summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/db/sysdb.h1
-rw-r--r--src/db/sysdb_ops.c16
-rw-r--r--src/providers/krb5/krb5_auth.c13
-rw-r--r--src/providers/ldap/sdap_access.c1
-rw-r--r--src/providers/ldap/sdap_async_groups.c10
-rw-r--r--src/responder/pam/pam_LOCAL_domain.c11
-rw-r--r--src/responder/pam/pamsrv_cmd.c11
-rw-r--r--src/tests/sysdb-tests.c7
-rw-r--r--src/tools/sss_cache.c14
-rw-r--r--src/tools/sss_sync_ops.c3
10 files changed, 51 insertions, 36 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 739842df..2b514ddc 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -575,6 +575,7 @@ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
/* Replace user attrs */
int sysdb_set_user_attr(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op);
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 013d073b..fba10277 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -549,6 +549,7 @@ done:
/* =Replace-Attributes-On-User============================================ */
int sysdb_set_user_attr(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op)
@@ -562,7 +563,7 @@ int sysdb_set_user_attr(struct sysdb_ctx *sysdb,
return ENOMEM;
}
- dn = sysdb_user_dn(sysdb, tmp_ctx, sysdb->domain, name);
+ dn = sysdb_user_dn(sysdb, tmp_ctx, domain, name);
if (!dn) {
ret = ENOMEM;
goto done;
@@ -1162,7 +1163,8 @@ int sysdb_add_user(struct sysdb_ctx *sysdb,
if (ret) goto done;
}
- ret = sysdb_set_user_attr(sysdb, name, id_attrs, SYSDB_MOD_REP);
+ ret = sysdb_set_user_attr(sysdb, domain, name,
+ id_attrs, SYSDB_MOD_REP);
goto done;
}
@@ -1186,7 +1188,7 @@ int sysdb_add_user(struct sysdb_ctx *sysdb,
(now + cache_timeout) : 0));
if (ret) goto done;
- ret = sysdb_set_user_attr(sysdb, name, attrs, SYSDB_MOD_REP);
+ ret = sysdb_set_user_attr(sysdb, domain, name, attrs, SYSDB_MOD_REP);
if (ret) goto done;
/* remove all ghost users */
@@ -1729,7 +1731,7 @@ int sysdb_store_user(struct sysdb_ctx *sysdb,
(now + cache_timeout) : 0));
if (ret) goto fail;
- ret = sysdb_set_user_attr(sysdb, name, attrs, SYSDB_MOD_REP);
+ ret = sysdb_set_user_attr(sysdb, sysdb->domain, name, attrs, SYSDB_MOD_REP);
if (ret != EOK) goto fail;
if (remove_attrs) {
@@ -1971,7 +1973,8 @@ int sysdb_cache_password(struct sysdb_ctx *sysdb,
if (ret) goto fail;
- ret = sysdb_set_user_attr(sysdb, username, attrs, SYSDB_MOD_REP);
+ ret = sysdb_set_user_attr(sysdb, sysdb->domain,
+ username, attrs, SYSDB_MOD_REP);
if (ret) {
goto fail;
}
@@ -2936,7 +2939,8 @@ int sysdb_cache_auth(struct sysdb_ctx *sysdb,
}
}
- ret = sysdb_set_user_attr(sysdb, name, update_attrs, LDB_FLAG_MOD_REPLACE);
+ ret = sysdb_set_user_attr(sysdb, sysdb->domain,
+ name, update_attrs, LDB_FLAG_MOD_REPLACE);
if (ret) {
DEBUG(1, ("Failed to update Login attempt information!\n"));
}
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index f03cfcf4..00f5c339 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -118,6 +118,7 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr,
static int krb5_mod_ccname(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name,
const char *ccname,
int mod_op)
@@ -166,7 +167,7 @@ static int krb5_mod_ccname(TALLOC_CTX *mem_ctx,
}
in_transaction = true;
- ret = sysdb_set_user_attr(sysdb, name, attrs, mod_op);
+ ret = sysdb_set_user_attr(sysdb, domain, name, attrs, mod_op);
if (ret != EOK) {
DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
goto done;
@@ -192,19 +193,21 @@ done:
static int krb5_save_ccname(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name,
const char *ccname)
{
- return krb5_mod_ccname(mem_ctx, sysdb, name, ccname,
+ return krb5_mod_ccname(mem_ctx, sysdb, domain, name, ccname,
SYSDB_MOD_REP);
}
static int krb5_delete_ccname(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name,
const char *ccname)
{
- return krb5_mod_ccname(mem_ctx, sysdb, name, ccname,
+ return krb5_mod_ccname(mem_ctx, sysdb, domain, name, ccname,
SYSDB_MOD_DEL);
}
@@ -945,7 +948,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
"please remove it manually.\n", kr->old_ccname));
}
- ret = krb5_delete_ccname(state, state->sysdb,
+ ret = krb5_delete_ccname(state, state->sysdb, state->domain,
pd->user, kr->old_ccname);
if (ret != EOK) {
DEBUG(1, ("krb5_delete_ccname failed.\n"));
@@ -1048,7 +1051,7 @@ static void krb5_auth_done(struct tevent_req *subreq)
"please remove it manually.\n", kr->old_ccname));
}
- ret = krb5_save_ccname(state, state->sysdb,
+ ret = krb5_save_ccname(state, state->sysdb, state->domain,
pd->user, store_ccname);
if (ret) {
DEBUG(1, ("krb5_save_ccname failed.\n"));
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index a0d4443f..a703f8b0 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -1061,6 +1061,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
}
ret = sysdb_set_user_attr(state->be_req->sysdb,
+ state->be_req->domain,
state->username,
attrs, SYSDB_MOD_REP);
if (ret != EOK) {
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index c4957fb1..cdb60819 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -1810,6 +1810,7 @@ static void sdap_get_groups_done(struct tevent_req *subreq)
static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
struct sdap_options *opts,
struct sysdb_attrs **users,
int num_users,
@@ -1866,7 +1867,7 @@ static void sdap_ad_match_rule_members_process(struct tevent_req *subreq)
/* Figure out which users are already cached in the sysdb and
* which ones need to be added as ghost users.
*/
- ret = sdap_nested_group_populate_users(tmp_ctx, state->sysdb,
+ ret = sdap_nested_group_populate_users(tmp_ctx, state->sysdb, state->dom,
state->opts, users, count,
&ghosts);
if (ret != EOK) {
@@ -2022,7 +2023,8 @@ static void sdap_nested_done(struct tevent_req *subreq)
}
in_transaction = true;
- ret = sdap_nested_group_populate_users(state, state->sysdb, state->opts,
+ ret = sdap_nested_group_populate_users(state, state->sysdb,
+ state->dom, state->opts,
users, user_count, &ghosts);
if (ret != EOK) {
goto fail;
@@ -2058,6 +2060,7 @@ fail:
static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
struct sdap_options *opts,
struct sysdb_attrs **users,
int num_users,
@@ -2171,7 +2174,8 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,
ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, username);
if (ret) goto done;
- ret = sysdb_set_user_attr(sysdb, sysdb_name, attrs, SYSDB_MOD_REP);
+ ret = sysdb_set_user_attr(sysdb, domain, sysdb_name,
+ attrs, SYSDB_MOD_REP);
if (ret != EOK) goto done;
} else {
key.type = HASH_KEY_STRING;
diff --git a/src/responder/pam/pam_LOCAL_domain.c b/src/responder/pam/pam_LOCAL_domain.c
index a903fea9..72ea61e8 100644
--- a/src/responder/pam/pam_LOCAL_domain.c
+++ b/src/responder/pam/pam_LOCAL_domain.c
@@ -49,6 +49,7 @@
struct LOCAL_request {
struct tevent_context *ev;
struct sysdb_ctx *dbctx;
+ struct sss_domain_info *domain;
struct sysdb_attrs *mod_attrs;
struct ldb_result *res;
@@ -86,7 +87,8 @@ static void do_successful_login(struct LOCAL_request *lreq)
NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"),
lreq->error, ret, done);
- ret = sysdb_set_user_attr(lreq->dbctx, lreq->preq->pd->user,
+ ret = sysdb_set_user_attr(lreq->dbctx, lreq->domain,
+ lreq->preq->pd->user,
lreq->mod_attrs, SYSDB_MOD_REP);
NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"),
lreq->error, ret, done);
@@ -126,7 +128,8 @@ static void do_failed_login(struct LOCAL_request *lreq)
NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"),
lreq->error, ret, done);
- ret = sysdb_set_user_attr(lreq->dbctx, lreq->preq->pd->user,
+ ret = sysdb_set_user_attr(lreq->dbctx, lreq->domain,
+ lreq->preq->pd->user,
lreq->mod_attrs, SYSDB_MOD_REP);
NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"),
lreq->error, ret, done);
@@ -194,7 +197,8 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq)
NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"),
lreq->error, ret, done);
- ret = sysdb_set_user_attr(lreq->dbctx, lreq->preq->pd->user,
+ ret = sysdb_set_user_attr(lreq->dbctx, lreq->domain,
+ lreq->preq->pd->user,
lreq->mod_attrs, SYSDB_MOD_REP);
NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"),
lreq->error, ret, done);
@@ -238,6 +242,7 @@ int LOCAL_pam_handler(struct pam_auth_req *preq)
talloc_free(lreq);
return ENOENT;
}
+ lreq->domain = preq->domain;
lreq->ev = preq->cctx->ev;
lreq->preq = preq;
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index fa8eabf6..6fe216db 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -335,7 +335,6 @@ static int pam_parse_in_data(struct sss_domain_info *domains,
static errno_t set_last_login(struct pam_auth_req *preq)
{
- struct sysdb_ctx *dbctx;
struct sysdb_attrs *attrs;
errno_t ret;
@@ -355,14 +354,8 @@ static errno_t set_last_login(struct pam_auth_req *preq)
goto fail;
}
- dbctx = preq->domain->sysdb;
- if (dbctx == NULL) {
- DEBUG(0, ("Fatal: Sysdb context not found for this domain!\n"));
- ret = EINVAL;
- goto fail;
- }
-
- ret = sysdb_set_user_attr(dbctx, preq->pd->user, attrs, SYSDB_MOD_REP);
+ ret = sysdb_set_user_attr(preq->domain->sysdb, preq->domain,
+ preq->pd->user, attrs, SYSDB_MOD_REP);
if (ret != EOK) {
DEBUG(2, ("set_last_login failed.\n"));
preq->pd->pam_status = PAM_SYSTEM_ERR;
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index db30f2fa..baf1afe5 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -305,7 +305,8 @@ static int test_set_user_attr(struct test_data *data)
{
int ret;
- ret = sysdb_set_user_attr(data->ctx->sysdb, data->username,
+ ret = sysdb_set_user_attr(data->ctx->sysdb,
+ data->ctx->domain, data->username,
data->attrs, SYSDB_MOD_REP);
return ret;
}
@@ -1642,8 +1643,8 @@ static void cached_authentication_with_expiration(const char *username,
data->attrs = sysdb_new_attrs(data);
ret = sysdb_attrs_add_time_t(data->attrs, SYSDB_LAST_ONLINE_AUTH, now);
- ret = sysdb_set_user_attr(data->ctx->sysdb, data->username,
- data->attrs, SYSDB_MOD_REP);
+ ret = sysdb_set_user_attr(data->ctx->sysdb, data->ctx->domain,
+ data->username, data->attrs, SYSDB_MOD_REP);
fail_unless(ret == EOK, "Could not modify user %s", data->username);
ret = sysdb_cache_auth(test_ctx->sysdb, data->username, password,
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index 3de12237..b8f0f266 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -76,8 +76,9 @@ struct cache_tool_ctx {
errno_t init_domains(struct cache_tool_ctx *ctx, const char *domain);
errno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx);
-errno_t invalidate_entry(TALLOC_CTX *ctx, struct sysdb_ctx *sysdb,
- const char *name, int entry_type);
+static errno_t invalidate_entry(TALLOC_CTX *ctx, struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *name, int entry_type);
static bool invalidate_entries(TALLOC_CTX *ctx,
struct sss_domain_info *dinfo,
struct sysdb_ctx *sysdb,
@@ -333,7 +334,7 @@ static bool invalidate_entries(TALLOC_CTX *ctx,
ERROR("Couldn't invalidate %1$s", type_string);
iret = false;
} else {
- ret = invalidate_entry(ctx, sysdb, c_name, entry_type);
+ ret = invalidate_entry(ctx, sysdb, dinfo, c_name, entry_type);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Couldn't invalidate %s %s", type_string, c_name));
@@ -346,8 +347,9 @@ static bool invalidate_entries(TALLOC_CTX *ctx,
return iret;
}
-errno_t invalidate_entry(TALLOC_CTX *ctx, struct sysdb_ctx *sysdb,
- const char *name, int entry_type)
+static errno_t invalidate_entry(TALLOC_CTX *ctx, struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *name, int entry_type)
{
struct sysdb_attrs *sys_attrs = NULL;
errno_t ret;
@@ -359,7 +361,7 @@ errno_t invalidate_entry(TALLOC_CTX *ctx, struct sysdb_ctx *sysdb,
if (ret == EOK) {
switch (entry_type) {
case TYPE_USER:
- ret = sysdb_set_user_attr(sysdb, name, sys_attrs,
+ ret = sysdb_set_user_attr(sysdb, domain, name, sys_attrs,
SYSDB_MOD_REP);
break;
case TYPE_GROUP:
diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c
index f5d496b5..d6f447e7 100644
--- a/src/tools/sss_sync_ops.c
+++ b/src/tools/sss_sync_ops.c
@@ -218,7 +218,8 @@ int usermod(TALLOC_CTX *mem_ctx,
}
if (attrs->num != 0) {
- ret = sysdb_set_user_attr(sysdb, data->name, attrs, SYSDB_MOD_REP);
+ ret = sysdb_set_user_attr(sysdb, data->domain, data->name,
+ attrs, SYSDB_MOD_REP);
if (ret) {
return ret;
}