbddf45..8e85003c 100644
--- a/server/tools/sss_groupdel.c
+++ b/server/tools/sss_groupdel.c
@@ -79,7 +79,7 @@ int main(int argc, const char **argv)
int ret = EXIT_SUCCESS;
struct group_del_ctx *group_ctx = NULL;
struct tools_ctx *ctx = NULL;
-
+ struct sss_domain_info *dom;
poptContext pc = NULL;
struct poptOption long_options[] = {
@@ -121,12 +121,16 @@ int main(int argc, const char **argv)
/* arguments processed, go on to actual work */
- group_ctx->domain = btreemap_get_value(ctx->domains, "LOCAL");
- if (group_ctx->domain == NULL) {
- DEBUG(0, ("Could not set default values\n"));
+ for (dom = ctx->domains; dom; dom = dom->next) {
+ if (strcasecmp(dom->name, "LOCAL") == 0) break;
+ }
+ if (dom == NULL) {
+ DEBUG(0, ("Could not get domain info\n"));
ret = EXIT_FAILURE;
goto fini;
}
+ group_ctx->domain = dom;
+
group_ctx->group_dn = sysdb_group_dn(ctx->sysdb, ctx,
group_ctx->domain->name,
diff --git a/server/tools/sss_groupmod.c b/server/tools/sss_groupmod.c
index ed16033a..922555f0 100644
--- a/server/tools/sss_groupmod.c
+++ b/server/tools/sss_groupmod.c
@@ -186,6 +186,7 @@ int main(int argc, const char **argv)
POPT_TABLEEND
};
poptContext pc = NULL;
+ struct sss_domain_info *dom;
struct group_mod_ctx *group_ctx = NULL;
struct tools_ctx *ctx = NULL;
char *groups;
@@ -246,12 +247,16 @@ int main(int argc, const char **argv)
group_ctx->gid = pc_gid;
/* arguments processed, go on to actual work */
- group_ctx->domain = btreemap_get_value(ctx->domains, "LOCAL");
- if (group_ctx->domain == NULL) {
- DEBUG(0, ("Could not get the domain\n"));
+
+ for (dom = ctx->domains; dom; dom = dom->next) {
+ if (strcasecmp(dom->name, "LOCAL") == 0) break;
+ }
+ if (dom == NULL) {
+ DEBUG(0, ("Could not get domain info\n"));
ret = EXIT_FAILURE;
goto fini;
}
+ group_ctx->domain = dom;
ret = sysdb_transaction(ctx, ctx->sysdb, mod_group, group_ctx);
if (ret != EOK) {
diff --git a/server/tools/sss_useradd.c b/server/tools/sss_useradd.c
index ba89276f..d3b930d1 100644
--- a/server/tools/sss_useradd.c
+++ b/server/tools/sss_useradd.c
@@ -233,6 +233,7 @@ int main(int argc, const char **argv)
POPT_TABLEEND
};
poptContext pc = NULL;
+ struct sss_domain_info *dom;
struct user_add_ctx *user_ctx = NULL;
struct tools_ctx *ctx = NULL;
char *groups;
@@ -332,12 +333,15 @@ int main(int argc, const char **argv)
/* arguments processed, go on to actual work */
- user_ctx->domain = btreemap_get_value(ctx->domains, "LOCAL");
- if (user_ctx->domain == NULL) {
- DEBUG(0, ("Could not set default values\n"));
+ for (dom = ctx->domains; dom; dom = dom->next) {
+ if (strcasecmp(dom->name, "LOCAL") == 0) break;
+ }
+ if (dom == NULL) {
+ DEBUG(0, ("Could not get domain info\n"));
ret = EXIT_FAILURE;
goto fini;
}
+ user_ctx->domain = dom;
/* useradd */
ret = sysdb_transaction(ctx, ctx->sysdb, add_user, user_ctx);
diff --git a/server/tools/sss_userdel.c b/server/tools/sss_userdel.c
index 1a56cf9d..47188824 100644
--- a/server/tools/sss_userdel.c
+++ b/server/tools/sss_userdel.c
@@ -78,7 +78,7 @@ int main(int argc, const char **argv)
int ret = EXIT_SUCCESS;
struct user_del_ctx *user_ctx = NULL;
struct tools_ctx *ctx = NULL;
-
+ struct sss_domain_info *dom;
poptContext pc = NULL;
struct poptOption long_options[] = {
@@ -120,12 +120,15 @@ int main(int argc, const char **argv)
/* arguments processed, go on to actual work */
- user_ctx->domain = btreemap_get_value(ctx->domains, "LOCAL");
- if (user_ctx->domain == NULL) {
- DEBUG(0, ("Could not set default values\n"));
+ for (dom = ctx->domains; dom; dom = dom->next) {
+ if (strcasecmp(dom->name, "LOCAL") == 0) break;
+ }
+ if (dom == NULL) {
+ DEBUG(0, ("Could not get domain info\n"));
ret = EXIT_FAILURE;
goto fini;
}
+ user_ctx->domain = dom;
user_ctx->user_dn = sysdb_user_dn(ctx->sysdb, ctx,
user_ctx->domain->name,
diff --git a/server/tools/sss_usermod.c b/server/tools/sss_usermod.c
index 6f1d4ce6..dae584e2 100644
--- a/server/tools/sss_usermod.c
+++ b/server/tools/sss_usermod.c
@@ -210,6 +210,7 @@ int main(int argc, const char **argv)
POPT_TABLEEND
};
poptContext pc = NULL;
+ struct sss_domain_info *dom;
struct user_mod_ctx *user_ctx = NULL;
struct tools_ctx *ctx = NULL;
char *groups;
@@ -328,10 +329,15 @@ int main(int argc, const char **argv)
/* arguments processed, go on to actual work */
- user_ctx->domain = btreemap_get_value(ctx->domains, "LOCAL");
- if (user_ctx->domain == NULL) {
- VAR_CHECK(ret, EOK, "Could not set default values\n");
+ for (dom = ctx->domains; dom; dom = dom->next) {
+ if (strcasecmp(dom->name, "LOCAL") == 0) break;
}
+ if (dom == NULL) {
+ DEBUG(0, ("Could not get domain info\n"));
+ ret = EXIT_FAILURE;
+ goto fini;
+ }
+ user_ctx->domain = dom;
ret = sysdb_transaction(ctx, ctx->sysdb, mod_user, user_ctx);
if (ret != EOK) {
diff --git a/server/tools/tools_util.h b/server/tools/tools_util.h
index 4a32e9c7..ef55dede 100644
--- a/server/tools/tools_util.h
+++ b/server/tools/tools_util.h
@@ -9,7 +9,7 @@ struct tools_ctx {
struct confdb_ctx *confdb;
struct sysdb_ctx *sysdb;
- struct btreemap *domains;
+ struct sss_domain_info *domains;
};
int setup_db(struct tools_ctx **ctx);