diff options
author | Sumit Bose <sbose@redhat.com> | 2013-04-19 17:44:26 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-04-21 10:22:36 +0200 |
commit | d29d5d9e0e9ee0396a46f4375092644f29024f25 (patch) | |
tree | c63f36fcf55ad7bde8b8c5f11dab9612d6b7676c | |
parent | 18f01e63c1968c29bddb9e48c279b583c0444730 (diff) | |
download | sssd-d29d5d9e0e9ee0396a46f4375092644f29024f25.tar.gz sssd-d29d5d9e0e9ee0396a46f4375092644f29024f25.tar.bz2 sssd-d29d5d9e0e9ee0396a46f4375092644f29024f25.zip |
Fix and rename get_my_domain_data()
The task of get_my_domain_data() is to read some information about the
configured domain from the cache. While the sysdb interface was
redesigned some changes changed the behaviour so that the data of the
domain of the current request was read. If this domain is a sub-domain
the wrong data was read. As a result group-memberships of the configured
domain were not taken into account.
The original code didn't made it easy to see that always the parent
domain should be used here, because there was no comment indication this
and the function name get_my_domain_data() didn't made it clear either.
Additionally to fixing the issue this patch also adds a comment and
rename the function to get_parent_domain_data().
Fixes https://fedorahosted.org/sssd/ticket/1888
-rw-r--r-- | src/responder/pac/pacsrv.h | 8 | ||||
-rw-r--r-- | src/responder/pac/pacsrv_cmd.c | 6 | ||||
-rw-r--r-- | src/responder/pac/pacsrv_utils.c | 12 |
3 files changed, 14 insertions, 12 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h index 64154dab..71c24f97 100644 --- a/src/responder/pac/pacsrv.h +++ b/src/responder/pac/pacsrv.h @@ -93,10 +93,10 @@ errno_t domsid_rid_to_uid(struct pac_ctx *pac_ctx, struct dom_sid2 *domsid, uint32_t rid, uid_t *uid); -errno_t get_my_domain_data(struct pac_ctx *pac_ctx, - struct sss_domain_info *dom, - struct dom_sid **_sid, - struct local_mapping_ranges **_range_map); +errno_t get_parent_domain_data(struct pac_ctx *pac_ctx, + struct sss_domain_info *dom, + struct dom_sid **_sid, + struct local_mapping_ranges **_range_map); errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, struct pac_ctx *pac_ctx, diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index a8b272e7..ac49a0e7 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -225,10 +225,10 @@ static errno_t pac_add_user_next(struct pac_req_ctx *pr_ctx) goto done; } - ret = get_my_domain_data(pr_ctx->pac_ctx, pr_ctx->dom, - &my_dom_sid, &my_range_map); + ret = get_parent_domain_data(pr_ctx->pac_ctx, pr_ctx->dom, + &my_dom_sid, &my_range_map); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("get_my_domain_sid failed.\n")); + DEBUG(SSSDBG_OP_FAILURE, ("get_parent_domain_data failed.\n")); goto done; } diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c index c868b107..7d14dadf 100644 --- a/src/responder/pac/pacsrv_utils.c +++ b/src/responder/pac/pacsrv_utils.c @@ -233,10 +233,10 @@ done: * Return information about the local domain from the main PAC responder * context or try to read it from cache and store it in the context. */ -errno_t get_my_domain_data(struct pac_ctx *pac_ctx, - struct sss_domain_info *dom, - struct dom_sid **_sid, - struct local_mapping_ranges **_range_map) +errno_t get_parent_domain_data(struct pac_ctx *pac_ctx, + struct sss_domain_info *dom, + struct dom_sid **_sid, + struct local_mapping_ranges **_range_map) { struct sysdb_ctx *sysdb; int ret; @@ -270,7 +270,9 @@ errno_t get_my_domain_data(struct pac_ctx *pac_ctx, goto done; } - basedn = sysdb_domain_dn(sysdb, tmp_ctx, dom); + /* The data of the parent domain should be read here. */ + basedn = sysdb_domain_dn(sysdb, tmp_ctx, + IS_SUBDOMAIN(dom) ? dom->parent : dom); if (basedn == NULL) { ret = ENOMEM; goto done; |