dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 887b53d8833ab91835cb3afbdadcbf9d091dafcd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
Date: Thu, 23 Mar 2017 13:14:56 +0100
Subject: [PATCH 41/54] SUBDOMAINS: Allow use_fully_qualified_names for
 subdomains
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Allow option use_fully_qualified_names in subdomain section.
This option was recently added to subdomain_inherit.

Resolves:
https://pagure.io/SSSD/sssd/issue/3337

Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
---
 src/db/sysdb.h                                |  3 +-
 src/db/sysdb_private.h                        |  3 +-
 src/db/sysdb_subdomains.c                     | 63 +++++++++++++++++++++++++--
 src/man/sssd.conf.5.xml                       |  3 +-
 src/providers/ad/ad_subdomains.c              |  3 +-
 src/providers/ipa/ipa_subdomains.c            | 10 +++--
 src/responder/common/responder_get_domains.c  |  9 ++--
 src/tests/cmocka/test_fqnames.c               |  2 +-
 src/tests/cmocka/test_ipa_subdomains_server.c |  2 +-
 src/tests/cmocka/test_nss_srv.c               |  6 ++-
 src/tests/cmocka/test_sysdb_subdomains.c      | 25 ++++++-----
 src/tests/sysdb-tests.c                       | 14 +++---
 src/tools/common/sss_tools.c                  |  2 +-
 src/tools/sss_cache.c                         |  2 +-
 14 files changed, 107 insertions(+), 40 deletions(-)

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 0cbb2c5c02355e9e9a4e73b075f92d16e4855045..6762b51bee02911fb97d5d393fad2495504ee5ad 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -494,7 +494,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
                               uint32_t trust_direction,
                               struct ldb_message_element *upn_suffixes);
 
-errno_t sysdb_update_subdomains(struct sss_domain_info *domain);
+errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+                                struct confdb_ctx *confdb);
 
 errno_t sysdb_master_domain_update(struct sss_domain_info *domain);
 
diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
index bfd24799950ab3b31d57df11b8f91c0b2572f13a..dfddd2dda9e593bd02d52dee7d06f520a11bbdf6 100644
--- a/src/db/sysdb_private.h
+++ b/src/db/sysdb_private.h
@@ -191,7 +191,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
                                       bool enumerate,
                                       const char *forest,
                                       const char **upn_suffixes,
-                                      uint32_t trust_direction);
+                                      uint32_t trust_direction,
+                                      struct confdb_ctx *confdb);
 
 /* Helper functions to deal with the timestamp cache should not be used
  * outside the sysdb itself. The timestamp cache should be completely
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index 01f49763b712769f4f74df47961526e5b1514cd4..916dbba153d8c08837425f6fd29a20f5a6aa9fc9 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -23,6 +23,10 @@
 #include "util/util.h"
 #include "db/sysdb_private.h"
 
+static errno_t
+check_subdom_config_file(struct confdb_ctx *confdb,
+                         struct sss_domain_info *subdomain);
+
 struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
                                       struct sss_domain_info *parent,
                                       const char *name,
@@ -33,10 +37,12 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
                                       bool enumerate,
                                       const char *forest,
                                       const char **upn_suffixes,
-                                      uint32_t trust_direction)
+                                      uint32_t trust_direction,
+                                      struct confdb_ctx *confdb)
 {
     struct sss_domain_info *dom;
     bool inherit_option;
+    errno_t ret;
 
     DEBUG(SSSDBG_TRACE_FUNC,
           "Creating [%s] as subdomain of [%s]!\n", name, parent->name);
@@ -160,6 +166,17 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
     }
     dom->sysdb = parent->sysdb;
 
+    if (confdb != NULL) {
+        /* If confdb was provided, also check for sssd.conf */
+        ret = check_subdom_config_file(confdb, dom);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "Failed to read subdomain configuration [%d]: %s",
+                   ret, sss_strerror(ret));
+            goto fail;
+        }
+    }
+
     return dom;
 
 fail:
@@ -167,6 +184,45 @@ fail:
     return NULL;
 }
 
+static errno_t
+check_subdom_config_file(struct confdb_ctx *confdb,
+                         struct sss_domain_info *subdomain)
+{
+    char *sd_conf_path;
+    TALLOC_CTX *tmp_ctx;
+    errno_t ret;
+
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        return ENOMEM;
+    }
+
+    sd_conf_path = subdomain_create_conf_path(tmp_ctx, subdomain);
+    if (sd_conf_path == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    /* use_fully_qualified_names */
+    ret = confdb_get_bool(confdb, sd_conf_path, CONFDB_DOMAIN_FQ,
+                          true, &subdomain->fqnames);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "Failed to get %s option for the subdomain: %s\n",
+              CONFDB_DOMAIN_FQ, subdomain->name);
+        goto done;
+    }
+
+    DEBUG(SSSDBG_CONF_SETTINGS, "%s/%s has value %s\n",
+          sd_conf_path, CONFDB_DOMAIN_FQ,
+          subdomain->fqnames ? "TRUE" : "FALSE");
+
+    ret = EOK;
+done:
+    talloc_free(tmp_ctx);
+    return ret;
+}
+
 static bool is_forest_root(struct sss_domain_info *d)
 {
     if (d->forest == NULL) {
@@ -232,7 +288,8 @@ static void link_forest_roots(struct sss_domain_info *domain)
     }
 }
 
-errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
+errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+                                struct confdb_ctx *confdb)
 {
     int i;
     errno_t ret;
@@ -451,7 +508,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
         if (dom == NULL) {
             dom = new_subdomain(domain, domain, name, realm,
                                 flat, id, mpg, enumerate, forest,
-                                upn_suffixes, trust_direction);
+                                upn_suffixes, trust_direction, confdb);
             if (dom == NULL) {
                 ret = ENOMEM;
                 goto done;
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 284402bc00d37c6c33bf195d2bd719300f265851..1c27742cf0c1b6ffad23ab5b044bf4a168ed8f69 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -2780,7 +2780,8 @@ subdomain_inherit = ldap_purge_cache_timeout
             <para>ldap_service_search_base,</para>
             <para>ad_server,</para>
             <para>ad_backup_server,</para>
-            <para>ad_site.</para>
+            <para>ad_site,</para>
+            <para>use_fully_qualified_names</para>
         <para>
             For more details about these options see their individual description
             in the manual page.
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index eecae9c9ca82ad67874c13a3c7b7c617d6232d5c..bc659b2cb0a02723437d24d0021ec3592381e84c 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -656,7 +656,8 @@ static errno_t ad_subdom_reinit(struct ad_subdomains_ctx *subdoms_ctx)
         /* Just continue */
     }
 
-    ret = sysdb_update_subdomains(subdoms_ctx->be_ctx->domain);
+    ret = sysdb_update_subdomains(subdoms_ctx->be_ctx->domain,
+                                  subdoms_ctx->be_ctx->cdb);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed.\n");
         return ret;
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 7537550606ef09c0b87a80932c75aa4f93c0efab..a07b88fe2f499353293ba90345552413c9792f4b 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -126,7 +126,7 @@ ipa_subdom_reinit(struct ipa_subdomains_ctx *ctx)
         return ret;
     }
 
-    ret = sysdb_update_subdomains(ctx->be_ctx->domain);
+    ret = sysdb_update_subdomains(ctx->be_ctx->domain, ctx->be_ctx->cdb);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed.\n");
         return ret;
@@ -780,7 +780,8 @@ done:
 static errno_t ipa_apply_view(struct sss_domain_info *domain,
                               struct ipa_id_ctx *ipa_id_ctx,
                               const char *view_name,
-                              bool read_at_init)
+                              bool read_at_init,
+                              struct confdb_ctx *confdb)
 {
     const char *current = ipa_id_ctx->view_name;
     struct sysdb_ctx *sysdb = domain->sysdb;
@@ -876,7 +877,7 @@ static errno_t ipa_apply_view(struct sss_domain_info *domain,
             goto done;
         }
 
-        ret = sysdb_update_subdomains(domain);
+        ret = sysdb_update_subdomains(domain, confdb);
         if (ret != EOK) {
             DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed "
                   "[%d]: %s\n", ret, sss_strerror(ret));
@@ -1654,7 +1655,8 @@ static void ipa_subdomains_view_name_done(struct tevent_req *subreq)
 
     ret = ipa_apply_view(state->sd_ctx->be_ctx->domain,
                          state->sd_ctx->ipa_id_ctx, view_name,
-                         state->sd_ctx->view_read_at_init);
+                         state->sd_ctx->view_read_at_init,
+                         state->sd_ctx->be_ctx->cdb);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set view [%d]: %s\n",
               ret, sss_strerror(ret));
diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c
index 0f39d107dad6c458785b1b8d708e60d7c34e3901..0f9c01214631200f9687635f6302fa5c07e8a1fe 100644
--- a/src/responder/common/responder_get_domains.c
+++ b/src/responder/common/responder_get_domains.c
@@ -126,7 +126,8 @@ get_next_domain_recv(TALLOC_CTX *mem_ctx,
 }
 
 /* ====== Iterate over all domains, searching for their subdomains  ======= */
-static errno_t process_subdomains(struct sss_domain_info *dom);
+static errno_t process_subdomains(struct sss_domain_info *dom,
+                                  struct confdb_ctx *confdb);
 static void set_time_of_last_request(struct resp_ctx *rctx);
 static errno_t check_last_request(struct resp_ctx *rctx, const char *hint);
 
@@ -234,7 +235,7 @@ sss_dp_get_domains_process(struct tevent_req *subreq)
         goto fail;
     }
 
-    ret = process_subdomains(state->dom);
+    ret = process_subdomains(state->dom, state->rctx->cdb);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, "process_subdomains failed, "
                                   "trying next domain.\n");
@@ -270,7 +271,7 @@ fail:
 }
 
 static errno_t
-process_subdomains(struct sss_domain_info *domain)
+process_subdomains(struct sss_domain_info *domain, struct confdb_ctx *confdb)
 {
     int ret;
 
@@ -288,7 +289,7 @@ process_subdomains(struct sss_domain_info *domain)
     /* Retrieve all subdomains of this domain from sysdb
      * and create their struct sss_domain_info representations
      */
-    ret = sysdb_update_subdomains(domain);
+    ret = sysdb_update_subdomains(domain, confdb);
     if (ret != EOK) {
         DEBUG(SSSDBG_FUNC_DATA, "sysdb_update_subdomains failed.\n");
         goto done;
diff --git a/src/tests/cmocka/test_fqnames.c b/src/tests/cmocka/test_fqnames.c
index 19788248a39774bb4509363145ac4ce0815b7d28..0ed42a597b7787635c4971b4f1c3d9976949ccd2 100644
--- a/src/tests/cmocka/test_fqnames.c
+++ b/src/tests/cmocka/test_fqnames.c
@@ -309,7 +309,7 @@ static int parse_name_test_setup(void **state)
      * discovered
      */
     test_ctx->subdom = new_subdomain(dom, dom, SUBDOMNAME, NULL, SUBFLATNAME,
-                                     NULL, false, false, NULL, NULL, 0);
+                                     NULL, false, false, NULL, NULL, 0, NULL);
     assert_non_null(test_ctx->subdom);
 
     check_leaks_push(test_ctx);
diff --git a/src/tests/cmocka/test_ipa_subdomains_server.c b/src/tests/cmocka/test_ipa_subdomains_server.c
index 123cf11c01ef4687eecad31a9d73120a87c643e1..ca48425aca69e58358f5fd37e4b8238bfa9efe15 100644
--- a/src/tests/cmocka/test_ipa_subdomains_server.c
+++ b/src/tests/cmocka/test_ipa_subdomains_server.c
@@ -263,7 +263,7 @@ static void add_test_subdomains(struct trust_test_ctx *test_ctx,
                                 direction, NULL);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
 }
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 50714715cc80338640f2a77ecbe17bd5e0d6e911..3d7e0382197401cb2264671712152fe0709296b6 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -3206,7 +3206,8 @@ static int nss_subdom_test_setup(void **state)
 
     subdomain = new_subdomain(nss_test_ctx, nss_test_ctx->tctx->dom,
                               testdom[0], testdom[1], testdom[2], testdom[3],
-                              false, false, NULL, NULL, 0);
+                              false, false, NULL, NULL, 0,
+                              nss_test_ctx->tctx->confdb);
     assert_non_null(subdomain);
 
     ret = sysdb_subdomain_store(nss_test_ctx->tctx->sysdb,
@@ -3214,7 +3215,8 @@ static int nss_subdom_test_setup(void **state)
                                 false, false, NULL, 0, NULL);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(nss_test_ctx->tctx->dom);
+    ret = sysdb_update_subdomains(nss_test_ctx->tctx->dom,
+                                  nss_test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
     nss_test_ctx->subdom = subdomain;
diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c
index 49f44998a06740d1df70ac354ee741824acd8f50..84bcdc17b39dbc8822097c2006f157a09ea5e466 100644
--- a/src/tests/cmocka/test_sysdb_subdomains.c
+++ b/src/tests/cmocka/test_sysdb_subdomains.c
@@ -103,7 +103,7 @@ static void test_sysdb_subdomain_create(void **state)
                                 false, false, NULL, 0, NULL);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
     assert_non_null(test_ctx->tctx->dom->subdomains);
@@ -115,7 +115,7 @@ static void test_sysdb_subdomain_create(void **state)
                                 false, false, NULL, 1, NULL);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
     assert_non_null(test_ctx->tctx->dom->subdomains->next);
@@ -133,7 +133,7 @@ static void test_sysdb_subdomain_create(void **state)
                                 false, false, NULL, 0, NULL);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
     assert_int_equal(test_ctx->tctx->dom->subdomains->trust_direction, 1);
@@ -145,7 +145,7 @@ static void test_sysdb_subdomain_create(void **state)
     ret = sysdb_subdomain_delete(test_ctx->tctx->sysdb, dom1[0]);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
     assert_int_equal(sss_domain_get_state(test_ctx->tctx->dom->subdomains),
@@ -235,11 +235,11 @@ static void test_sysdb_link_forest_root_ipa(void **state)
                                 0, NULL);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
     /* Also update dom2 */
-    ret = sysdb_update_subdomains(test_ctx->tctx->dom->next);
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom->next, test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
     sub = find_domain_by_name(test_ctx->tctx->dom, dom1[0], true);
@@ -315,11 +315,11 @@ static void test_sysdb_link_forest_root_ad(void **state)
                                 0, NULL);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
     /* Also update dom2 */
-    ret = sysdb_update_subdomains(test_ctx->tctx->dom->next);
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom->next, test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
     assert_non_null(test_ctx->tctx->dom->forest_root);
@@ -395,14 +395,15 @@ static void test_sysdb_link_forest_member_ad(void **state)
     ret = sysdb_master_domain_update(test_ctx->tctx->dom);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(test_ctx->tctx->dom);
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
     /* Also update dom2 */
     ret = sysdb_master_domain_update(test_ctx->tctx->dom->next);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(test_ctx->tctx->dom->next);
+    ret = sysdb_update_subdomains(test_ctx->tctx->dom->next,
+                                  test_ctx->tctx->confdb);
     assert_int_equal(ret, EOK);
 
     /* Checks */
@@ -472,7 +473,7 @@ static void test_sysdb_link_ad_multidom(void **state)
     ret = sysdb_master_domain_update(main_dom1);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(main_dom1);
+    ret = sysdb_update_subdomains(main_dom1, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_master_domain_add_info(main_dom2,
@@ -492,7 +493,7 @@ static void test_sysdb_link_ad_multidom(void **state)
     ret = sysdb_master_domain_update(main_dom2);
     assert_int_equal(ret, EOK);
 
-    ret = sysdb_update_subdomains(main_dom2);
+    ret = sysdb_update_subdomains(main_dom2, NULL);
     assert_int_equal(ret, EOK);
 
     main_dom1 = find_domain_by_name(test_ctx->tctx->dom, TEST_DOM1_NAME, true);
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index 5bdd631fbfa1b4463fb169e5f07b65fb2c784096..1767dc3c734c6b2e5f74564debd603e2442f491b 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -1395,7 +1395,7 @@ START_TEST (test_sysdb_get_user_attr_subdomain)
     /* Create subdomain */
     subdomain = new_subdomain(test_ctx, test_ctx->domain,
                               "test.sub", "TEST.SUB", "test", "S-3",
-                              false, false, NULL, NULL, 0);
+                              false, false, NULL, NULL, 0, NULL);
     fail_if(subdomain == NULL, "Failed to create new subdomain.");
 
     ret = sss_names_init_from_args(test_ctx,
@@ -5821,14 +5821,14 @@ START_TEST(test_sysdb_subdomain_store_user)
 
     subdomain = new_subdomain(test_ctx, test_ctx->domain,
                               testdom[0], testdom[1], testdom[2], testdom[3],
-                              false, false, NULL, NULL, 0);
+                              false, false, NULL, NULL, 0, NULL);
     fail_unless(subdomain != NULL, "Failed to create new subdomin.");
     ret = sysdb_subdomain_store(test_ctx->sysdb,
                                 testdom[0], testdom[1], testdom[2], testdom[3],
                                 false, false, NULL, 0, NULL);
     fail_if(ret != EOK, "Could not set up the test (test subdom)");
 
-    ret = sysdb_update_subdomains(test_ctx->domain);
+    ret = sysdb_update_subdomains(test_ctx->domain, NULL);
     fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]",
                             ret, strerror(ret));
 
@@ -5900,14 +5900,14 @@ START_TEST(test_sysdb_subdomain_user_ops)
 
     subdomain = new_subdomain(test_ctx, test_ctx->domain,
                               testdom[0], testdom[1], testdom[2], testdom[3],
-                              false, false, NULL, NULL, 0);
+                              false, false, NULL, NULL, 0, NULL);
     fail_unless(subdomain != NULL, "Failed to create new subdomin.");
     ret = sysdb_subdomain_store(test_ctx->sysdb,
                                 testdom[0], testdom[1], testdom[2], testdom[3],
                                 false, false, NULL, 0, NULL);
     fail_if(ret != EOK, "Could not set up the test (test subdom)");
 
-    ret = sysdb_update_subdomains(test_ctx->domain);
+    ret = sysdb_update_subdomains(test_ctx->domain, NULL);
     fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]",
                             ret, strerror(ret));
 
@@ -5973,14 +5973,14 @@ START_TEST(test_sysdb_subdomain_group_ops)
 
     subdomain = new_subdomain(test_ctx, test_ctx->domain,
                               testdom[0], testdom[1], testdom[2], testdom[3],
-                              false, false, NULL, NULL, 0);
+                              false, false, NULL, NULL, 0, NULL);
     fail_unless(subdomain != NULL, "Failed to create new subdomin.");
     ret = sysdb_subdomain_store(test_ctx->sysdb,
                                 testdom[0], testdom[1], testdom[2], testdom[3],
                                 false, false, NULL, 0, NULL);
     fail_if(ret != EOK, "Could not set up the test (test subdom)");
 
-    ret = sysdb_update_subdomains(test_ctx->domain);
+    ret = sysdb_update_subdomains(test_ctx->domain, NULL);
     fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]",
                             ret, strerror(ret));
 
diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c
index 0f4f46894130daf722641f25a4cdfaae220252cc..97a3caab3bec88c5727eea2f08b200f1d3b23f0c 100644
--- a/src/tools/common/sss_tools.c
+++ b/src/tools/common/sss_tools.c
@@ -154,7 +154,7 @@ static errno_t sss_tool_domains_init(TALLOC_CTX *mem_ctx,
             }
 
             /* Update list of subdomains for this domain */
-            ret = sysdb_update_subdomains(dom);
+            ret = sysdb_update_subdomains(dom, confdb);
             if (ret != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE,
                       "Failed to update subdomains for domain %s.\n",
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index 59e49a8aa92e3a08ec80e0597304f1a4af0a02be..8a40b38c07f7e76cde5b98e5916816581fea7973 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -158,7 +158,7 @@ int main(int argc, const char *argv[])
             dinfo = get_next_domain(dinfo, SSS_GND_DESCEND)) {
         if (!IS_SUBDOMAIN(dinfo)) {
             /* Update list of subdomains for this domain */
-            ret = sysdb_update_subdomains(dinfo);
+            ret = sysdb_update_subdomains(dinfo, tctx->confdb);
             if (ret != EOK) {
                 DEBUG(SSSDBG_MINOR_FAILURE,
                       "Failed to update subdomains for domain %s.\n", dinfo->name);
-- 
2.9.3