From 35f0f5ff9dac790f6c947190fcdc00d01ae9077c Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 24 Mar 2017 12:44:09 +0100 Subject: [PATCH 67/97] IFP: Search both POSIX and non-POSIX domains MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related to: https://pagure.io/SSSD/sssd/issue/3310 Changes the behaviour of the InfoPipe responder so that both application and POSIX domains are searched. In general, the IFP responder uses the CACHE_REQ_ANY_DOM lookup type because we can't presume the intention of the caller. Therefore, deployments that combine both POSIX and non-POSIX domains must use fully qualified names or select the right domain order manually. There is one change between the POSIX and non-POSIX users or groups - the object path. For the POSIX users, the object path includes the UID or GID. Because we don't have that for the non-POSIX objects, the object name is used in the path instead. Reviewed-by: Sumit Bose Reviewed-by: Pavel Březina --- src/responder/ifp/ifp_groups.c | 135 ++++++++++++++++++++++------------- src/responder/ifp/ifp_users.c | 158 ++++++++++++++++++++++++++--------------- src/responder/ifp/ifpsrv_cmd.c | 6 +- 3 files changed, 194 insertions(+), 105 deletions(-) diff --git a/src/responder/ifp/ifp_groups.c b/src/responder/ifp/ifp_groups.c index 99908e96bd971bce4b4e9064a77d8413f837d743..c568c62009cd4b777919dea048fd381a91bd3460 100644 --- a/src/responder/ifp/ifp_groups.c +++ b/src/responder/ifp/ifp_groups.c @@ -35,25 +35,33 @@ char * ifp_groups_build_path_from_msg(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, struct ldb_message *msg) { - const char *gid; + const char *key = NULL; - gid = ldb_msg_find_attr_as_string(msg, SYSDB_GIDNUM, NULL); + switch (domain->type) { + case DOM_TYPE_APPLICATION: + key = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); + break; + case DOM_TYPE_POSIX: + key = ldb_msg_find_attr_as_string(msg, SYSDB_GIDNUM, NULL); + break; + } - if (gid == NULL) { + + if (key == NULL) { return NULL; } - return sbus_opath_compose(mem_ctx, IFP_PATH_GROUPS, domain->name, gid); + return sbus_opath_compose(mem_ctx, IFP_PATH_GROUPS, domain->name, key); } -static errno_t ifp_groups_decompose_path(struct sss_domain_info *domains, +static errno_t ifp_groups_decompose_path(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domains, const char *path, struct sss_domain_info **_domain, - gid_t *_gid) + char **_key) { char **parts = NULL; struct sss_domain_info *domain; - gid_t gid; errno_t ret; ret = sbus_opath_decompose_exact(NULL, path, IFP_PATH_GROUPS, 2, &parts); @@ -67,14 +75,8 @@ static errno_t ifp_groups_decompose_path(struct sss_domain_info *domains, goto done; } - gid = strtouint32(parts[1], NULL, 10); - ret = errno; - if (ret != EOK) { - goto done; - } - *_domain = domain; - *_gid = gid; + *_key = talloc_steal(mem_ctx, parts[1]); done: talloc_free(parts); @@ -119,7 +121,7 @@ int ifp_groups_find_by_name(struct sbus_request *sbus_req, req = cache_req_group_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx, ctx->rctx->ncache, 0, - CACHE_REQ_POSIX_DOM, NULL, + CACHE_REQ_ANY_DOM, NULL, name); if (req == NULL) { return ENOMEM; @@ -273,7 +275,7 @@ static int ifp_groups_list_by_name_step(struct ifp_list_ctx *list_ctx) req = cache_req_group_by_filter_send(list_ctx, list_ctx->ctx->rctx->ev, list_ctx->ctx->rctx, - CACHE_REQ_POSIX_DOM, + CACHE_REQ_ANY_DOM, list_ctx->dom->name, list_ctx->filter); if (req == NULL) { @@ -358,7 +360,7 @@ int ifp_groups_list_by_domain_and_name(struct sbus_request *sbus_req, } req = cache_req_group_by_filter_send(list_ctx, ctx->rctx->ev, ctx->rctx, - CACHE_REQ_POSIX_DOM, + CACHE_REQ_ANY_DOM, domain, filter); if (req == NULL) { return ENOMEM; @@ -412,16 +414,65 @@ done: } static errno_t +ifp_groups_get_from_cache(struct sbus_request *sbus_req, + struct sss_domain_info *domain, + const char *key, + struct ldb_message **_group) +{ + struct ldb_result *group_res; + errno_t ret; + gid_t gid; + + switch (domain->type) { + case DOM_TYPE_POSIX: + gid = strtouint32(key, NULL, 10); + ret = errno; + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid UID value\n"); + return ret; + } + + ret = sysdb_getgrgid_with_views(sbus_req, domain, gid, &group_res); + if (ret == EOK && group_res->count == 0) { + *_group = NULL; + return ENOENT; + } else if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup group %u@%s [%d]: %s\n", + gid, domain->name, ret, sss_strerror(ret)); + return ret; + } + break; + case DOM_TYPE_APPLICATION: + ret = sysdb_getgrnam_with_views(sbus_req, domain, key, &group_res); + if (ret == EOK && group_res->count == 0) { + *_group = NULL; + return ENOENT; + } else if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup group %s@%s [%d]: %s\n", + key, domain->name, ret, sss_strerror(ret)); + return ret; + } + break; + } + + if (group_res->count > 1) { + DEBUG(SSSDBG_CRIT_FAILURE, "More groups matched by the single key\n"); + return EIO; + } + + *_group = group_res->msgs[0]; + return EOK; +} + +static errno_t ifp_groups_group_get(struct sbus_request *sbus_req, void *data, - gid_t *_gid, struct sss_domain_info **_domain, struct ldb_message **_group) { struct ifp_ctx *ctx; struct sss_domain_info *domain; - struct ldb_result *res; - uid_t gid; + char *key; errno_t ret; ctx = talloc_get_type(data, struct ifp_ctx); @@ -430,8 +481,9 @@ ifp_groups_group_get(struct sbus_request *sbus_req, return ERR_INTERNAL; } - ret = ifp_groups_decompose_path(ctx->rctx->domains, sbus_req->path, - &domain, &gid); + ret = ifp_groups_decompose_path(sbus_req, + ctx->rctx->domains, sbus_req->path, + &domain, &key); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to decompose object path" "[%s] [%d]: %s\n", sbus_req->path, ret, sss_strerror(ret)); @@ -439,28 +491,15 @@ ifp_groups_group_get(struct sbus_request *sbus_req, } if (_group != NULL) { - ret = sysdb_getgrgid_with_views(sbus_req, domain, gid, &res); - if (ret == EOK && res->count == 0) { - *_group = NULL; - ret = ENOENT; - } - - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup group %u@%s [%d]: %s\n", - gid, domain->name, ret, sss_strerror(ret)); - } else { - *_group = res->msgs[0]; - } + ret = ifp_groups_get_from_cache(sbus_req, domain, key, _group); } if (ret == EOK || ret == ENOENT) { - if (_gid != NULL) { - *_gid = gid; - } - if (_domain != NULL) { *_domain = domain; } + } else if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Unable to retrieve group from cache\n"); } return ret; @@ -513,7 +552,7 @@ static struct tevent_req *resolv_ghosts_send(TALLOC_CTX *mem_ctx, state->ctx = ctx; state->data = data; - ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &group); + ret = ifp_groups_group_get(sbus_req, data, &domain, &group); if (ret != EOK) { goto immediately; } @@ -527,7 +566,7 @@ static struct tevent_req *resolv_ghosts_send(TALLOC_CTX *mem_ctx, subreq = cache_req_group_by_name_send(state, ev, ctx->rctx, ctx->rctx->ncache, 0, - CACHE_REQ_POSIX_DOM, + CACHE_REQ_ANY_DOM, domain->name, name); if (subreq == NULL) { @@ -561,7 +600,7 @@ static void resolv_ghosts_group_done(struct tevent_req *subreq) req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct resolv_ghosts_state); - ret = ifp_groups_group_get(state->sbus_req, state->data, NULL, + ret = ifp_groups_group_get(state->sbus_req, state->data, &state->domain, &group); if (ret != EOK) { goto done; @@ -608,7 +647,7 @@ errno_t resolv_ghosts_step(struct tevent_req *req) subreq = cache_req_user_by_name_send(state, state->ev, state->ctx->rctx, state->ctx->rctx->ncache, 0, - CACHE_REQ_POSIX_DOM, + CACHE_REQ_ANY_DOM, state->domain->name, state->ghosts[state->index]); if (subreq == NULL) { @@ -719,7 +758,7 @@ void ifp_groups_group_get_name(struct sbus_request *sbus_req, return; } - ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &msg); + ret = ifp_groups_group_get(sbus_req, data, &domain, &msg); if (ret != EOK) { *_out = NULL; return; @@ -744,7 +783,7 @@ void ifp_groups_group_get_gid_number(struct sbus_request *sbus_req, struct sss_domain_info *domain; errno_t ret; - ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &msg); + ret = ifp_groups_group_get(sbus_req, data, &domain, &msg); if (ret != EOK) { *_out = 0; return; @@ -763,7 +802,7 @@ void ifp_groups_group_get_unique_id(struct sbus_request *sbus_req, struct sss_domain_info *domain; errno_t ret; - ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &msg); + ret = ifp_groups_group_get(sbus_req, data, &domain, &msg); if (ret != EOK) { *_out = 0; return; @@ -803,7 +842,7 @@ ifp_groups_group_get_members(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &group); + ret = ifp_groups_group_get(sbus_req, data, &domain, &group); if (ret != EOK) { goto done; } @@ -954,7 +993,7 @@ int ifp_cache_object_store_group(struct sbus_request *sbus_req, struct ldb_message *group; errno_t ret; - ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &group); + ret = ifp_groups_group_get(sbus_req, data, &domain, &group); if (ret != EOK) { error = sbus_error_new(sbus_req, DBUS_ERROR_FAILED, "Failed to fetch " "group [%d]: %s\n", ret, sss_strerror(ret)); @@ -973,7 +1012,7 @@ int ifp_cache_object_remove_group(struct sbus_request *sbus_req, struct ldb_message *group; errno_t ret; - ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &group); + ret = ifp_groups_group_get(sbus_req, data, &domain, &group); if (ret != EOK) { error = sbus_error_new(sbus_req, DBUS_ERROR_FAILED, "Failed to fetch " "group [%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c index 436bb268fa9c78d72fb744e0d338aa561a7d8764..ce9557f94351b730ee46f3cbce31613cb5901942 100644 --- a/src/responder/ifp/ifp_users.c +++ b/src/responder/ifp/ifp_users.c @@ -37,25 +37,33 @@ char * ifp_users_build_path_from_msg(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, struct ldb_message *msg) { - const char *uid; + const char *key = NULL; - uid = ldb_msg_find_attr_as_string(msg, SYSDB_UIDNUM, NULL); + switch (domain->type) { + case DOM_TYPE_APPLICATION: + key = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); + break; + case DOM_TYPE_POSIX: + key = ldb_msg_find_attr_as_string(msg, SYSDB_UIDNUM, NULL); + break; + } - if (uid == NULL) { + + if (key == NULL) { return NULL; } - return sbus_opath_compose(mem_ctx, IFP_PATH_USERS, domain->name, uid); + return sbus_opath_compose(mem_ctx, IFP_PATH_USERS, domain->name, key); } -static errno_t ifp_users_decompose_path(struct sss_domain_info *domains, +static errno_t ifp_users_decompose_path(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domains, const char *path, struct sss_domain_info **_domain, - uid_t *_uid) + char **_key) { char **parts = NULL; struct sss_domain_info *domain; - uid_t uid; errno_t ret; ret = sbus_opath_decompose_exact(NULL, path, IFP_PATH_USERS, 2, &parts); @@ -69,14 +77,8 @@ static errno_t ifp_users_decompose_path(struct sss_domain_info *domains, goto done; } - uid = strtouint32(parts[1], NULL, 10); - ret = errno; - if (ret != EOK) { - goto done; - } - *_domain = domain; - *_uid = uid; + *_key = talloc_steal(mem_ctx, parts[1]); done: talloc_free(parts); @@ -100,7 +102,7 @@ int ifp_users_find_by_name(struct sbus_request *sbus_req, req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx, ctx->rctx->ncache, 0, - CACHE_REQ_POSIX_DOM, + CACHE_REQ_ANY_DOM, NULL, name); if (req == NULL) { return ENOMEM; @@ -256,7 +258,7 @@ int ifp_users_find_by_cert(struct sbus_request *sbus_req, void *data, req = cache_req_user_by_cert_send(sbus_req, ctx->rctx->ev, ctx->rctx, ctx->rctx->ncache, 0, - CACHE_REQ_POSIX_DOM, NULL, + CACHE_REQ_ANY_DOM, NULL, derb64); if (req == NULL) { return ENOMEM; @@ -371,7 +373,7 @@ static int ifp_users_list_by_cert_step(struct ifp_list_ctx *list_ctx) list_ctx->ctx->rctx, list_ctx->ctx->rctx->ncache, 0, - CACHE_REQ_POSIX_DOM, + CACHE_REQ_ANY_DOM, list_ctx->dom->name, list_ctx->filter); if (req == NULL) { @@ -538,7 +540,7 @@ int ifp_users_find_by_name_and_cert(struct sbus_request *sbus_req, void *data, if (name_and_cert_ctx->name != NULL) { req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx, ctx->rctx->ncache, 0, - CACHE_REQ_POSIX_DOM, + CACHE_REQ_ANY_DOM, NULL, name_and_cert_ctx->name); if (req == NULL) { @@ -621,7 +623,7 @@ static int ifp_users_find_by_name_and_cert_step( list_ctx->ctx->rctx, list_ctx->ctx->rctx->ncache, 0, - CACHE_REQ_POSIX_DOM, + CACHE_REQ_ANY_DOM, list_ctx->dom->name, list_ctx->filter); if (req == NULL) { @@ -782,7 +784,7 @@ static int ifp_users_list_by_name_step(struct ifp_list_ctx *list_ctx) req = cache_req_user_by_filter_send(list_ctx, list_ctx->ctx->rctx->ev, list_ctx->ctx->rctx, - CACHE_REQ_POSIX_DOM, + CACHE_REQ_ANY_DOM, list_ctx->dom->name, list_ctx->filter); if (req == NULL) { @@ -867,7 +869,7 @@ int ifp_users_list_by_domain_and_name(struct sbus_request *sbus_req, } req = cache_req_user_by_filter_send(list_ctx, ctx->rctx->ev, ctx->rctx, - CACHE_REQ_POSIX_DOM, + CACHE_REQ_ANY_DOM, domain, filter); if (req == NULL) { return ENOMEM; @@ -930,19 +932,69 @@ done: } static errno_t +ifp_users_get_from_cache(struct sbus_request *sbus_req, + struct sss_domain_info *domain, + const char *key, + struct ldb_message **_user) +{ + struct ldb_result *user_res; + errno_t ret; + uid_t uid; + + switch (domain->type) { + case DOM_TYPE_POSIX: + uid = strtouint32(key, NULL, 10); + ret = errno; + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid UID value\n"); + return ret; + } + + ret = sysdb_getpwuid_with_views(sbus_req, domain, uid, &user_res); + if (ret == EOK && user_res->count == 0) { + *_user = NULL; + return ENOENT; + } else if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup user %u@%s [%d]: %s\n", + uid, domain->name, ret, sss_strerror(ret)); + return ret; + } + break; + case DOM_TYPE_APPLICATION: + ret = sysdb_getpwnam_with_views(sbus_req, domain, key, &user_res); + if (ret == EOK && user_res->count == 0) { + *_user = NULL; + return ENOENT; + } else if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup user %s@%s [%d]: %s\n", + key, domain->name, ret, sss_strerror(ret)); + return ret; + } + break; + } + + if (user_res->count > 1) { + DEBUG(SSSDBG_CRIT_FAILURE, "More users matched by the single key\n"); + return EIO; + } + + *_user = user_res->msgs[0]; + return EOK; +} + +static errno_t ifp_users_user_get(struct sbus_request *sbus_req, struct ifp_ctx *ifp_ctx, - uid_t *_uid, struct sss_domain_info **_domain, struct ldb_message **_user) { struct sss_domain_info *domain; - struct ldb_result *res; - uid_t uid; + char *key; errno_t ret; - ret = ifp_users_decompose_path(ifp_ctx->rctx->domains, sbus_req->path, - &domain, &uid); + ret = ifp_users_decompose_path(sbus_req, + ifp_ctx->rctx->domains, sbus_req->path, + &domain, &key); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to decompose object path" "[%s] [%d]: %s\n", sbus_req->path, ret, sss_strerror(ret)); @@ -950,28 +1002,15 @@ ifp_users_user_get(struct sbus_request *sbus_req, } if (_user != NULL) { - ret = sysdb_getpwuid_with_views(sbus_req, domain, uid, &res); - if (ret == EOK && res->count == 0) { - *_user = NULL; - ret = ENOENT; - } - - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup user %u@%s [%d]: %s\n", - uid, domain->name, ret, sss_strerror(ret)); - } else { - *_user = res->msgs[0]; - } + ret = ifp_users_get_from_cache(sbus_req, domain, key, _user); } if (ret == EOK || ret == ENOENT) { - if (_uid != NULL) { - *_uid = uid; - } - if (_domain != NULL) { *_domain = domain; } + } else if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Unable to retrieve user from cache\n"); } return ret; @@ -1000,7 +1039,7 @@ static void ifp_users_get_as_string(struct sbus_request *sbus_req, return; } - ret = ifp_users_user_get(sbus_req, ifp_ctx, NULL, &domain, &msg); + ret = ifp_users_user_get(sbus_req, ifp_ctx, &domain, &msg); if (ret != EOK) { return; } @@ -1034,7 +1073,7 @@ static void ifp_users_get_name(struct sbus_request *sbus_req, return; } - ret = ifp_users_user_get(sbus_req, ifp_ctx, NULL, &domain, &msg); + ret = ifp_users_user_get(sbus_req, ifp_ctx, &domain, &msg); if (ret != EOK) { return; } @@ -1072,7 +1111,7 @@ static void ifp_users_get_as_uint32(struct sbus_request *sbus_req, return; } - ret = ifp_users_user_get(sbus_req, ifp_ctx, NULL, &domain, &msg); + ret = ifp_users_user_get(sbus_req, ifp_ctx, &domain, &msg); if (ret != EOK) { return; } @@ -1100,7 +1139,7 @@ int ifp_users_user_update_groups_list(struct sbus_request *sbus_req, return ERR_INTERNAL; } - ret = ifp_users_user_get(sbus_req, data, NULL, &domain, &user); + ret = ifp_users_user_get(sbus_req, data, &domain, &user); if (ret != EOK) { return ret; } @@ -1113,7 +1152,7 @@ int ifp_users_user_update_groups_list(struct sbus_request *sbus_req, req = cache_req_initgr_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx, ctx->rctx->ncache, 0, - CACHE_REQ_POSIX_DOM, domain->name, + CACHE_REQ_ANY_DOM, domain->name, username); if (req == NULL) { return ENOMEM; @@ -1235,7 +1274,7 @@ void ifp_users_user_get_groups(struct sbus_request *sbus_req, return; } - ret = ifp_users_user_get(sbus_req, ifp_ctx, NULL, &domain, &user); + ret = ifp_users_user_get(sbus_req, ifp_ctx, &domain, &user); if (ret != EOK) { return; } @@ -1268,7 +1307,7 @@ void ifp_users_user_get_groups(struct sbus_request *sbus_req, for (i = 0; i < res->count; i++) { gid = sss_view_ldb_msg_find_attr_as_uint64(domain, res->msgs[i], SYSDB_GIDNUM, 0); - if (gid == 0) { + if (gid == 0 && domain->type == DOM_TYPE_POSIX) { continue; } @@ -1293,11 +1332,12 @@ void ifp_users_user_get_extra_attributes(struct sbus_request *sbus_req, { struct ifp_ctx *ifp_ctx; struct sss_domain_info *domain; + struct ldb_message *base_user; + const char *name; struct ldb_message **user; struct ldb_message_element *el; struct ldb_dn *basedn; size_t count; - uid_t uid; const char *filter; const char **extra; hash_table_t *table; @@ -1322,7 +1362,7 @@ void ifp_users_user_get_extra_attributes(struct sbus_request *sbus_req, return; } - ret = ifp_users_user_get(sbus_req, data, &uid, &domain, NULL); + ret = ifp_users_user_get(sbus_req, data, &domain, &base_user); if (ret != EOK) { return; } @@ -1333,9 +1373,15 @@ void ifp_users_user_get_extra_attributes(struct sbus_request *sbus_req, return; } - filter = talloc_asprintf(sbus_req, "(&(%s=%s)(%s=%u))", + name = ldb_msg_find_attr_as_string(base_user, SYSDB_NAME, NULL); + if (name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "A user with no name\n"); + return; + } + + filter = talloc_asprintf(sbus_req, "(&(%s=%s)(%s=%s))", SYSDB_OBJECTCLASS, SYSDB_USER_CLASS, - SYSDB_UIDNUM, uid); + SYSDB_NAME, name); if (filter == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n"); return; @@ -1351,7 +1397,7 @@ void ifp_users_user_get_extra_attributes(struct sbus_request *sbus_req, } if (count == 0) { - DEBUG(SSSDBG_TRACE_FUNC, "User %u not found!\n", uid); + DEBUG(SSSDBG_TRACE_FUNC, "User %s not found!\n", name); return; } else if (count > 1) { DEBUG(SSSDBG_CRIT_FAILURE, "More than one entry found!\n"); @@ -1421,7 +1467,7 @@ int ifp_cache_object_store_user(struct sbus_request *sbus_req, struct ldb_message *user; errno_t ret; - ret = ifp_users_user_get(sbus_req, data, NULL, &domain, &user); + ret = ifp_users_user_get(sbus_req, data, &domain, &user); if (ret != EOK) { error = sbus_error_new(sbus_req, DBUS_ERROR_FAILED, "Failed to fetch " "user [%d]: %s\n", ret, sss_strerror(ret)); @@ -1440,7 +1486,7 @@ int ifp_cache_object_remove_user(struct sbus_request *sbus_req, struct ldb_message *user; errno_t ret; - ret = ifp_users_user_get(sbus_req, data, NULL, &domain, &user); + ret = ifp_users_user_get(sbus_req, data, &domain, &user); if (ret != EOK) { error = sbus_error_new(sbus_req, DBUS_ERROR_FAILED, "Failed to fetch " "user [%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c index 118b5083b14bf5692c6fdd7ba90668fe514aa89d..d10f35e41dbb1623a0b9de37a4c43363cbefc1a3 100644 --- a/src/responder/ifp/ifpsrv_cmd.c +++ b/src/responder/ifp/ifpsrv_cmd.c @@ -508,8 +508,12 @@ ifp_user_get_attr_lookup(struct tevent_req *subreq) return; } + /* IFP serves both POSIX and application domains. Requests that need + * to differentiate between the two must be qualified + */ subreq = cache_req_send(state, state->rctx->ev, state->rctx, - state->ncache, 0, CACHE_REQ_POSIX_DOM, + state->ncache, 0, + CACHE_REQ_ANY_DOM, state->domname, data); if (subreq == NULL) { tevent_req_error(req, ENOMEM); -- 2.12.2