summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/confdb/confdb.c2
-rw-r--r--src/monitor/monitor.c10
-rw-r--r--src/responder/autofs/autofssrv_cmd.c8
-rw-r--r--src/responder/common/negcache.c8
-rw-r--r--src/responder/common/responder_common.c4
-rw-r--r--src/responder/common/responder_get_domains.c8
-rw-r--r--src/responder/nss/nsssrv_cmd.c94
-rw-r--r--src/responder/nss/nsssrv_netgroup.c10
-rw-r--r--src/responder/nss/nsssrv_services.c26
-rw-r--r--src/responder/pac/pacsrv_utils.c2
-rw-r--r--src/responder/pam/pamsrv_cmd.c8
-rw-r--r--src/responder/ssh/sshsrv_cmd.c10
-rw-r--r--src/responder/sudo/sudosrv_get_sudorules.c6
-rw-r--r--src/tools/sss_cache.c2
-rw-r--r--src/tools/sss_debuglevel.c9
-rw-r--r--src/util/domain_info_utils.c18
-rw-r--r--src/util/usertools.c4
-rw-r--r--src/util/util.h2
18 files changed, 119 insertions, 112 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 8ae8d016..14e9f057 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1190,7 +1190,7 @@ int confdb_get_domain(struct confdb_ctx *cdb,
return ret;
}
- for (dom = doms; dom; dom = dom->next) {
+ for (dom = doms; dom; dom = get_next_domain(dom, false)) {
if (strcasecmp(dom->name, name) == 0) {
*_domain = dom;
return EOK;
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 2b699ca7..2c8cdb60 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -772,7 +772,7 @@ static int check_domain_ranges(struct sss_domain_info *domains)
uint32_t id_min, id_max;
while (dom) {
- other = dom->next;
+ other = get_next_domain(dom, false);
if (dom->id_max && dom->id_min > dom->id_max) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Domain '%s' does not have a valid ID range\n", dom->name));
@@ -788,9 +788,9 @@ static int check_domain_ranges(struct sss_domain_info *domains)
("Domains '%s' and '%s' overlap in range %u - %u\n",
dom->name, other->name, id_min, id_max));
}
- other = other->next;
+ other = get_next_domain(other, false);
}
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
return EOK;
@@ -811,7 +811,7 @@ static int check_local_domain_unique(struct sss_domain_info *domains)
break;
}
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
if (count > 1) {
@@ -2235,7 +2235,7 @@ int monitor_process_init(struct mt_ctx *ctx,
/* start providers */
num_providers = 0;
- for (dom = ctx->domains; dom; dom = dom->next) {
+ for (dom = ctx->domains; dom; dom = get_next_domain(dom, false)) {
ret = add_new_provider(ctx, dom->name, 0);
if (ret != EOK && ret != ENOENT) {
return ret;
diff --git a/src/responder/autofs/autofssrv_cmd.c b/src/responder/autofs/autofssrv_cmd.c
index e1f3aeda..550c981a 100644
--- a/src/responder/autofs/autofssrv_cmd.c
+++ b/src/responder/autofs/autofssrv_cmd.c
@@ -627,7 +627,7 @@ lookup_automntmap_step(struct setautomntent_lookup_ctx *lookup_ctx)
/* if it is a domainless search, skip domains that require fully
* qualified names instead */
while (dom && dctx->cmd_ctx->check_next && dom->fqnames) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
/* No domains left to search */
@@ -666,7 +666,7 @@ lookup_automntmap_step(struct setautomntent_lookup_ctx *lookup_ctx)
if (!dctx->check_provider) {
if (dctx->cmd_ctx->check_next) {
DEBUG(SSSDBG_TRACE_INTERNAL, ("Moving on to next domain\n"));
- dom = dom->next;
+ dom = get_next_domain(dom, false);
continue;
}
else break;
@@ -873,8 +873,8 @@ static void lookup_automntmap_cache_updated(uint16_t err_maj, uint32_t err_min,
"Will try to return what we have in cache\n",
(unsigned int)err_maj, (unsigned int)err_min, err_msg));
/* Loop to the next domain if possible */
- if (dctx->domain->next && dctx->cmd_ctx->check_next) {
- dctx->domain = dctx->domain->next;
+ if (dctx->cmd_ctx->check_next && get_next_domain(dctx->domain, false)) {
+ dctx->domain = get_next_domain(dctx->domain, false);
dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider);
}
}
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 5be1ea68..57d1fc8b 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -579,7 +579,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
int i;
/* Populate domain-specific negative cache entries */
- for (dom = domain_list; dom; dom = dom->next) {
+ for (dom = domain_list; dom; dom = get_next_domain(dom, false)) {
conf_path = talloc_asprintf(tmpctx, CONFDB_DOMAIN_PATH_TMPL,
dom->name);
if (!conf_path) {
@@ -667,7 +667,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
continue;
}
} else {
- for (dom = domain_list; dom; dom = dom->next) {
+ for (dom = domain_list; dom; dom = get_next_domain(dom, false)) {
ret = sss_ncache_set_user(ncache, true, dom, name);
if (ret != EOK) {
DEBUG(1, ("Failed to store permanent user filter for"
@@ -681,7 +681,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
}
filter_set = false;
- for (dom = domain_list; dom; dom = dom->next) {
+ for (dom = domain_list; dom; dom = get_next_domain(dom, false)) {
conf_path = talloc_asprintf(tmpctx, CONFDB_DOMAIN_PATH_TMPL, dom->name);
if (!conf_path) {
ret = ENOMEM;
@@ -765,7 +765,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
continue;
}
} else {
- for (dom = domain_list; dom; dom = dom->next) {
+ for (dom = domain_list; dom; dom = get_next_domain(dom, false)) {
ret = sss_ncache_set_group(ncache, true, dom, name);
if (ret != EOK) {
DEBUG(1, ("Failed to store permanent group filter for"
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 9defdba4..3a634e03 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -817,7 +817,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
return ret;
}
- for (dom = rctx->domains; dom; dom = dom->next) {
+ for (dom = rctx->domains; dom; dom = get_next_domain(dom, false)) {
ret = sss_names_init(rctx->cdb, rctx->cdb, dom->name, &dom->names);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
@@ -894,7 +894,7 @@ responder_get_domain(TALLOC_CTX *sd_mem_ctx, struct resp_ctx *rctx,
struct sss_domain_info *ret_dom = NULL;
int i;
- for (dom = rctx->domains; dom; dom = dom->next) {
+ for (dom = rctx->domains; dom; dom = get_next_domain(dom, false)) {
if (strcasecmp(dom->name, domain) == 0 ||
(dom->flat_name != NULL &&
strcasecmp(dom->flat_name, domain) == 0)) {
diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c
index 7049d60a..77e2b146 100644
--- a/src/responder/common/responder_get_domains.c
+++ b/src/responder/common/responder_get_domains.c
@@ -192,7 +192,7 @@ struct tevent_req *sss_dp_get_domains_send(TALLOC_CTX *mem_ctx,
state->dom = rctx->domains;
while(state->dom != NULL && !NEED_CHECK_PROVIDER(state->dom->provider)) {
- state->dom = state->dom->next;
+ state->dom = get_next_domain(state->dom, false);
}
if (state->dom == NULL) {
@@ -249,11 +249,11 @@ sss_dp_get_domains_process(struct tevent_req *subreq)
}
/* Advance to the next domain */
- state->dom = state->dom->next;
+ state->dom = get_next_domain(state->dom, false);
/* Skip local domains */
while(state->dom != NULL && !NEED_CHECK_PROVIDER(state->dom->provider)) {
- state->dom = state->dom->next;
+ state->dom = get_next_domain(state->dom, false);
}
if (state->dom == NULL) {
@@ -391,7 +391,7 @@ static errno_t check_last_request(struct resp_ctx *rctx, const char *hint)
break;
}
}
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
}
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 5ac1bacc..76b79ceb 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -120,7 +120,7 @@ void nss_update_pw_memcache(struct nss_ctx *nctx)
now = time(NULL);
- for (dom = nctx->rctx->domains; dom != NULL; dom = dom->next) {
+ for (dom = nctx->rctx->domains; dom; dom = get_next_domain(dom, false)) {
ret = sysdb_enumpwent(nctx, dom->sysdb, dom, &res);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
@@ -714,7 +714,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
/* if it is a domainless search, skip domains that require fully
* qualified names instead */
while (dom && cmdctx->check_next && dom->fqnames) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
if (!dom) break;
@@ -743,7 +743,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
name, dom->name));
/* if a multidomain search, try with next */
if (cmdctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
continue;
}
/* There are no further domains or this was a
@@ -780,7 +780,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
/* if a multidomain search, try with next */
if (cmdctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
if (dom) continue;
}
@@ -843,8 +843,8 @@ static void nss_cmd_getpwnam_dp_callback(uint16_t err_maj, uint32_t err_min,
}
/* no previous results, just loop to next domain if possible */
- if (dctx->domain->next && cmdctx->check_next) {
- dctx->domain = dctx->domain->next;
+ if (cmdctx->check_next && get_next_domain(dctx->domain, false)) {
+ dctx->domain = get_next_domain(dctx->domain, false);
dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider);
} else {
/* nothing available */
@@ -1031,28 +1031,6 @@ static void nss_cmd_getpwuid_dp_callback(uint16_t err_maj, uint32_t err_min,
* anything else on a fatal error
*/
-struct sss_domain_info *get_next_dom_or_subdom(struct sss_domain_info *dom)
-{
- /* Note that we don't know if the dom is a domain or a subdomain,
- * therefore:
- *
- * If it is a subdomain and it doesn't have any siblings (subdomains
- * of the same primary domain), return next primary domain
- */
- if (dom->next == NULL && dom->parent != NULL) {
- return dom->parent->next;
- }
-
- /* If it's primary domain, the next returned should be its first
- * subdomain */
- if (dom->subdomains != NULL) {
- return dom->subdomains[0];
- }
-
- /* Any other scenario */
- return dom->next;
-}
-
static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
{
struct nss_cmd_ctx *cmdctx = dctx->cmdctx;
@@ -1073,7 +1051,7 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
"(id out of range)\n",
(unsigned long)cmdctx->id, dom->name));
if (cmdctx->check_next) {
- dom = get_next_dom_or_subdom(dom);
+ dom = get_next_domain(dom, true);
continue;
}
return ENOENT;
@@ -1110,7 +1088,7 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
if (dctx->res->count == 0 && !dctx->check_provider) {
/* if a multidomain search, try with next */
if (cmdctx->check_next) {
- dom = get_next_dom_or_subdom(dom);
+ dom = get_next_domain(dom, true);
continue;
}
@@ -1170,8 +1148,8 @@ static void nss_cmd_getpwuid_dp_callback(uint16_t err_maj, uint32_t err_min,
}
/* no previous results, just loop to next domain if possible */
- if (dctx->domain->next && cmdctx->check_next) {
- dctx->domain = dctx->domain->next;
+ if (cmdctx->check_next && get_next_domain(dctx->domain, false)) {
+ dctx->domain = get_next_domain(dctx->domain, false);
dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider);
} else {
/* nothing available */
@@ -1367,7 +1345,7 @@ struct tevent_req *nss_cmd_setpwent_send(TALLOC_CTX *mem_ctx,
}
/* check if enumeration is enabled in any domain */
- for (dom = client->rctx->domains; dom; dom = dom->next) {
+ for (dom = client->rctx->domains; dom; dom = get_next_domain(dom, false)) {
if (dom->enumerate != 0) break;
}
state->dctx->domain = dom;
@@ -1480,7 +1458,7 @@ static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx)
while (dom) {
while (dom && dom->enumerate == 0) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
if (!dom) break;
@@ -1538,13 +1516,13 @@ static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx)
if (ret != EOK) {
DEBUG(1, ("Enum from cache failed, skipping domain [%s]\n",
dom->name));
- dom = dom->next;
+ dom = get_next_domain(dom, false);
continue;
}
if (res->count == 0) {
DEBUG(4, ("Domain [%s] has no users, skipping.\n", dom->name));
- dom = dom->next;
+ dom = get_next_domain(dom, false);
continue;
}
@@ -1562,7 +1540,7 @@ static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx)
nctx->pctx->num++;
/* do not reply until all domain searches are done */
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
/* We've finished all our lookups
@@ -1859,7 +1837,7 @@ void nss_update_gr_memcache(struct nss_ctx *nctx)
now = time(NULL);
- for (dom = nctx->rctx->domains; dom != NULL; dom = dom->next) {
+ for (dom = nctx->rctx->domains; dom; dom = get_next_domain(dom, false)) {
ret = sysdb_enumgrent(nctx, dom->sysdb, dom, &res);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
@@ -2311,7 +2289,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
/* if it is a domainless search, skip domains that require fully
* qualified names instead */
while (dom && cmdctx->check_next && dom->fqnames) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
if (!dom) break;
@@ -2340,7 +2318,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
name, dom->name));
/* if a multidomain search, try with next */
if (cmdctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
continue;
}
/* There are no further domains or this was a
@@ -2377,7 +2355,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
/* if a multidomain search, try with next */
if (cmdctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
if (dom) continue;
}
@@ -2441,8 +2419,8 @@ static void nss_cmd_getgrnam_dp_callback(uint16_t err_maj, uint32_t err_min,
}
/* no previous results, just loop to next domain if possible */
- if (dctx->domain->next && cmdctx->check_next) {
- dctx->domain = dctx->domain->next;
+ if (cmdctx->check_next && get_next_domain(dctx->domain, false)) {
+ dctx->domain = get_next_domain(dctx->domain, false);
dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider);
} else {
/* nothing available */
@@ -2648,7 +2626,7 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx)
"(id out of range)\n",
(unsigned long)cmdctx->id, dom->name));
if (cmdctx->check_next) {
- dom = get_next_dom_or_subdom(dom);
+ dom = get_next_domain(dom, true);
continue;
}
return ENOENT;
@@ -2685,7 +2663,7 @@ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx)
if (dctx->res->count == 0 && !dctx->check_provider) {
/* if a multidomain search, try with next */
if (cmdctx->check_next) {
- dom = get_next_dom_or_subdom(dom);
+ dom = get_next_domain(dom, true);
continue;
}
@@ -2745,8 +2723,8 @@ static void nss_cmd_getgrgid_dp_callback(uint16_t err_maj, uint32_t err_min,
}
/* no previous results, just loop to next domain if possible */
- if (dctx->domain->next && cmdctx->check_next) {
- dctx->domain = dctx->domain->next;
+ if (cmdctx->check_next && get_next_domain(dctx->domain, false)) {
+ dctx->domain = get_next_domain(dctx->domain, false);
dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider);
} else {
/* nothing available */
@@ -2935,7 +2913,7 @@ struct tevent_req *nss_cmd_setgrent_send(TALLOC_CTX *mem_ctx,
}
/* check if enumeration is enabled in any domain */
- for (dom = client->rctx->domains; dom; dom = dom->next) {
+ for (dom = client->rctx->domains; dom; dom = get_next_domain(dom, false)) {
if (dom->enumerate != 0) break;
}
state->dctx->domain = dom;
@@ -3048,7 +3026,7 @@ static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx)
while (dom) {
while (dom && dom->enumerate == 0) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
if (!dom) break;
@@ -3106,13 +3084,13 @@ static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx)
if (ret != EOK) {
DEBUG(1, ("Enum from cache failed, skipping domain [%s]\n",
dom->name));
- dom = dom->next;
+ dom = get_next_domain(dom, false);
continue;
}
if (res->count == 0) {
DEBUG(4, ("Domain [%s] has no groups, skipping.\n", dom->name));
- dom = dom->next;
+ dom = get_next_domain(dom, false);
continue;
}
@@ -3130,7 +3108,7 @@ static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx)
nctx->gctx->num++;
/* do not reply until all domain searches are done */
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
/* We've finished all our lookups
@@ -3418,7 +3396,7 @@ void nss_update_initgr_memcache(struct nss_ctx *nctx,
int ret;
int i, j;
- for (dom = nctx->rctx->domains; dom != NULL; dom = dom->next) {
+ for (dom = nctx->rctx->domains; dom; dom = get_next_domain(dom, false)) {
if (strcasecmp(dom->name, domain) == 0) {
break;
}
@@ -3596,7 +3574,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
/* if it is a domainless search, skip domains that require fully
* qualified names instead */
while (dom && cmdctx->check_next && dom->fqnames) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
if (!dom) break;
@@ -3625,7 +3603,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
name, dom->name));
/* if a multidomain search, try with next */
if (cmdctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
continue;
}
/* There are no further domains or this was a
@@ -3658,7 +3636,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
/* if a multidomain search, try with next */
if (cmdctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
if (dom) continue;
}
@@ -3711,8 +3689,8 @@ static void nss_cmd_initgroups_dp_callback(uint16_t err_maj, uint32_t err_min,
}
/* no previous results, just loop to next domain if possible */
- if (dctx->domain->next && cmdctx->check_next) {
- dctx->domain = dctx->domain->next;
+ if (cmdctx->check_next && get_next_domain(dctx->domain, false)) {
+ dctx->domain = get_next_domain(dctx->domain, false);
dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider);
} else {
/* nothing available */
diff --git a/src/responder/nss/nsssrv_netgroup.c b/src/responder/nss/nsssrv_netgroup.c
index e6debffa..30459bea 100644
--- a/src/responder/nss/nsssrv_netgroup.c
+++ b/src/responder/nss/nsssrv_netgroup.c
@@ -424,7 +424,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
/* if it is a domainless search, skip domains that require fully
* qualified names instead */
while (dom && step_ctx->check_next && dom->fqnames) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
/* No domains left to search */
@@ -463,7 +463,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
/* This netgroup was not found in this domain */
if (!step_ctx->dctx->check_provider) {
if (step_ctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
continue;
}
else break;
@@ -494,7 +494,7 @@ static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx)
if (!step_ctx->dctx->check_provider) {
if (step_ctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
continue;
}
else break;
@@ -588,8 +588,8 @@ static void lookup_netgr_dp_callback(uint16_t err_maj, uint32_t err_min,
"Will try to return what we have in cache\n",
(unsigned int)err_maj, (unsigned int)err_min, err_msg));
/* Loop to the next domain if possible */
- if (dctx->domain->next && cmdctx->check_next) {
- dctx->domain = dctx->domain->next;
+ if (cmdctx->check_next && get_next_domain(dctx->domain, false)) {
+ dctx->domain = get_next_domain(dctx->domain, false);
dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider);
}
}
diff --git a/src/responder/nss/nsssrv_services.c b/src/responder/nss/nsssrv_services.c
index dd12fa41..7b76cad8 100644
--- a/src/responder/nss/nsssrv_services.c
+++ b/src/responder/nss/nsssrv_services.c
@@ -99,7 +99,9 @@ getserv_send(TALLOC_CTX *mem_ctx,
if (!req) return NULL;
state->dctx = dctx;
- for (dom = cctx->rctx->domains; dom; dom = dom->next) num_domains++;
+ for (dom = cctx->rctx->domains; dom; dom = get_next_domain(dom, false)) {
+ num_domains++;
+ }
/* Create an array of domains to check. To save resizes, we'll
* assume that all will be checked
@@ -160,7 +162,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
/* if it is a domainless search, skip domains that require fully
* qualified names instead */
while (dom && cmdctx->check_next && dom->fqnames) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
if (!dom) break;
@@ -191,7 +193,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
/* If this is a multi-domain search, try the next one */
if (cmdctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
} else {
/* This was a single-domain search.
* exit the loop. Since it was negatively-
@@ -232,7 +234,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
/* If this is a multi-domain search, try the next one */
if (cmdctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
} else {
/* This was a single-domain search.
* exit the loop. Since it was negatively-
@@ -298,7 +300,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
/* If this is a multi-domain search, try the next one */
if (cmdctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
} else {
/* This was a single-domain search.
* exit the loop.
@@ -380,7 +382,7 @@ getserv_send(TALLOC_CTX *mem_ctx,
/* If this is a multi-domain search, try the next one */
if (cmdctx->check_next) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
} else {
/* This was a single-domain search.
* exit the loop.
@@ -1257,10 +1259,10 @@ setservent_send(TALLOC_CTX *mem_ctx, struct cli_ctx *cctx)
* to reallocate later
*/
num_domains = 0;
- dom = state->cctx->rctx->domains;
- while (dom) {
+ for (dom = state->cctx->rctx->domains;
+ dom;
+ dom = get_next_domain(dom, false)) {
num_domains++;
- dom = dom->next;
}
state->nctx->svcctx->doms = talloc_zero_array(state->nctx->svcctx,
@@ -1306,7 +1308,7 @@ setservent_send(TALLOC_CTX *mem_ctx, struct cli_ctx *cctx)
("Error [%s] requesting info from domain [%s]. Skipping.\n",
strerror(ret), step_ctx->dctx->domain->name));
- step_ctx->dctx->domain = step_ctx->dctx->domain->next;
+ step_ctx->dctx->domain = get_next_domain(step_ctx->dctx->domain, false);
}
/* All domains failed */
@@ -1501,7 +1503,7 @@ setservent_step_done(struct tevent_req *req)
svcctx->num++;
}
- step_ctx->dctx->domain = step_ctx->dctx->domain->next;
+ step_ctx->dctx->domain = get_next_domain(step_ctx->dctx->domain, false);
while (step_ctx->dctx->domain) {
/* There are more domains to check */
@@ -1515,7 +1517,7 @@ setservent_step_done(struct tevent_req *req)
("Error [%s] requesting info from domain [%s]. Skipping.\n",
strerror(ret), step_ctx->dctx->domain->name));
- step_ctx->dctx->domain = step_ctx->dctx->domain->next;
+ step_ctx->dctx->domain = get_next_domain(step_ctx->dctx->domain, false);
}
/* All domains have been checked */
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index f5649724..cab58264 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -83,7 +83,7 @@ struct sss_domain_info *find_domain_by_id(struct sss_domain_info *domains,
return NULL;
}
- for (dom = domains; dom; dom = dom->next) {
+ for (dom = domains; dom; dom = get_next_domain(dom, false)) {
if (dom->domain_id == NULL) {
continue;
}
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index dd3637b0..d7850efa 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1088,7 +1088,9 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
goto done;
}
} else {
- for (dom = preq->cctx->rctx->domains; dom; dom = dom->next) {
+ for (dom = preq->cctx->rctx->domains;
+ dom;
+ dom = get_next_domain(dom, false)) {
if (dom->fqnames) continue;
ncret = sss_ncache_check_user(pctx->ncache, pctx->neg_timeout,
@@ -1186,7 +1188,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
/* if it is a domainless search, skip domains that require fully
* qualified names instead */
while (dom && !preq->pd->domain && dom->fqnames) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
if (!dom) break;
@@ -1248,7 +1250,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
if (preq->res->count == 0) {
/* if a multidomain search, try with next */
if (!preq->pd->domain) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
continue;
}
diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c
index f83c136b..e0ce3c9b 100644
--- a/src/responder/ssh/sshsrv_cmd.c
+++ b/src/responder/ssh/sshsrv_cmd.c
@@ -173,7 +173,7 @@ ssh_user_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx)
/* if it is a domainless search, skip domains that require fully
* qualified names instead */
while (cmd_ctx->domain && cmd_ctx->check_next && cmd_ctx->domain->fqnames) {
- cmd_ctx->domain = cmd_ctx->domain->next;
+ cmd_ctx->domain = get_next_domain(cmd_ctx->domain, false);
}
if (!cmd_ctx->domain) {
@@ -250,7 +250,7 @@ ssh_user_pubkeys_search_next(struct ssh_cmd_ctx *cmd_ctx)
if (!res->count) {
/* if a multidomain search, try with next */
if (cmd_ctx->check_next) {
- cmd_ctx->domain = cmd_ctx->domain->next;
+ cmd_ctx->domain = get_next_domain(cmd_ctx->domain, false);
return ssh_user_pubkeys_search(cmd_ctx);
}
@@ -303,7 +303,7 @@ ssh_host_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx)
/* if it is a domainless search, skip domains that require fully
* qualified names instead */
while (cmd_ctx->domain && cmd_ctx->check_next && cmd_ctx->domain->fqnames) {
- cmd_ctx->domain = cmd_ctx->domain->next;
+ cmd_ctx->domain = get_next_domain(cmd_ctx->domain, false);
}
if (!cmd_ctx->domain) {
@@ -375,7 +375,7 @@ ssh_host_pubkeys_search_next(struct ssh_cmd_ctx *cmd_ctx)
if (ret == ENOENT) {
/* if a multidomain search, try with next */
if (cmd_ctx->check_next) {
- cmd_ctx->domain = cmd_ctx->domain->next;
+ cmd_ctx->domain = get_next_domain(cmd_ctx->domain, false);
return ssh_host_pubkeys_search(cmd_ctx);
}
@@ -598,7 +598,7 @@ ssh_host_pubkeys_update_known_hosts(struct ssh_cmd_ctx *cmd_ctx)
goto done;
}
- for (; dom; dom = dom->next) {
+ for (; dom; dom = get_next_domain(dom, false)) {
sysdb = dom->sysdb;
if (sysdb == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE,
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index 8d7480be..90481ed9 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -108,7 +108,7 @@ static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx)
/* if it is a domainless search, skip domains that require fully
* qualified names instead */
while (dom && cmd_ctx->check_next && dom->fqnames) {
- dom = dom->next;
+ dom = get_next_domain(dom, false);
}
if (!dom) break;
@@ -155,7 +155,7 @@ static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx)
/* if a multidomain search, try with next */
if (cmd_ctx->check_next) {
dctx->check_provider = true;
- dom = dom->next;
+ dom = get_next_domain(dom, false);
if (dom) continue;
}
@@ -209,7 +209,7 @@ static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx)
/* if a multidomain search, try with next */
if (cmd_ctx->check_next) {
dctx->check_provider = true;
- dom = dom->next;
+ dom = get_next_domain(dom, false);
if (dom) continue;
}
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index 2fb75ad6..db6c792c 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -103,7 +103,7 @@ int main(int argc, const char *argv[])
goto done;
}
- for (dinfo = tctx->domains; dinfo; dinfo = dinfo->next) {
+ for (dinfo = tctx->domains; dinfo; dinfo = get_next_domain(dinfo, false)) {
sysdb = dinfo->sysdb;
/* Update filters for each domain */
diff --git a/src/tools/sss_debuglevel.c b/src/tools/sss_debuglevel.c
index e955ec38..ce428bd9 100644
--- a/src/tools/sss_debuglevel.c
+++ b/src/tools/sss_debuglevel.c
@@ -253,8 +253,11 @@ errno_t get_confdb_sections(TALLOC_CTX *ctx, struct confdb_ctx *confdb,
if (ret != EOK)
DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to get domain list\n"));
- for (domain = domain_list; domain != NULL; domain = domain->next)
+ for (domain = domain_list;
+ domain;
+ domain = get_next_domain(domain, false)) {
domain_count++;
+ }
/* allocate output space */
sections = talloc_array(ctx, char*,
@@ -275,7 +278,9 @@ errno_t get_confdb_sections(TALLOC_CTX *ctx, struct confdb_ctx *confdb,
}
}
- for (domain = domain_list; domain != NULL; domain = domain->next, i++) {
+ for (domain = domain_list;
+ domain;
+ domain = get_next_domain(domain, false), i++) {
sections[i] = talloc_asprintf(tmp_ctx, CONFDB_DOMAIN_PATH_TMPL,
domain->name);
if (sections[i] == NULL) {
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index 1ff7c0c6..8cba7dca 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -22,6 +22,24 @@
#include "db/sysdb.h"
#include "util/util.h"
+struct sss_domain_info *get_next_domain(struct sss_domain_info *domain,
+ bool descend)
+{
+ struct sss_domain_info *dom;
+
+ dom = domain;
+ if (descend && dom->subdomain_count > 0) {
+ dom = dom->subdomains[0];
+ } else if (dom->next) {
+ dom = dom->next;
+ } else if (descend && dom->parent) {
+ dom = dom->parent->next;
+ } else {
+ dom = NULL;
+ }
+ return dom;
+}
+
struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
struct sss_domain_info *parent,
const char *name,
diff --git a/src/util/usertools.c b/src/util/usertools.c
index 0a657a18..33a2a7bd 100644
--- a/src/util/usertools.c
+++ b/src/util/usertools.c
@@ -339,7 +339,7 @@ int sss_parse_name_for_domains(TALLOC_CTX *memctx,
rname = NULL;
rdomain = NULL;
- for (dom = domains; dom != NULL; dom = dom->next) {
+ for (dom = domains; dom != NULL; dom = get_next_domain(dom, false)) {
ret = sss_parse_name(tmp_ctx, dom->names, orig, &dmatch, &nmatch);
if (ret == EOK) {
/*
@@ -397,7 +397,7 @@ int sss_parse_name_for_domains(TALLOC_CTX *memctx,
goto done;
}
- for (dom = domains; dom != NULL; dom = dom->next) {
+ for (dom = domains; dom != NULL; dom = get_next_domain(dom, false)) {
match = match_any_domain_or_subdomain_name(dom, rdomain);
if (match != NULL) {
break;
diff --git a/src/util/util.h b/src/util/util.h
index a2b2a2d3..de212811 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -566,6 +566,8 @@ struct sized_string {
void to_sized_string(struct sized_string *out, const char *in);
/* form domain_info.c */
+struct sss_domain_info *get_next_domain(struct sss_domain_info *domain,
+ bool descend);
struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
struct sss_domain_info *parent,
const char *name,