sssd/0044-SUBDOMAINS-Allow-use_fully_qualified_names-for-subdo.patch
Lukas Slebodnik 387014f928 Backport upstream patches for 1.15.3 pre-release
required for building freeipa-4.5.x in rawhide
2017-04-04 16:22:51 +02:00

532 lines
23 KiB
Diff

From a63d74f65db2db7389cd373cb37adcdaaa2d56ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
Date: Thu, 23 Mar 2017 13:14:56 +0100
Subject: [PATCH 44/97] SUBDOMAINS: Allow use_fully_qualified_names for
subdomains
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Allow option use_fully_qualified_names in subdomain section.
This option was recently added to subdomain_inherit.
Resolves:
https://pagure.io/SSSD/sssd/issue/3337
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
---
src/db/sysdb.h | 3 +-
src/db/sysdb_private.h | 3 +-
src/db/sysdb_subdomains.c | 63 +++++++++++++++++++++++++--
src/man/sssd.conf.5.xml | 3 +-
src/providers/ad/ad_subdomains.c | 3 +-
src/providers/ipa/ipa_subdomains.c | 10 +++--
src/responder/common/responder_get_domains.c | 9 ++--
src/tests/cmocka/test_fqnames.c | 2 +-
src/tests/cmocka/test_ipa_subdomains_server.c | 2 +-
src/tests/cmocka/test_nss_srv.c | 6 ++-
src/tests/cmocka/test_sysdb_subdomains.c | 25 ++++++-----
src/tests/sysdb-tests.c | 14 +++---
src/tools/common/sss_tools.c | 2 +-
src/tools/sss_cache.c | 2 +-
14 files changed, 107 insertions(+), 40 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 0cbb2c5c02355e9e9a4e73b075f92d16e4855045..6762b51bee02911fb97d5d393fad2495504ee5ad 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -494,7 +494,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
uint32_t trust_direction,
struct ldb_message_element *upn_suffixes);
-errno_t sysdb_update_subdomains(struct sss_domain_info *domain);
+errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+ struct confdb_ctx *confdb);
errno_t sysdb_master_domain_update(struct sss_domain_info *domain);
diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
index bfd24799950ab3b31d57df11b8f91c0b2572f13a..dfddd2dda9e593bd02d52dee7d06f520a11bbdf6 100644
--- a/src/db/sysdb_private.h
+++ b/src/db/sysdb_private.h
@@ -191,7 +191,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
bool enumerate,
const char *forest,
const char **upn_suffixes,
- uint32_t trust_direction);
+ uint32_t trust_direction,
+ struct confdb_ctx *confdb);
/* Helper functions to deal with the timestamp cache should not be used
* outside the sysdb itself. The timestamp cache should be completely
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index 01f49763b712769f4f74df47961526e5b1514cd4..916dbba153d8c08837425f6fd29a20f5a6aa9fc9 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -23,6 +23,10 @@
#include "util/util.h"
#include "db/sysdb_private.h"
+static errno_t
+check_subdom_config_file(struct confdb_ctx *confdb,
+ struct sss_domain_info *subdomain);
+
struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
struct sss_domain_info *parent,
const char *name,
@@ -33,10 +37,12 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
bool enumerate,
const char *forest,
const char **upn_suffixes,
- uint32_t trust_direction)
+ uint32_t trust_direction,
+ struct confdb_ctx *confdb)
{
struct sss_domain_info *dom;
bool inherit_option;
+ errno_t ret;
DEBUG(SSSDBG_TRACE_FUNC,
"Creating [%s] as subdomain of [%s]!\n", name, parent->name);
@@ -160,6 +166,17 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
}
dom->sysdb = parent->sysdb;
+ if (confdb != NULL) {
+ /* If confdb was provided, also check for sssd.conf */
+ ret = check_subdom_config_file(confdb, dom);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to read subdomain configuration [%d]: %s",
+ ret, sss_strerror(ret));
+ goto fail;
+ }
+ }
+
return dom;
fail:
@@ -167,6 +184,45 @@ fail:
return NULL;
}
+static errno_t
+check_subdom_config_file(struct confdb_ctx *confdb,
+ struct sss_domain_info *subdomain)
+{
+ char *sd_conf_path;
+ TALLOC_CTX *tmp_ctx;
+ errno_t ret;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return ENOMEM;
+ }
+
+ sd_conf_path = subdomain_create_conf_path(tmp_ctx, subdomain);
+ if (sd_conf_path == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ /* use_fully_qualified_names */
+ ret = confdb_get_bool(confdb, sd_conf_path, CONFDB_DOMAIN_FQ,
+ true, &subdomain->fqnames);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to get %s option for the subdomain: %s\n",
+ CONFDB_DOMAIN_FQ, subdomain->name);
+ goto done;
+ }
+
+ DEBUG(SSSDBG_CONF_SETTINGS, "%s/%s has value %s\n",
+ sd_conf_path, CONFDB_DOMAIN_FQ,
+ subdomain->fqnames ? "TRUE" : "FALSE");
+
+ ret = EOK;
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
static bool is_forest_root(struct sss_domain_info *d)
{
if (d->forest == NULL) {
@@ -232,7 +288,8 @@ static void link_forest_roots(struct sss_domain_info *domain)
}
}
-errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
+errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+ struct confdb_ctx *confdb)
{
int i;
errno_t ret;
@@ -451,7 +508,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
if (dom == NULL) {
dom = new_subdomain(domain, domain, name, realm,
flat, id, mpg, enumerate, forest,
- upn_suffixes, trust_direction);
+ upn_suffixes, trust_direction, confdb);
if (dom == NULL) {
ret = ENOMEM;
goto done;
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 284402bc00d37c6c33bf195d2bd719300f265851..1c27742cf0c1b6ffad23ab5b044bf4a168ed8f69 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -2780,7 +2780,8 @@ subdomain_inherit = ldap_purge_cache_timeout
<para>ldap_service_search_base,</para>
<para>ad_server,</para>
<para>ad_backup_server,</para>
- <para>ad_site.</para>
+ <para>ad_site,</para>
+ <para>use_fully_qualified_names</para>
<para>
For more details about these options see their individual description
in the manual page.
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index eecae9c9ca82ad67874c13a3c7b7c617d6232d5c..bc659b2cb0a02723437d24d0021ec3592381e84c 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -656,7 +656,8 @@ static errno_t ad_subdom_reinit(struct ad_subdomains_ctx *subdoms_ctx)
/* Just continue */
}
- ret = sysdb_update_subdomains(subdoms_ctx->be_ctx->domain);
+ ret = sysdb_update_subdomains(subdoms_ctx->be_ctx->domain,
+ subdoms_ctx->be_ctx->cdb);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed.\n");
return ret;
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 7537550606ef09c0b87a80932c75aa4f93c0efab..a07b88fe2f499353293ba90345552413c9792f4b 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -126,7 +126,7 @@ ipa_subdom_reinit(struct ipa_subdomains_ctx *ctx)
return ret;
}
- ret = sysdb_update_subdomains(ctx->be_ctx->domain);
+ ret = sysdb_update_subdomains(ctx->be_ctx->domain, ctx->be_ctx->cdb);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed.\n");
return ret;
@@ -780,7 +780,8 @@ done:
static errno_t ipa_apply_view(struct sss_domain_info *domain,
struct ipa_id_ctx *ipa_id_ctx,
const char *view_name,
- bool read_at_init)
+ bool read_at_init,
+ struct confdb_ctx *confdb)
{
const char *current = ipa_id_ctx->view_name;
struct sysdb_ctx *sysdb = domain->sysdb;
@@ -876,7 +877,7 @@ static errno_t ipa_apply_view(struct sss_domain_info *domain,
goto done;
}
- ret = sysdb_update_subdomains(domain);
+ ret = sysdb_update_subdomains(domain, confdb);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed "
"[%d]: %s\n", ret, sss_strerror(ret));
@@ -1654,7 +1655,8 @@ static void ipa_subdomains_view_name_done(struct tevent_req *subreq)
ret = ipa_apply_view(state->sd_ctx->be_ctx->domain,
state->sd_ctx->ipa_id_ctx, view_name,
- state->sd_ctx->view_read_at_init);
+ state->sd_ctx->view_read_at_init,
+ state->sd_ctx->be_ctx->cdb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set view [%d]: %s\n",
ret, sss_strerror(ret));
diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c
index 0f39d107dad6c458785b1b8d708e60d7c34e3901..0f9c01214631200f9687635f6302fa5c07e8a1fe 100644
--- a/src/responder/common/responder_get_domains.c
+++ b/src/responder/common/responder_get_domains.c
@@ -126,7 +126,8 @@ get_next_domain_recv(TALLOC_CTX *mem_ctx,
}
/* ====== Iterate over all domains, searching for their subdomains ======= */
-static errno_t process_subdomains(struct sss_domain_info *dom);
+static errno_t process_subdomains(struct sss_domain_info *dom,
+ struct confdb_ctx *confdb);
static void set_time_of_last_request(struct resp_ctx *rctx);
static errno_t check_last_request(struct resp_ctx *rctx, const char *hint);
@@ -234,7 +235,7 @@ sss_dp_get_domains_process(struct tevent_req *subreq)
goto fail;
}
- ret = process_subdomains(state->dom);
+ ret = process_subdomains(state->dom, state->rctx->cdb);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "process_subdomains failed, "
"trying next domain.\n");
@@ -270,7 +271,7 @@ fail:
}
static errno_t
-process_subdomains(struct sss_domain_info *domain)
+process_subdomains(struct sss_domain_info *domain, struct confdb_ctx *confdb)
{
int ret;
@@ -288,7 +289,7 @@ process_subdomains(struct sss_domain_info *domain)
/* Retrieve all subdomains of this domain from sysdb
* and create their struct sss_domain_info representations
*/
- ret = sysdb_update_subdomains(domain);
+ ret = sysdb_update_subdomains(domain, confdb);
if (ret != EOK) {
DEBUG(SSSDBG_FUNC_DATA, "sysdb_update_subdomains failed.\n");
goto done;
diff --git a/src/tests/cmocka/test_fqnames.c b/src/tests/cmocka/test_fqnames.c
index 19788248a39774bb4509363145ac4ce0815b7d28..0ed42a597b7787635c4971b4f1c3d9976949ccd2 100644
--- a/src/tests/cmocka/test_fqnames.c
+++ b/src/tests/cmocka/test_fqnames.c
@@ -309,7 +309,7 @@ static int parse_name_test_setup(void **state)
* discovered
*/
test_ctx->subdom = new_subdomain(dom, dom, SUBDOMNAME, NULL, SUBFLATNAME,
- NULL, false, false, NULL, NULL, 0);
+ NULL, false, false, NULL, NULL, 0, NULL);
assert_non_null(test_ctx->subdom);
check_leaks_push(test_ctx);
diff --git a/src/tests/cmocka/test_ipa_subdomains_server.c b/src/tests/cmocka/test_ipa_subdomains_server.c
index 123cf11c01ef4687eecad31a9d73120a87c643e1..ca48425aca69e58358f5fd37e4b8238bfa9efe15 100644
--- a/src/tests/cmocka/test_ipa_subdomains_server.c
+++ b/src/tests/cmocka/test_ipa_subdomains_server.c
@@ -263,7 +263,7 @@ static void add_test_subdomains(struct trust_test_ctx *test_ctx,
direction, NULL);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+ ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
}
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 50714715cc80338640f2a77ecbe17bd5e0d6e911..3d7e0382197401cb2264671712152fe0709296b6 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -3206,7 +3206,8 @@ static int nss_subdom_test_setup(void **state)
subdomain = new_subdomain(nss_test_ctx, nss_test_ctx->tctx->dom,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, NULL, 0);
+ false, false, NULL, NULL, 0,
+ nss_test_ctx->tctx->confdb);
assert_non_null(subdomain);
ret = sysdb_subdomain_store(nss_test_ctx->tctx->sysdb,
@@ -3214,7 +3215,8 @@ static int nss_subdom_test_setup(void **state)
false, false, NULL, 0, NULL);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(nss_test_ctx->tctx->dom);
+ ret = sysdb_update_subdomains(nss_test_ctx->tctx->dom,
+ nss_test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
nss_test_ctx->subdom = subdomain;
diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c
index 49f44998a06740d1df70ac354ee741824acd8f50..84bcdc17b39dbc8822097c2006f157a09ea5e466 100644
--- a/src/tests/cmocka/test_sysdb_subdomains.c
+++ b/src/tests/cmocka/test_sysdb_subdomains.c
@@ -103,7 +103,7 @@ static void test_sysdb_subdomain_create(void **state)
false, false, NULL, 0, NULL);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+ ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
assert_non_null(test_ctx->tctx->dom->subdomains);
@@ -115,7 +115,7 @@ static void test_sysdb_subdomain_create(void **state)
false, false, NULL, 1, NULL);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+ ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
assert_non_null(test_ctx->tctx->dom->subdomains->next);
@@ -133,7 +133,7 @@ static void test_sysdb_subdomain_create(void **state)
false, false, NULL, 0, NULL);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+ ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
assert_int_equal(test_ctx->tctx->dom->subdomains->trust_direction, 1);
@@ -145,7 +145,7 @@ static void test_sysdb_subdomain_create(void **state)
ret = sysdb_subdomain_delete(test_ctx->tctx->sysdb, dom1[0]);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+ ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
assert_int_equal(sss_domain_get_state(test_ctx->tctx->dom->subdomains),
@@ -235,11 +235,11 @@ static void test_sysdb_link_forest_root_ipa(void **state)
0, NULL);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+ ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
/* Also update dom2 */
- ret = sysdb_update_subdomains(test_ctx->tctx->dom->next);
+ ret = sysdb_update_subdomains(test_ctx->tctx->dom->next, test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
sub = find_domain_by_name(test_ctx->tctx->dom, dom1[0], true);
@@ -315,11 +315,11 @@ static void test_sysdb_link_forest_root_ad(void **state)
0, NULL);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+ ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
/* Also update dom2 */
- ret = sysdb_update_subdomains(test_ctx->tctx->dom->next);
+ ret = sysdb_update_subdomains(test_ctx->tctx->dom->next, test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
assert_non_null(test_ctx->tctx->dom->forest_root);
@@ -395,14 +395,15 @@ static void test_sysdb_link_forest_member_ad(void **state)
ret = sysdb_master_domain_update(test_ctx->tctx->dom);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+ ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
/* Also update dom2 */
ret = sysdb_master_domain_update(test_ctx->tctx->dom->next);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(test_ctx->tctx->dom->next);
+ ret = sysdb_update_subdomains(test_ctx->tctx->dom->next,
+ test_ctx->tctx->confdb);
assert_int_equal(ret, EOK);
/* Checks */
@@ -472,7 +473,7 @@ static void test_sysdb_link_ad_multidom(void **state)
ret = sysdb_master_domain_update(main_dom1);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(main_dom1);
+ ret = sysdb_update_subdomains(main_dom1, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_master_domain_add_info(main_dom2,
@@ -492,7 +493,7 @@ static void test_sysdb_link_ad_multidom(void **state)
ret = sysdb_master_domain_update(main_dom2);
assert_int_equal(ret, EOK);
- ret = sysdb_update_subdomains(main_dom2);
+ ret = sysdb_update_subdomains(main_dom2, NULL);
assert_int_equal(ret, EOK);
main_dom1 = find_domain_by_name(test_ctx->tctx->dom, TEST_DOM1_NAME, true);
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index 5bdd631fbfa1b4463fb169e5f07b65fb2c784096..1767dc3c734c6b2e5f74564debd603e2442f491b 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -1395,7 +1395,7 @@ START_TEST (test_sysdb_get_user_attr_subdomain)
/* Create subdomain */
subdomain = new_subdomain(test_ctx, test_ctx->domain,
"test.sub", "TEST.SUB", "test", "S-3",
- false, false, NULL, NULL, 0);
+ false, false, NULL, NULL, 0, NULL);
fail_if(subdomain == NULL, "Failed to create new subdomain.");
ret = sss_names_init_from_args(test_ctx,
@@ -5821,14 +5821,14 @@ START_TEST(test_sysdb_subdomain_store_user)
subdomain = new_subdomain(test_ctx, test_ctx->domain,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, NULL, 0);
+ false, false, NULL, NULL, 0, NULL);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
false, false, NULL, 0, NULL);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
- ret = sysdb_update_subdomains(test_ctx->domain);
+ ret = sysdb_update_subdomains(test_ctx->domain, NULL);
fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]",
ret, strerror(ret));
@@ -5900,14 +5900,14 @@ START_TEST(test_sysdb_subdomain_user_ops)
subdomain = new_subdomain(test_ctx, test_ctx->domain,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, NULL, 0);
+ false, false, NULL, NULL, 0, NULL);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
false, false, NULL, 0, NULL);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
- ret = sysdb_update_subdomains(test_ctx->domain);
+ ret = sysdb_update_subdomains(test_ctx->domain, NULL);
fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]",
ret, strerror(ret));
@@ -5973,14 +5973,14 @@ START_TEST(test_sysdb_subdomain_group_ops)
subdomain = new_subdomain(test_ctx, test_ctx->domain,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, NULL, 0);
+ false, false, NULL, NULL, 0, NULL);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
false, false, NULL, 0, NULL);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
- ret = sysdb_update_subdomains(test_ctx->domain);
+ ret = sysdb_update_subdomains(test_ctx->domain, NULL);
fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]",
ret, strerror(ret));
diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c
index 0f4f46894130daf722641f25a4cdfaae220252cc..97a3caab3bec88c5727eea2f08b200f1d3b23f0c 100644
--- a/src/tools/common/sss_tools.c
+++ b/src/tools/common/sss_tools.c
@@ -154,7 +154,7 @@ static errno_t sss_tool_domains_init(TALLOC_CTX *mem_ctx,
}
/* Update list of subdomains for this domain */
- ret = sysdb_update_subdomains(dom);
+ ret = sysdb_update_subdomains(dom, confdb);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Failed to update subdomains for domain %s.\n",
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index 59e49a8aa92e3a08ec80e0597304f1a4af0a02be..8a40b38c07f7e76cde5b98e5916816581fea7973 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -158,7 +158,7 @@ int main(int argc, const char *argv[])
dinfo = get_next_domain(dinfo, SSS_GND_DESCEND)) {
if (!IS_SUBDOMAIN(dinfo)) {
/* Update list of subdomains for this domain */
- ret = sysdb_update_subdomains(dinfo);
+ ret = sysdb_update_subdomains(dinfo, tctx->confdb);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Failed to update subdomains for domain %s.\n", dinfo->name);
--
2.12.2