summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-04-19 17:44:26 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-04-21 10:22:36 +0200
commitd29d5d9e0e9ee0396a46f4375092644f29024f25 (patch)
treec63f36fcf55ad7bde8b8c5f11dab9612d6b7676c
parent18f01e63c1968c29bddb9e48c279b583c0444730 (diff)
downloadsssd-d29d5d9e0e9ee0396a46f4375092644f29024f25.tar.gz
sssd-d29d5d9e0e9ee0396a46f4375092644f29024f25.tar.bz2
sssd-d29d5d9e0e9ee0396a46f4375092644f29024f25.zip
Fix and rename get_my_domain_data()
The task of get_my_domain_data() is to read some information about the configured domain from the cache. While the sysdb interface was redesigned some changes changed the behaviour so that the data of the domain of the current request was read. If this domain is a sub-domain the wrong data was read. As a result group-memberships of the configured domain were not taken into account. The original code didn't made it easy to see that always the parent domain should be used here, because there was no comment indication this and the function name get_my_domain_data() didn't made it clear either. Additionally to fixing the issue this patch also adds a comment and rename the function to get_parent_domain_data(). Fixes https://fedorahosted.org/sssd/ticket/1888
-rw-r--r--src/responder/pac/pacsrv.h8
-rw-r--r--src/responder/pac/pacsrv_cmd.c6
-rw-r--r--src/responder/pac/pacsrv_utils.c12
3 files changed, 14 insertions, 12 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h
index 64154dab..71c24f97 100644
--- a/src/responder/pac/pacsrv.h
+++ b/src/responder/pac/pacsrv.h
@@ -93,10 +93,10 @@ errno_t domsid_rid_to_uid(struct pac_ctx *pac_ctx,
struct dom_sid2 *domsid, uint32_t rid,
uid_t *uid);
-errno_t get_my_domain_data(struct pac_ctx *pac_ctx,
- struct sss_domain_info *dom,
- struct dom_sid **_sid,
- struct local_mapping_ranges **_range_map);
+errno_t get_parent_domain_data(struct pac_ctx *pac_ctx,
+ struct sss_domain_info *dom,
+ struct dom_sid **_sid,
+ struct local_mapping_ranges **_range_map);
errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
struct pac_ctx *pac_ctx,
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index a8b272e7..ac49a0e7 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -225,10 +225,10 @@ static errno_t pac_add_user_next(struct pac_req_ctx *pr_ctx)
goto done;
}
- ret = get_my_domain_data(pr_ctx->pac_ctx, pr_ctx->dom,
- &my_dom_sid, &my_range_map);
+ ret = get_parent_domain_data(pr_ctx->pac_ctx, pr_ctx->dom,
+ &my_dom_sid, &my_range_map);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("get_my_domain_sid failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, ("get_parent_domain_data failed.\n"));
goto done;
}
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index c868b107..7d14dadf 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -233,10 +233,10 @@ done:
* Return information about the local domain from the main PAC responder
* context or try to read it from cache and store it in the context.
*/
-errno_t get_my_domain_data(struct pac_ctx *pac_ctx,
- struct sss_domain_info *dom,
- struct dom_sid **_sid,
- struct local_mapping_ranges **_range_map)
+errno_t get_parent_domain_data(struct pac_ctx *pac_ctx,
+ struct sss_domain_info *dom,
+ struct dom_sid **_sid,
+ struct local_mapping_ranges **_range_map)
{
struct sysdb_ctx *sysdb;
int ret;
@@ -270,7 +270,9 @@ errno_t get_my_domain_data(struct pac_ctx *pac_ctx,
goto done;
}
- basedn = sysdb_domain_dn(sysdb, tmp_ctx, dom);
+ /* The data of the parent domain should be read here. */
+ basedn = sysdb_domain_dn(sysdb, tmp_ctx,
+ IS_SUBDOMAIN(dom) ? dom->parent : dom);
if (basedn == NULL) {
ret = ENOMEM;
goto done;