summaryrefslogtreecommitdiff
path: root/server/confdb
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-04-11 00:18:23 -0400
committerSimo Sorce <ssorce@redhat.com>2009-04-13 09:07:04 -0400
commitf16705ecade500f77b525d1a3df0109196c98ee0 (patch)
tree972b1dba612fa52dd5f9f98b098aa5ad31d2b6f6 /server/confdb
parenta89fce4904ecb1169026238a6952d4d6a1995c7f (diff)
downloadsssd-f16705ecade500f77b525d1a3df0109196c98ee0.tar.gz
sssd-f16705ecade500f77b525d1a3df0109196c98ee0.tar.bz2
sssd-f16705ecade500f77b525d1a3df0109196c98ee0.zip
Always pass full domain info
Change sysdb to always passwd sss_domain_info, not just the domain name. This way domain specific options can always be honored at the db level.
Diffstat (limited to 'server/confdb')
-rw-r--r--server/confdb/confdb.c180
-rw-r--r--server/confdb/confdb.h8
2 files changed, 115 insertions, 73 deletions
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index 4256418a..d3a2a087 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -838,6 +838,111 @@ int confdb_init(TALLOC_CTX *mem_ctx,
return EOK;
}
+int confdb_get_domain(struct confdb_ctx *cdb,
+ TALLOC_CTX *mem_ctx,
+ const char *name,
+ struct sss_domain_info **_domain)
+{
+ struct sss_domain_info *domain;
+ struct ldb_result *res;
+ TALLOC_CTX *tmp_ctx;
+ struct ldb_dn *dn;
+ const char *tmp;
+ int ret;
+
+ tmp_ctx = talloc_new(mem_ctx);
+ if (!tmp_ctx) return ENOMEM;
+
+ dn = ldb_dn_new_fmt(tmp_ctx, cdb->ldb,
+ "cn=%s,%s", name, CONFDB_DOMAIN_BASEDN);
+ if (!dn) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn,
+ LDB_SCOPE_BASE, NULL, NULL);
+ if (ret != LDB_SUCCESS) {
+ ret = EIO;
+ goto done;
+ }
+
+ if (res->count != 1) {
+ DEBUG(0, ("Unknown domain [%s]\n", name));
+ ret = ENOENT;
+ goto done;
+ }
+
+ domain = talloc_zero(mem_ctx, struct sss_domain_info);
+
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0], "cn", NULL);
+ if (!tmp) {
+ DEBUG(0, ("Invalid configuration entry, fatal error!\n"));
+ ret = EINVAL;
+ goto done;
+ }
+ domain->name = talloc_strdup(domain, tmp);
+ if (!domain->name) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0], "provider", NULL);
+ if (tmp) {
+ domain->provider = talloc_strdup(domain, tmp);
+ if (!domain->provider) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+
+ domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0],
+ "timeout", 0);
+
+ /* Determine if this domain can be enumerated */
+ domain->enumerate = ldb_msg_find_attr_as_int(res->msgs[0],
+ "enumerate", 0);
+ if (domain->enumerate == 0) {
+ DEBUG(1, ("No enumeration for [%s]!\n", domain->name));
+ }
+
+ /* Determine if this is a legacy domain */
+ if (ldb_msg_find_attr_as_bool(res->msgs[0], "legacy", 0)) {
+ domain->legacy = true;
+ }
+
+ /* Determine if this is domain uses MPG */
+ if (ldb_msg_find_attr_as_bool(res->msgs[0], CONFDB_MPG, 0)) {
+ domain->mpg = true;
+ }
+
+ /* Determine if user/group names will be Fully Qualified
+ * in NSS interfaces */
+ if (ldb_msg_find_attr_as_bool(res->msgs[0], CONFDB_FQ, 0)) {
+ domain->fqnames = true;
+ }
+
+ domain->id_min = ldb_msg_find_attr_as_uint(res->msgs[0],
+ "minId", SSSD_MIN_ID);
+ domain->id_max = ldb_msg_find_attr_as_uint(res->msgs[0],
+ "maxId", 0);
+
+ /* Do we allow to cache credentials */
+ if (ldb_msg_find_attr_as_bool(res->msgs[0], "cache-credentials", 0)) {
+ domain->cache_credentials = true;
+ }
+
+ if (ldb_msg_find_attr_as_bool(res->msgs[0], "store-legacy-passwords", 0)) {
+ domain->legacy_passwords = true;
+ }
+
+ *_domain = domain;
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
int confdb_get_domains(struct confdb_ctx *cdb,
TALLOC_CTX *mem_ctx,
struct sss_domain_info **domains)
@@ -895,79 +1000,8 @@ int confdb_get_domains(struct confdb_ctx *cdb,
p++;
}
- dn = ldb_dn_new_fmt(tmp_ctx, cdb->ldb,
- "cn=%s,%s", cur, CONFDB_DOMAIN_BASEDN);
- if (!dn) {
- ret = ENOMEM;
- goto done;
- }
-
- ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn,
- LDB_SCOPE_BASE, NULL, NULL);
- if (ret != LDB_SUCCESS) {
- ret = EIO;
- goto done;
- }
-
- if (res->count != 1) {
- DEBUG(0, ("Unknown domain [%s]\n", cur));
- ret = EINVAL;
- goto done;
- }
-
- domain = talloc_zero(mem_ctx, struct sss_domain_info);
-
- tmp = ldb_msg_find_attr_as_string(res->msgs[0], "cn", NULL);
- if (!tmp) {
- DEBUG(0, ("Invalid configuration entry, fatal error!\n"));
- ret = EINVAL;
- goto done;
- }
- domain->name = talloc_strdup(domain, tmp);
- if (!domain->name) {
- ret = ENOMEM;
- goto done;
- }
-
- tmp = ldb_msg_find_attr_as_string(res->msgs[0], "provider", NULL);
- if (tmp) {
- domain->provider = talloc_strdup(domain, tmp);
- if (!domain->provider) {
- ret = ENOMEM;
- goto done;
- }
- }
-
- domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0],
- "timeout", 0);
-
- /* Determine if this domain can be enumerated */
- domain->enumerate = ldb_msg_find_attr_as_int(res->msgs[0],
- "enumerate", 0);
- if (domain->enumerate == 0) {
- DEBUG(1, ("No enumeration for [%s]!\n", domain->name));
- }
-
- /* Determine if this is a legacy domain */
- if (ldb_msg_find_attr_as_bool(res->msgs[0], "legacy", 0)) {
- domain->legacy = true;
- }
-
- /* Determine if this is domain uses MPG */
- if (ldb_msg_find_attr_as_bool(res->msgs[0], CONFDB_MPG, 0)) {
- domain->mpg = true;
- }
-
- /* Determine if user/group names will be Fully Qualified
- * in NSS interfaces */
- if (ldb_msg_find_attr_as_bool(res->msgs[0], CONFDB_FQ, 0)) {
- domain->fqnames = true;
- }
-
- domain->id_min = ldb_msg_find_attr_as_uint(res->msgs[0],
- "minId", SSSD_MIN_ID);
- domain->id_max = ldb_msg_find_attr_as_uint(res->msgs[0],
- "maxId", 0);
+ ret = confdb_get_domain(cdb, mem_ctx, cur, &domain);
+ if (ret) goto done;
if (first == NULL) {
first = domain;
diff --git a/server/confdb/confdb.h b/server/confdb/confdb.h
index ae66807a..fda584c8 100644
--- a/server/confdb/confdb.h
+++ b/server/confdb/confdb.h
@@ -47,6 +47,9 @@ struct sss_domain_info {
uint32_t id_min;
uint32_t id_max;
+ bool cache_credentials;
+ bool legacy_passwords;
+
struct sss_domain_info *next;
};
@@ -80,6 +83,11 @@ int confdb_init(TALLOC_CTX *mem_ctx,
struct confdb_ctx **cdb_ctx,
char *confdb_location);
+int confdb_get_domain(struct confdb_ctx *cdb,
+ TALLOC_CTX *mem_ctx,
+ const char *name,
+ struct sss_domain_info **domain);
+
int confdb_get_domains(struct confdb_ctx *cdb,
TALLOC_CTX *mem_ctx,
struct sss_domain_info **domains);