diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-02 13:34:20 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-14 21:44:39 +0200 |
| commit | 9af86b9c936d07cff9d0c2054acde908749ea522 (patch) | |
| tree | b7acca3a794a56ccec485f880a62e10be2d29466 | |
| parent | 526a15438525417cd701f837d7085b7f8c8a6325 (diff) | |
| download | sssd-9af86b9c936d07cff9d0c2054acde908749ea522.tar.gz sssd-9af86b9c936d07cff9d0c2054acde908749ea522.tar.xz sssd-9af86b9c936d07cff9d0c2054acde908749ea522.zip | |
SYSDB: Add realm to sysdb_master_domain_add_info
Adding realm to both master domain and subdomain will make it easier to
set and select forest roots. Even master domains can be forest members,
it's preferable to avoid special-casing as much as possible.
Includes a unit test.
Reviewed-by: Sumit Bose <sbose@redhat.com>
| -rw-r--r-- | src/db/sysdb.h | 4 | ||||
| -rw-r--r-- | src/db/sysdb_subdomains.c | 22 | ||||
| -rw-r--r-- | src/providers/ad/ad_id.c | 11 | ||||
| -rw-r--r-- | src/providers/ad/ad_subdomains.c | 10 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 11 | ||||
| -rw-r--r-- | src/tests/cmocka/test_sysdb_subdomains.c | 35 |
6 files changed, 89 insertions, 4 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 5649f2cb1..f667977ed 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -439,7 +439,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain); errno_t sysdb_master_domain_update(struct sss_domain_info *domain); errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, - const char *flat, const char *id, + const char *realm, + const char *flat, + const char *id, const char* forest); errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name); diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index 1be904e8d..53115c1a7 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -561,7 +561,9 @@ done: } errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, - const char *flat, const char *id, + const char *realm, + const char *flat, + const char *id, const char* forest) { TALLOC_CTX *tmp_ctx; @@ -641,6 +643,24 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, do_update = true; } + if (realm != NULL && (domain->realm == NULL || + strcmp(domain->realm, realm) != 0)) { + ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_REALM, + LDB_FLAG_MOD_REPLACE, NULL); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_REALM, realm); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + do_update = true; + } + if (do_update == false) { ret = EOK; goto done; diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index d8ea26875..7a0c6eccd 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -454,6 +454,7 @@ struct ad_enumeration_state { struct sdap_id_op *sdap_op; struct tevent_context *ev; + const char *realm; struct sdap_domain *sdom; struct sdap_domain *sditer; }; @@ -493,6 +494,14 @@ ad_enumeration_send(TALLOC_CTX *mem_ctx, state->sditer = state->sdom; state->id_ctx = talloc_get_type(ectx->pvt, struct ad_id_ctx); + state->realm = dp_opt_get_cstring(state->id_ctx->ad_options->basic, + AD_KRB5_REALM); + if (state->realm == NULL) { + DEBUG(SSSDBG_CONF_SETTINGS, "Missing realm\n"); + ret = EINVAL; + goto fail; + } + state->sdap_op = sdap_id_op_create(state, state->id_ctx->ldap_ctx->conn_cache); if (state->sdap_op == NULL) { @@ -575,7 +584,7 @@ ad_enumeration_master_done(struct tevent_req *subreq) return; } - ret = sysdb_master_domain_add_info(state->sdom->dom, + ret = sysdb_master_domain_add_info(state->sdom->dom, state->realm, flat_name, master_sid, forest); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot save master domain info\n"); diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index ac9d8baa1..d889dfb6d 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -598,6 +598,7 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req) { struct ad_subdomains_req_ctx *ctx; errno_t ret; + const char *realm; ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx); @@ -610,7 +611,16 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req) goto done; } + realm = dp_opt_get_cstring(ctx->sd_ctx->ad_id_ctx->ad_options->basic, + AD_KRB5_REALM); + if (realm == NULL) { + DEBUG(SSSDBG_CONF_SETTINGS, "Missing realm.\n"); + ret = EINVAL; + goto done; + } + ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain, + realm, ctx->flat_name, ctx->master_sid, ctx->forest); if (ret != EOK) { diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index bd2fb47ee..02ced703c 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -1419,6 +1419,7 @@ static void ipa_subdomains_handler_master_done(struct tevent_req *req) if (reply_count) { const char *flat = NULL; const char *id = NULL; + const char *realm; ret = sysdb_attrs_get_string(reply[0], IPA_FLATNAME, &flat); if (ret != EOK) { @@ -1430,8 +1431,16 @@ static void ipa_subdomains_handler_master_done(struct tevent_req *req) goto done; } + realm = dp_opt_get_string(ctx->sd_ctx->id_ctx->ipa_options->basic, + IPA_KRB5_REALM); + if (realm == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm for IPA?\n"); + ret = EINVAL; + goto done; + } + ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain, - flat, id, NULL); + realm, flat, id, NULL); } else { ctx->search_base_iter++; ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_MASTER); diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c index e9c190549..22a38eccc 100644 --- a/src/tests/cmocka/test_sysdb_subdomains.c +++ b/src/tests/cmocka/test_sysdb_subdomains.c @@ -135,6 +135,38 @@ static void test_sysdb_subdomain_create(void **state) assert_true(test_ctx->tctx->dom->subdomains->disabled); } +static void test_sysdb_master_domain_ops(void **state) +{ + errno_t ret; + struct subdom_test_ctx *test_ctx = + talloc_get_type(*state, struct subdom_test_ctx); + + + ret = sysdb_master_domain_add_info(test_ctx->tctx->dom, + "realm1", "flat1", "id1", "forest1"); + assert_int_equal(ret, EOK); + + ret = sysdb_master_domain_update(test_ctx->tctx->dom); + assert_int_equal(ret, EOK); + + assert_string_equal(test_ctx->tctx->dom->realm, "realm1"); + assert_string_equal(test_ctx->tctx->dom->flat_name, "flat1"); + assert_string_equal(test_ctx->tctx->dom->domain_id, "id1"); + assert_string_equal(test_ctx->tctx->dom->forest, "forest1"); + + ret = sysdb_master_domain_add_info(test_ctx->tctx->dom, + "realm2", "flat2", "id2", "forest2"); + assert_int_equal(ret, EOK); + + ret = sysdb_master_domain_update(test_ctx->tctx->dom); + assert_int_equal(ret, EOK); + + assert_string_equal(test_ctx->tctx->dom->realm, "realm2"); + assert_string_equal(test_ctx->tctx->dom->flat_name, "flat2"); + assert_string_equal(test_ctx->tctx->dom->domain_id, "id2"); + assert_string_equal(test_ctx->tctx->dom->forest, "forest2"); +} + int main(int argc, const char *argv[]) { int rv; @@ -150,6 +182,9 @@ int main(int argc, const char *argv[]) }; const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(test_sysdb_master_domain_ops, + test_sysdb_subdom_setup, + test_sysdb_subdom_teardown), cmocka_unit_test_setup_teardown(test_sysdb_subdomain_create, test_sysdb_subdom_setup, test_sysdb_subdom_teardown), |