|
 |
2fc102 |
From 3a1056929310cf304449baf3feed94bc8fe46383 Mon Sep 17 00:00:00 2001
|
|
|
2fc102 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
2fc102 |
Date: Tue, 17 Dec 2013 17:22:45 +0100
|
|
|
2fc102 |
Subject: [PATCH 33/34] IPA: Refresh subdomain data structures on startup
|
|
|
2fc102 |
|
|
|
2fc102 |
Write domain-mappings at startup and initialize internal data structures
|
|
|
2fc102 |
on provider startup, not only during updates.
|
|
|
2fc102 |
---
|
|
|
2fc102 |
src/providers/ipa/ipa_subdomains.c | 51 ++++++++++++++++++++++++--------------
|
|
|
2fc102 |
1 file changed, 32 insertions(+), 19 deletions(-)
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
|
|
|
2fc102 |
index 416e21913be8e991c9f496ff2b54f238b602f304..56fd4f99654aa07f822c49d6d39526765785f0de 100644
|
|
|
2fc102 |
--- a/src/providers/ipa/ipa_subdomains.c
|
|
|
2fc102 |
+++ b/src/providers/ipa/ipa_subdomains.c
|
|
|
2fc102 |
@@ -267,6 +267,35 @@ ipa_ad_subdom_refresh(struct be_ctx *be_ctx,
|
|
|
2fc102 |
return EOK;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
+static errno_t
|
|
|
2fc102 |
+ipa_subdom_reinit(struct ipa_subdomains_ctx *ctx)
|
|
|
2fc102 |
+{
|
|
|
2fc102 |
+ errno_t ret;
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ ret = sysdb_update_subdomains(ctx->be_ctx->domain);
|
|
|
2fc102 |
+ if (ret != EOK) {
|
|
|
2fc102 |
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_update_subdomains failed.\n"));
|
|
|
2fc102 |
+ return ret;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ ret = ipa_ad_subdom_refresh(ctx->be_ctx, ctx->id_ctx, ctx->be_ctx->domain);
|
|
|
2fc102 |
+ if (ret != EOK) {
|
|
|
2fc102 |
+ DEBUG(SSSDBG_OP_FAILURE, ("ipa_ad_subdom_refresh failed.\n"));
|
|
|
2fc102 |
+ return ret;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ ret = sss_write_domain_mappings(ctx->be_ctx->domain,
|
|
|
2fc102 |
+ dp_opt_get_bool(ctx->id_ctx->ipa_options->basic,
|
|
|
2fc102 |
+ IPA_SERVER_MODE));
|
|
|
2fc102 |
+ if (ret != EOK) {
|
|
|
2fc102 |
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
2fc102 |
+ ("sss_krb5_write_mappings failed.\n"));
|
|
|
2fc102 |
+ /* Just continue */
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ return EOK;
|
|
|
2fc102 |
+}
|
|
|
2fc102 |
+
|
|
|
2fc102 |
static void
|
|
|
2fc102 |
ipa_ad_subdom_remove(struct ipa_subdomains_ctx *ctx,
|
|
|
2fc102 |
struct sss_domain_info *subdom)
|
|
|
2fc102 |
@@ -921,27 +950,11 @@ static void ipa_subdomains_handler_done(struct tevent_req *req)
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
if (refresh_has_changes) {
|
|
|
2fc102 |
- ret = sysdb_update_subdomains(domain);
|
|
|
2fc102 |
+ ret = ipa_subdom_reinit(ctx->sd_ctx);
|
|
|
2fc102 |
if (ret != EOK) {
|
|
|
2fc102 |
- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_update_subdomains failed.\n"));
|
|
|
2fc102 |
+ DEBUG(SSSDBG_OP_FAILURE, ("Could not reinitialize subdomains\n"));
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
-
|
|
|
2fc102 |
- ret = ipa_ad_subdom_refresh(ctx->sd_ctx->be_ctx, ctx->sd_ctx->id_ctx,
|
|
|
2fc102 |
- domain);
|
|
|
2fc102 |
- if (ret != EOK) {
|
|
|
2fc102 |
- DEBUG(SSSDBG_OP_FAILURE, ("ipa_ad_subdom_refresh failed.\n"));
|
|
|
2fc102 |
- goto done;
|
|
|
2fc102 |
- }
|
|
|
2fc102 |
-
|
|
|
2fc102 |
- ret = sss_write_domain_mappings(domain,
|
|
|
2fc102 |
- dp_opt_get_bool(ctx->sd_ctx->id_ctx->ipa_options->basic,
|
|
|
2fc102 |
- IPA_SERVER_MODE));
|
|
|
2fc102 |
- if (ret != EOK) {
|
|
|
2fc102 |
- DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
2fc102 |
- ("sss_krb5_write_mappings failed.\n"));
|
|
|
2fc102 |
- /* Just continue */
|
|
|
2fc102 |
- }
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
ret = sysdb_master_domain_update(domain);
|
|
|
2fc102 |
@@ -1289,7 +1302,7 @@ int ipa_subdom_init(struct be_ctx *be_ctx,
|
|
|
2fc102 |
DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom offline callback"));
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
- ret = sysdb_update_subdomains(be_ctx->domain);
|
|
|
2fc102 |
+ ret = ipa_subdom_reinit(ctx);
|
|
|
2fc102 |
if (ret != EOK) {
|
|
|
2fc102 |
DEBUG(SSSDBG_MINOR_FAILURE, ("Could not load the list of subdomains. "
|
|
|
2fc102 |
"Users from trusted domains might not be resolved correctly\n"));
|
|
|
2fc102 |
--
|
|
|
2fc102 |
1.8.4.2
|
|
|
2fc102 |
|