summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/db/sysdb.h2
-rw-r--r--src/db/sysdb_autofs.c4
-rw-r--r--src/db/sysdb_ops.c9
-rw-r--r--src/db/sysdb_ssh.c3
-rw-r--r--src/db/sysdb_sudo.c2
-rw-r--r--src/providers/ipa/ipa_access.c4
-rw-r--r--src/providers/ipa/ipa_access.h1
-rw-r--r--src/providers/ipa/ipa_hbac_common.c3
-rw-r--r--src/providers/ipa/ipa_hbac_hosts.c11
-rw-r--r--src/providers/ipa/ipa_hbac_private.h3
-rw-r--r--src/providers/ipa/ipa_hbac_services.c5
-rw-r--r--src/providers/ipa/ipa_selinux.c3
-rw-r--r--src/responder/sudo/sudosrv_get_sudorules.c10
-rw-r--r--src/tests/sysdb-tests.c4
-rw-r--r--src/tools/sss_cache.c7
15 files changed, 49 insertions, 22 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 4d4d3bde..a82363b1 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -723,6 +723,7 @@ int sysdb_store_custom(struct sysdb_ctx *sysdb,
int sysdb_search_custom(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *filter,
const char *subtree_name,
const char **attrs,
@@ -731,6 +732,7 @@ int sysdb_search_custom(TALLOC_CTX *mem_ctx,
int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *object_name,
const char *subtree_name,
const char **attrs,
diff --git a/src/db/sysdb_autofs.c b/src/db/sysdb_autofs.c
index d07f1c63..e226662f 100644
--- a/src/db/sysdb_autofs.c
+++ b/src/db/sysdb_autofs.c
@@ -200,7 +200,7 @@ sysdb_get_map_byname(TALLOC_CTX *mem_ctx,
goto done;
}
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, sysdb->domain, filter,
AUTOFS_MAP_SUBDIR, attrs,
&count, &msgs);
if (ret != EOK && ret != ENOENT) {
@@ -447,7 +447,7 @@ sysdb_invalidate_autofs_maps(struct sysdb_ctx *sysdb)
goto done;
}
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, sysdb->domain, filter,
AUTOFS_MAP_SUBDIR, attrs,
&count, &msgs);
if (ret != EOK && ret != ENOENT) {
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 386f94b3..4cd94bd5 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2009,6 +2009,7 @@ fail:
int sysdb_search_custom(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *filter,
const char *subtree_name,
const char **attrs,
@@ -2022,8 +2023,7 @@ int sysdb_search_custom(TALLOC_CTX *mem_ctx,
return EINVAL;
}
- basedn = sysdb_custom_subtree_dn(sysdb, mem_ctx,
- sysdb->domain, subtree_name);
+ basedn = sysdb_custom_subtree_dn(sysdb, mem_ctx, domain, subtree_name);
if (basedn == NULL) {
DEBUG(1, ("sysdb_custom_subtree_dn failed.\n"));
return ENOMEM;
@@ -2041,6 +2041,7 @@ int sysdb_search_custom(TALLOC_CTX *mem_ctx,
int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *object_name,
const char *subtree_name,
const char **attrs,
@@ -2063,7 +2064,7 @@ int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx,
}
basedn = sysdb_custom_dn(sysdb, tmp_ctx,
- sysdb->domain, object_name, subtree_name);
+ domain, object_name, subtree_name);
if (basedn == NULL) {
DEBUG(1, ("sysdb_custom_dn failed.\n"));
ret = ENOMEM;
@@ -2129,7 +2130,7 @@ int sysdb_store_custom(struct sysdb_ctx *sysdb,
goto done;
}
- ret = sysdb_search_custom_by_name(tmp_ctx, sysdb,
+ ret = sysdb_search_custom_by_name(tmp_ctx, sysdb, domain,
object_name, subtree_name,
search_attrs, &resp_count, &resp);
if (ret != EOK && ret != ENOENT) {
diff --git a/src/db/sysdb_ssh.c b/src/db/sysdb_ssh.c
index c3e42143..d6563417 100644
--- a/src/db/sysdb_ssh.c
+++ b/src/db/sysdb_ssh.c
@@ -246,7 +246,8 @@ sysdb_search_ssh_hosts(TALLOC_CTX *mem_ctx,
return ENOMEM;
}
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter, SSH_HOSTS_SUBDIR, attrs,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, sysdb->domain, filter,
+ SSH_HOSTS_SUBDIR, attrs,
&num_results, &results);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index beb8e5e1..7704c02b 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -656,7 +656,7 @@ errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb,
NULL_CHECK(tmp_ctx, ret, done);
/* match entries based on the filter and remove them one by one */
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
SUDORULE_SUBDIR, attrs,
&count, &msgs);
if (ret == ENOENT) {
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 47bd91e7..b8be19eb 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -600,6 +600,7 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx)
/* Get HBAC rules from the sysdb */
ret = hbac_get_cached_rules(hbac_ctx, hbac_ctx_sysdb(hbac_ctx),
+ hbac_ctx->be_req->domain,
&hbac_ctx->rule_count, &hbac_ctx->rules);
if (ret != EOK) {
DEBUG(1, ("Could not retrieve rules from the cache\n"));
@@ -645,6 +646,7 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx)
errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
size_t *_rule_count,
struct sysdb_attrs ***_rules)
{
@@ -680,7 +682,7 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx,
goto done;
}
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
HBAC_RULES_SUBDIR, attrs,
&rule_count, &msgs);
if (ret != EOK && ret != ENOENT) {
diff --git a/src/providers/ipa/ipa_access.h b/src/providers/ipa/ipa_access.h
index 3c389dec..0a13d7be 100644
--- a/src/providers/ipa/ipa_access.h
+++ b/src/providers/ipa/ipa_access.h
@@ -119,6 +119,7 @@ void ipa_access_handler(struct be_req *be_req);
errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
size_t *_rule_count,
struct sysdb_attrs ***_rules);
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c
index 7fdb2ce6..a4a411ca 100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -326,6 +326,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Get the services */
ret = hbac_service_attrs_to_rule(new_rule,
hbac_ctx_sysdb(hbac_ctx),
+ hbac_ctx->be_req->domain,
new_rule->name,
hbac_ctx->rules[idx],
&new_rule->services);
@@ -338,6 +339,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Get the target hosts */
ret = hbac_thost_attrs_to_rule(new_rule,
hbac_ctx_sysdb(hbac_ctx),
+ hbac_ctx->be_req->domain,
new_rule->name,
hbac_ctx->rules[idx],
&new_rule->targethosts);
@@ -351,6 +353,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = hbac_shost_attrs_to_rule(new_rule,
hbac_ctx_sysdb(hbac_ctx),
+ hbac_ctx->be_req->domain,
new_rule->name,
hbac_ctx->rules[idx],
dp_opt_get_bool(hbac_ctx->ipa_options,
diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c
index 23f7816b..474a3975 100644
--- a/src/providers/ipa/ipa_hbac_hosts.c
+++ b/src/providers/ipa/ipa_hbac_hosts.c
@@ -30,6 +30,7 @@
*/
static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
const char *category_attr,
@@ -114,7 +115,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
}
/* First check if this is a specific host */
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
HBAC_HOSTS_SUBDIR, attrs,
&count, &msgs);
if (ret != EOK && ret != ENOENT) goto done;
@@ -150,7 +151,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
num_hosts++;
} else { /* ret == ENOENT */
/* Check if this is a hostgroup */
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
HBAC_HOSTGROUPS_SUBDIR, attrs,
&count, &msgs);
if (ret != EOK && ret != ENOENT) goto done;
@@ -225,13 +226,14 @@ done:
errno_t
hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
struct hbac_rule_element **thosts)
{
DEBUG(7, ("Processing target hosts for rule [%s]\n", rule_name));
- return hbac_host_attrs_to_rule(mem_ctx, sysdb,
+ return hbac_host_attrs_to_rule(mem_ctx, sysdb, domain,
rule_name, rule_attrs,
IPA_HOST_CATEGORY, IPA_MEMBER_HOST,
NULL, thosts);
@@ -240,6 +242,7 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx,
errno_t
hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
bool support_srchost,
@@ -270,7 +273,7 @@ hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx,
goto done;
}
- ret = hbac_host_attrs_to_rule(tmp_ctx, sysdb,
+ ret = hbac_host_attrs_to_rule(tmp_ctx, sysdb, domain,
rule_name, rule_attrs,
IPA_SOURCE_HOST_CATEGORY, IPA_SOURCE_HOST,
&host_count, &shosts);
diff --git a/src/providers/ipa/ipa_hbac_private.h b/src/providers/ipa/ipa_hbac_private.h
index f313ca13..4f299160 100644
--- a/src/providers/ipa/ipa_hbac_private.h
+++ b/src/providers/ipa/ipa_hbac_private.h
@@ -94,6 +94,7 @@ hbac_get_category(struct sysdb_attrs *attrs,
errno_t
hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
struct hbac_rule_element **thosts);
@@ -101,6 +102,7 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx,
errno_t
hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
bool support_srchost,
@@ -131,6 +133,7 @@ ipa_hbac_service_info_recv(struct tevent_req *req,
errno_t
hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
struct hbac_rule_element **services);
diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c
index c086f976..8f656985 100644
--- a/src/providers/ipa/ipa_hbac_services.c
+++ b/src/providers/ipa/ipa_hbac_services.c
@@ -384,6 +384,7 @@ ipa_hbac_service_info_recv(struct tevent_req *req,
errno_t
hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
struct hbac_rule_element **services)
@@ -468,7 +469,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
}
/* First check if this is a specific service */
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
HBAC_SERVICES_SUBDIR, attrs,
&count, &msgs);
if (ret != EOK && ret != ENOENT) goto done;
@@ -503,7 +504,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
num_services++;
} else { /* ret == ENOENT */
/* Check if this is a service group */
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
HBAC_SERVICEGROUPS_SUBDIR, attrs,
&count, &msgs);
if (ret != EOK && ret != ENOENT) goto done;
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index 744dc46c..c8093bad 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -643,6 +643,7 @@ ipa_get_selinux_maps_offline(struct tevent_req *req)
/* read all the HBAC rules */
ret = hbac_get_cached_rules(state, state->be_req->be_ctx->sysdb,
+ state->be_req->be_ctx->domain,
&state->hbac_rule_count, &state->hbac_rules);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("hbac_get_cached_rules failed [%d]: %s\n",
@@ -789,7 +790,7 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq)
access_name = state->be_req->be_ctx->bet_info[BET_ACCESS].mod_name;
selinux_name = state->be_req->be_ctx->bet_info[BET_SELINUX].mod_name;
if (strcasecmp(access_name, selinux_name) == 0) {
- ret = hbac_get_cached_rules(state, state->be_req->be_ctx->sysdb,
+ ret = hbac_get_cached_rules(state, bctx->sysdb, bctx->domain,
&state->hbac_rule_count, &state->hbac_rules);
/* Terminates the request */
goto done;
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index ac8cb3ce..4860d878 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -329,6 +329,7 @@ sudosrv_dp_req_done(struct tevent_req *req);
static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
enum sss_dp_sudo_type type,
const char **attrs,
unsigned int flags,
@@ -410,7 +411,8 @@ errno_t sudosrv_get_rules(struct sudo_cmd_ctx *cmd_ctx)
| SYSDB_SUDO_FILTER_INCLUDE_DFL
| SYSDB_SUDO_FILTER_ONLY_EXPIRED
| SYSDB_SUDO_FILTER_USERINFO;
- ret = sudosrv_get_sudorules_query_cache(tmp_ctx, rules_sysdb, cmd_ctx->type,
+ ret = sudosrv_get_sudorules_query_cache(tmp_ctx, rules_sysdb,
+ cmd_ctx->domain, cmd_ctx->type,
attrs, flags, cmd_ctx->orig_username,
cmd_ctx->uid, groupnames,
&expired_rules, &expired_rules_num);
@@ -632,7 +634,8 @@ static errno_t sudosrv_get_sudorules_from_cache(TALLOC_CTX *mem_ctx,
break;
}
- ret = sudosrv_get_sudorules_query_cache(tmp_ctx, rules_sysdb, cmd_ctx->type,
+ ret = sudosrv_get_sudorules_query_cache(tmp_ctx, rules_sysdb,
+ cmd_ctx->domain, cmd_ctx->type,
attrs, flags, cmd_ctx->orig_username,
cmd_ctx->uid, groupnames,
&rules, &num_rules);
@@ -664,6 +667,7 @@ sort_sudo_rules(struct sysdb_attrs **rules, size_t count);
static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
enum sss_dp_sudo_type type,
const char **attrs,
unsigned int flags,
@@ -694,7 +698,7 @@ static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx,
DEBUG(SSSDBG_FUNC_DATA, ("Searching sysdb with [%s]\n", filter));
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
SUDORULE_SUBDIR, attrs,
&count, &msgs);
if (ret != EOK && ret != ENOENT) {
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index f08cf7ce..e4a0dd94 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -1329,6 +1329,7 @@ START_TEST (test_sysdb_search_custom_by_name)
fail_unless(object_name != NULL, "talloc_asprintf failed");
ret = sysdb_search_custom_by_name(data, data->ctx->sysdb,
+ data->ctx->domain,
object_name,
CUSTOM_TEST_CONTAINER,
data->attrlist,
@@ -1431,6 +1432,7 @@ START_TEST (test_sysdb_search_custom_update)
fail_unless(object_name != NULL, "talloc_asprintf failed");
ret = sysdb_search_custom_by_name(data, data->ctx->sysdb,
+ data->ctx->domain,
object_name,
CUSTOM_TEST_CONTAINER,
data->attrlist,
@@ -1496,7 +1498,7 @@ START_TEST (test_sysdb_search_custom)
data->attrlist[2] = NULL;
ret = sysdb_search_custom(data, data->ctx->sysdb,
- filter,
+ data->ctx->domain, filter,
CUSTOM_TEST_CONTAINER,
data->attrlist,
&data->msgs_count,
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index 180ed02d..9c08b9a2 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -47,6 +47,7 @@ enum sss_cache_entry {
};
static errno_t search_autofsmaps(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *sub_filter, const char **attrs,
size_t *msgs_count, struct ldb_message ***msgs);
@@ -307,7 +308,8 @@ static bool invalidate_entries(TALLOC_CTX *ctx,
break;
case TYPE_AUTOFSMAP:
type_string = "autofs map";
- ret = search_autofsmaps(ctx, sysdb, filter, attrs, &msg_count, &msgs);
+ ret = search_autofsmaps(ctx, sysdb, dinfo,
+ filter, attrs, &msg_count, &msgs);
break;
}
@@ -622,11 +624,12 @@ fini:
static errno_t
search_autofsmaps(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *sub_filter, const char **attrs,
size_t *msgs_count, struct ldb_message ***msgs)
{
#ifdef BUILD_AUTOFS
- return sysdb_search_custom(mem_ctx, sysdb, sub_filter,
+ return sysdb_search_custom(mem_ctx, sysdb, domain, sub_filter,
AUTOFS_MAP_SUBDIR, attrs,
msgs_count, msgs);
#else