diff options
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/sdap_async.h | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 32 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 14 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_private.h | 1 |
5 files changed, 36 insertions, 15 deletions
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index c5dc1703..69590b9e 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -268,6 +268,7 @@ sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, @@ -282,6 +283,7 @@ sdap_get_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index fe540e8c..c4957fb1 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1262,7 +1262,7 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state, /* We need to skip over zero-length usernames */ if (member_name[0] == '\0') continue; - ret = sysdb_search_user_by_name(state, state->sysdb, + ret = sysdb_search_user_by_name(state, state->sysdb, state->dom, member_name, NULL, &msg); if (ret == EOK) { /* diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 66be76e6..ad794b8d 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -300,6 +300,7 @@ done: struct sdap_initgr_rfc2307_state { struct tevent_context *ev; struct sysdb_ctx *sysdb; + struct sss_domain_info *domain; struct sdap_options *opts; struct sdap_handle *sh; const char **attrs; @@ -324,6 +325,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sdap_handle *sh, const char *name) { @@ -339,6 +341,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, state->ev = ev; state->opts = opts; state->sysdb = sysdb; + state->domain = domain; state->sh = sh; state->op = NULL; state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); @@ -502,8 +505,8 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq) } /* Search for all groups for which this user is a member */ - ret = get_sysdb_grouplist(state, state->sysdb, state->name, - &sysdb_grouplist); + ret = get_sysdb_grouplist(state, state->sysdb, state->domain, + state->name, &sysdb_grouplist); if (ret != EOK) { tevent_req_error(req, ret); return; @@ -2712,7 +2715,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) switch (state->opts->schema_type) { case SDAP_SCHEMA_RFC2307: subreq = sdap_initgr_rfc2307_send(state, state->ev, state->opts, - state->sysdb, state->sh, + state->sysdb, state->dom, state->sh, cname); if (!subreq) { tevent_req_error(req, ENOMEM); @@ -2736,18 +2739,26 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) /* Take advantage of AD's tokenGroups mechanism to look up all * parent groups in a single request. */ - subreq = sdap_get_ad_tokengroups_initgroups_send( - state, state->ev, state->opts, state->sysdb, - state->sh, cname, orig_dn, state->timeout); + subreq = sdap_get_ad_tokengroups_initgroups_send(state, state->ev, + state->opts, + state->sysdb, + state->dom, + state->sh, + cname, orig_dn, + state->timeout); } else if (state->opts->support_matching_rule && dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_INITGROUPS)) { /* Take advantage of AD's extensibleMatch filter to look up * all parent groups in a single request. */ - subreq = sdap_get_ad_match_rule_initgroups_send( - state, state->ev, state->opts, state->sysdb, - state->sh, cname, orig_dn, state->timeout); + subreq = sdap_get_ad_match_rule_initgroups_send(state, state->ev, + state->opts, + state->sysdb, + state->dom, + state->sh, + cname, orig_dn, + state->timeout); } else { subreq = sdap_initgr_rfc2307bis_send( state, state->ev, state->opts, state->sysdb, @@ -2965,6 +2976,7 @@ int sdap_get_initgr_recv(struct tevent_req *req) errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name, char ***grouplist) { @@ -2982,7 +2994,7 @@ errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; - ret = sysdb_search_user_by_name(tmp_ctx, sysdb, name, + ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, name, attrs, &msg); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 8c0e7062..9b1acd6a 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -31,6 +31,7 @@ struct sdap_ad_match_rule_initgr_state { struct tevent_context *ev; struct sdap_options *opts; struct sysdb_ctx *sysdb; + struct sss_domain_info *domain; struct sdap_handle *sh; const char *name; const char *orig_dn; @@ -57,6 +58,7 @@ sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, @@ -75,6 +77,7 @@ sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx, state->ev = ev; state->opts = opts; state->sysdb = sysdb; + state->domain = domain; state->sh = sh; state->name = name; state->orig_dn = orig_dn; @@ -252,8 +255,8 @@ sdap_get_ad_match_rule_initgroups_step(struct tevent_req *subreq) /* Get the current sysdb group list for this user * so we can update it. */ - ret = get_sysdb_grouplist(state, state->sysdb, state->name, - &sysdb_grouplist); + ret = get_sysdb_grouplist(state, state->sysdb, state->domain, + state->name, &sysdb_grouplist); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not get the list of groups for [%s] in the sysdb: " @@ -297,6 +300,7 @@ struct sdap_ad_tokengroups_initgr_state { struct tevent_context *ev; struct sdap_options *opts; struct sysdb_ctx *sysdb; + struct sss_domain_info *domain; struct sdap_handle *sh; const char *username; }; @@ -309,6 +313,7 @@ sdap_get_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, @@ -326,6 +331,7 @@ sdap_get_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, state->ev = ev; state->opts = opts; state->sysdb = sysdb; + state->domain = domain; state->sh = sh; state->username = name; @@ -515,8 +521,8 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) /* Get the current sysdb group list for this user * so we can update it. */ - ret = get_sysdb_grouplist(state, state->sysdb, state->username, - &sysdb_grouplist); + ret = get_sysdb_grouplist(state, state->sysdb, state->domain, + state->username, &sysdb_grouplist); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not get the list of groups for [%s] in the sysdb: " diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h index c0faab50..871cce4e 100644 --- a/src/providers/ldap/sdap_async_private.h +++ b/src/providers/ldap/sdap_async_private.h @@ -116,6 +116,7 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name, char ***grouplist); #endif /* _SDAP_ASYNC_PRIVATE_H_ */ |