From 6fdde3913a11cd6148627696fa8717c34e8460fc Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Wed, 28 Mar 2012 07:54:26 -0400 Subject: Modified responder_get_domain() Now it checks for subdomains as well as for the domain itself --- src/responder/autofs/autofssrv_cmd.c | 2 +- src/responder/common/negcache.c | 7 ++++--- src/responder/common/negcache.h | 2 +- src/responder/common/responder.h | 3 ++- src/responder/common/responder_common.c | 37 ++++++++++++++++++++++++++++----- src/responder/nss/nsssrv.c | 2 +- src/responder/nss/nsssrv_cmd.c | 6 +++--- src/responder/nss/nsssrv_netgroup.c | 2 +- src/responder/nss/nsssrv_services.c | 2 +- src/responder/pam/pamsrv.c | 2 +- src/responder/pam/pamsrv_cmd.c | 2 +- src/responder/ssh/sshsrv_cmd.c | 4 ++-- src/responder/sudo/sudosrv_cmd.c | 2 +- 13 files changed, 51 insertions(+), 22 deletions(-) diff --git a/src/responder/autofs/autofssrv_cmd.c b/src/responder/autofs/autofssrv_cmd.c index 7497a18f..ebf68b84 100644 --- a/src/responder/autofs/autofssrv_cmd.c +++ b/src/responder/autofs/autofssrv_cmd.c @@ -386,7 +386,7 @@ setautomntent_send(TALLOC_CTX *mem_ctx, state->mapname, domname?domname:"")); if (domname) { - dctx->domain = responder_get_domain(client->rctx->domains, domname); + dctx->domain = responder_get_domain(dctx, client->rctx, domname); if (!dctx->domain) { goto fail; } diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 47f4c323..dd4c0008 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -566,13 +566,14 @@ int sss_ncache_reset_permament(struct sss_nc_ctx *ctx) errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, struct confdb_ctx *cdb, struct sss_names_ctx *names_ctx, - struct sss_domain_info *domain_list) + struct resp_ctx *rctx) { errno_t ret; bool filter_set = false; char **filter_list = NULL; char *name = NULL; struct sss_domain_info *dom = NULL; + struct sss_domain_info *domain_list = rctx->domains; char *domainname = NULL; char *conf_path = NULL; TALLOC_CTX *tmpctx = talloc_new(NULL); @@ -649,7 +650,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, continue; } if (domainname) { - dom = responder_get_domain(domain_list, domainname); + dom = responder_get_domain(tmpctx, rctx, domainname); if (!dom) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid domain name [%s]\n", domainname)); @@ -746,7 +747,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, continue; } if (domainname) { - dom = responder_get_domain(domain_list, domainname); + dom = responder_get_domain(tmpctx, rctx, domainname); if (!dom) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid domain name [%s]\n", domainname)); diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h index 74f7ff34..9d070c69 100644 --- a/src/responder/common/negcache.h +++ b/src/responder/common/negcache.h @@ -73,6 +73,6 @@ int sss_ncache_reset_permament(struct sss_nc_ctx *ctx); errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, struct confdb_ctx *cdb, struct sss_names_ctx *names_ctx, - struct sss_domain_info *domain_list); + struct resp_ctx *rctx); #endif /* _NSS_NEG_CACHE_H_ */ diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index f331fee3..30a7101d 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -157,7 +157,8 @@ int sss_parse_name(TALLOC_CTX *memctx, int sss_dp_get_domain_conn(struct resp_ctx *rctx, const char *domain, struct be_conn **_conn); struct sss_domain_info * -responder_get_domain(struct sss_domain_info *doms, const char *domain); +responder_get_domain(TALLOC_CTX *sd_mem_ctx, struct resp_ctx *rctx, + const char *domain); /* responder_cmd.c */ int sss_cmd_empty_packet(struct sss_packet *packet); diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 66148387..2c1ae28b 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -633,16 +633,43 @@ int sss_dp_get_domain_conn(struct resp_ctx *rctx, const char *domain, } struct sss_domain_info * -responder_get_domain(struct sss_domain_info *doms, const char *domain) +responder_get_domain(TALLOC_CTX *sd_mem_ctx, struct resp_ctx *rctx, + const char *domain) { + time_t now = time(NULL); + time_t time_diff; struct sss_domain_info *dom; + struct sss_domain_info *ret_dom = NULL; + int i; - for (dom = doms; dom; dom = dom->next) { - if (strcasecmp(dom->name, domain) == 0) break; + for (dom = rctx->domains; dom; dom = dom->next) { + if (strcasecmp(dom->name, domain) == 0) { + ret_dom = dom; + break; + } + + for (i = 0; i < dom->subdomain_count; i++) { + if (strcasecmp(dom->subdomains[i]->name, domain) == 0 || + (dom->subdomains[i]->flat_name != NULL && + strcasecmp(dom->subdomains[i]->flat_name, domain) == 0)) { + /* Sub-domains may come and go, so we better copy the struct + * for each request. */ + ret_dom = copy_subdomain(sd_mem_ctx, dom->subdomains[i]); + break; + } + } + + time_diff = now - dom->subdomains_last_checked.tv_sec; + if (i < dom->subdomain_count && time_diff < rctx->domains_timeout) break; + } + /* FIXME: we might want to return a real error, e.g. if copy_subdomain + * fails. */ + if (!ret_dom) { + DEBUG(SSSDBG_OP_FAILURE, ("Unknown domain [%s], checking for" + "possible subdomains!\n", domain)); } - if (!dom) DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown domain [%s]!\n", domain)); - return dom; + return ret_dom; } int responder_logrotate(DBusMessage *message, diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index f2c89303..1a0dcf43 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -163,7 +163,7 @@ static int nss_get_config(struct nss_ctx *nctx, } ret = sss_ncache_prepopulate(nctx->ncache, cdb, nctx->rctx->names, - nctx->rctx->domains); + nctx->rctx); if (ret != EOK) { goto done; } diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 50296251..2c9a0833 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -886,7 +886,7 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx) cmdctx->name, domname?domname:"")); if (domname) { - dctx->domain = responder_get_domain(cctx->rctx->domains, domname); + dctx->domain = responder_get_domain(dctx, cctx->rctx, domname); if (!dctx->domain) { ret = ENOENT; goto done; @@ -2203,7 +2203,7 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx) cmdctx->name, domname?domname:"")); if (domname) { - dctx->domain = responder_get_domain(cctx->rctx->domains, domname); + dctx->domain = responder_get_domain(dctx, cctx->rctx, domname); if (!dctx->domain) { ret = ENOENT; goto done; @@ -3257,7 +3257,7 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx) cmdctx->name, domname?domname:"")); if (domname) { - dctx->domain = responder_get_domain(cctx->rctx->domains, domname); + dctx->domain = responder_get_domain(dctx, cctx->rctx, domname); if (!dctx->domain) { ret = ENOENT; goto done; diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c index c9fae826..87b10571 100644 --- a/src/responder/nss/nsssrv_netgroup.c +++ b/src/responder/nss/nsssrv_netgroup.c @@ -206,7 +206,7 @@ static struct tevent_req *setnetgrent_send(TALLOC_CTX *mem_ctx, state->netgr_shortname, domname?domname:"")); if (domname) { - dctx->domain = responder_get_domain(client->rctx->domains, domname); + dctx->domain = responder_get_domain(dctx, client->rctx, domname); if (!dctx->domain) { ret = EINVAL; goto error; diff --git a/src/responder/nss/nsssrv_services.c b/src/responder/nss/nsssrv_services.c index b5eae4fc..2e539f13 100644 --- a/src/responder/nss/nsssrv_services.c +++ b/src/responder/nss/nsssrv_services.c @@ -839,7 +839,7 @@ int nss_cmd_getservbyname(struct cli_ctx *cctx) domname ? domname : "")); if (domname) { - dctx->domain = responder_get_domain(cctx->rctx->domains, domname); + dctx->domain = responder_get_domain(dctx, cctx->rctx, domname); if (!dctx->domain) { ret = ENOENT; goto done; diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c index fdb23294..ecbf7d9a 100644 --- a/src/responder/pam/pamsrv.c +++ b/src/responder/pam/pamsrv.c @@ -172,7 +172,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, } ret = sss_ncache_prepopulate(pctx->ncache, cdb, pctx->rctx->names, - pctx->rctx->domains); + pctx->rctx); if (ret != EOK) { goto done; } diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 1fdcc5b5..7d6d213d 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -942,7 +942,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) /* now check user is valid */ if (pd->domain) { - preq->domain = responder_get_domain(cctx->rctx->domains, pd->domain); + preq->domain = responder_get_domain(preq, cctx->rctx, pd->domain); if (!preq->domain) { ret = ENOENT; goto done; diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c index 14913707..91b888ef 100644 --- a/src/responder/ssh/sshsrv_cmd.c +++ b/src/responder/ssh/sshsrv_cmd.c @@ -67,7 +67,7 @@ sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx) cmd_ctx->name, cmd_ctx->domname ? cmd_ctx->domname : "")); if (cmd_ctx->domname) { - cmd_ctx->domain = responder_get_domain(cctx->rctx->domains, + cmd_ctx->domain = responder_get_domain(cmd_ctx, cctx->rctx, cmd_ctx->domname); if (!cmd_ctx->domain) { ret = ENOENT; @@ -111,7 +111,7 @@ sss_ssh_cmd_get_host_pubkeys(struct cli_ctx *cctx) cmd_ctx->domname ? cmd_ctx->domname : "")); if (cmd_ctx->domname) { - cmd_ctx->domain = responder_get_domain(cctx->rctx->domains, + cmd_ctx->domain = responder_get_domain(cmd_ctx, cctx->rctx, cmd_ctx->domname); if (!cmd_ctx->domain) { ret = ENOENT; diff --git a/src/responder/sudo/sudosrv_cmd.c b/src/responder/sudo/sudosrv_cmd.c index e3dd3842..0f31df15 100644 --- a/src/responder/sudo/sudosrv_cmd.c +++ b/src/responder/sudo/sudosrv_cmd.c @@ -226,7 +226,7 @@ static int sudosrv_cmd_get_sudorules(struct cli_ctx *cli_ctx) cmd_ctx->username, domname ? domname : "")); if (domname) { - dctx->domain = responder_get_domain(cli_ctx->rctx->domains, domname); + dctx->domain = responder_get_domain(dctx, cli_ctx->rctx, domname); if (!dctx->domain) { ret = ENOENT; goto done; -- cgit