summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2015-10-01 13:13:05 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-10-07 12:42:03 +0200
commit309aa83d16b5919f727af04850bcd0799ba0962f (patch)
tree8ba57574ae0a09f25a0087655be8af13fc348859
parentd8899526551cbfe112e0ecc8280003a8349fc531 (diff)
downloadsssd-309aa83d16b5919f727af04850bcd0799ba0962f.tar.gz
sssd-309aa83d16b5919f727af04850bcd0799ba0962f.tar.xz
sssd-309aa83d16b5919f727af04850bcd0799ba0962f.zip
AD: Provide common connection list construction functions
https://fedorahosted.org/sssd/ticket/2810 Provides a new AD common function ad_ldap_conn_list() that creates a list of AD connection to use along with properties to avoid mistakes when manually constructing these lists. Reviewed-by: Sumit Bose <sbose@redhat.com>
-rw-r--r--src/providers/ad/ad_common.c26
-rw-r--r--src/providers/ad/ad_common.h5
-rw-r--r--src/providers/ad/ad_id.c17
-rw-r--r--src/providers/ipa/ipa_subdomains_id.c21
-rw-r--r--src/tests/cmocka/test_ad_common.c45
5 files changed, 80 insertions, 34 deletions
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index 88f36f8ea..7d46af4a4 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -1237,6 +1237,14 @@ ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom)
subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx);
conn = subdom_id_ctx->ldap_ctx;
+ if (IS_SUBDOMAIN(sdom->dom) == true && conn != NULL) {
+ /* Regardless of connection types, a subdomain error must not be
+ * allowed to set the whole back end offline, rather report an error
+ * and let the caller deal with it (normally disable the subdomain
+ */
+ conn->ignore_mark_offline = true;
+ }
+
return conn;
}
@@ -1261,3 +1269,21 @@ ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx,
return clist;
}
+
+struct sdap_id_conn_ctx **
+ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
+ struct ad_id_ctx *ad_ctx,
+ struct sss_domain_info *dom)
+{
+ struct sdap_id_conn_ctx **clist;
+
+ clist = talloc_zero_array(mem_ctx, struct sdap_id_conn_ctx *, 2);
+ if (clist == NULL) {
+ return NULL;
+ }
+
+ clist[0] = ad_get_dom_ldap_conn(ad_ctx, dom);
+
+ clist[1] = NULL;
+ return clist;
+}
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index 817f5b42c..701e46198 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -148,6 +148,11 @@ struct sdap_id_conn_ctx **
ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx,
struct sss_domain_info *dom);
+struct sdap_id_conn_ctx **
+ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
+ struct ad_id_ctx *ad_ctx,
+ struct sss_domain_info *dom);
+
struct sdap_id_conn_ctx *
ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom);
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
index ecaf6c993..be0cb3b12 100644
--- a/src/providers/ad/ad_id.c
+++ b/src/providers/ad/ad_id.c
@@ -269,29 +269,14 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx,
case BE_REQ_GROUP: /* group */
case BE_REQ_INITGROUPS: /* init groups for user */
clist = ad_gc_conn_list(breq, ad_ctx, dom);
- if (clist == NULL) return NULL;
break;
default:
/* Requests for other object should only contact LDAP by default */
- clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 2);
- if (clist == NULL) return NULL;
-
- clist[0] = ad_ctx->ldap_ctx;
- clist[1] = NULL;
+ clist = ad_ldap_conn_list(breq, ad_ctx, dom);
break;
}
- /* Regardless of connection types, a subdomain error must not be allowed
- * to set the whole back end offline, rather report an error and let the
- * caller deal with it (normally disable the subdomain
- */
- if (IS_SUBDOMAIN(dom)) {
- for (cindex = 0; clist[cindex] != NULL; cindex++) {
- clist[cindex]->ignore_mark_offline = true;
- }
- }
-
return clist;
}
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
index 8f13608bc..472985d4a 100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -641,21 +641,16 @@ ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx,
case BE_REQ_BY_SECID:
case BE_REQ_GROUP:
clist = ad_gc_conn_list(req, ad_id_ctx, state->obj_dom);
- if (clist == NULL) {
- ret = ENOMEM;
- goto fail;
- }
- clist[1]->ignore_mark_offline = true;
break;
default:
- clist = talloc_zero_array(req, struct sdap_id_conn_ctx *, 2);
- if (clist == NULL) {
- ret = ENOMEM;
- goto fail;
- }
- clist[0] = ad_id_ctx->ldap_ctx;
- clist[0]->ignore_mark_offline = true;
- clist[1] = NULL;
+ clist = ad_ldap_conn_list(req, ad_id_ctx, state->obj_dom);
+ break;
+ }
+
+ if (clist == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot generate AD connection list!\n");
+ ret = ENOMEM;
+ goto fail;
}
/* Now we already need ad_id_ctx in particular sdap_id_conn_ctx */
diff --git a/src/tests/cmocka/test_ad_common.c b/src/tests/cmocka/test_ad_common.c
index bc9d0940b..d2b59a23d 100644
--- a/src/tests/cmocka/test_ad_common.c
+++ b/src/tests/cmocka/test_ad_common.c
@@ -350,7 +350,7 @@ __wrap_sdap_set_sasl_options(struct sdap_options *id_opts,
return EOK;
}
-void test_ldap_conn_list(void **state)
+void test_ad_get_dom_ldap_conn(void **state)
{
struct sdap_id_conn_ctx *conn;
@@ -365,7 +365,7 @@ void test_ldap_conn_list(void **state)
assert_true(conn == test_ctx->subdom_ad_ctx->ldap_ctx);
}
-void test_conn_list(void **state)
+void test_gc_conn_list(void **state)
{
struct sdap_id_conn_ctx **conn_list;
@@ -392,7 +392,8 @@ void test_conn_list(void **state)
assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx);
assert_true(conn_list[0]->ignore_mark_offline);
assert_true(conn_list[1] == test_ctx->subdom_ad_ctx->ldap_ctx);
- assert_false(conn_list[1]->ignore_mark_offline);
+ /* Subdomain error should not set the backend offline! */
+ assert_true(conn_list[1]->ignore_mark_offline);
talloc_free(conn_list);
dp_opt_set_bool(test_ctx->ad_ctx->ad_options->basic, AD_ENABLE_GC, false);
@@ -411,6 +412,37 @@ void test_conn_list(void **state)
assert_non_null(conn_list);
assert_true(conn_list[0] == test_ctx->subdom_ad_ctx->ldap_ctx);
+ assert_true(conn_list[0]->ignore_mark_offline);
+ assert_null(conn_list[1]);
+ talloc_free(conn_list);
+}
+
+void test_ldap_conn_list(void **state)
+{
+ struct sdap_id_conn_ctx **conn_list;
+
+ struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
+ struct ad_common_test_ctx);
+ assert_non_null(test_ctx);
+
+ conn_list = ad_ldap_conn_list(test_ctx,
+ test_ctx->ad_ctx,
+ test_ctx->dom);
+ assert_non_null(conn_list);
+
+ assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx);
+ assert_false(conn_list[0]->ignore_mark_offline);
+ assert_null(conn_list[1]);
+ talloc_free(conn_list);
+
+ conn_list = ad_ldap_conn_list(test_ctx,
+ test_ctx->ad_ctx,
+ test_ctx->subdom);
+ assert_non_null(conn_list);
+
+ assert_true(conn_list[0] == test_ctx->subdom_ad_ctx->ldap_ctx);
+ assert_true(conn_list[0]->ignore_mark_offline);
+ assert_null(conn_list[1]);
talloc_free(conn_list);
}
@@ -432,10 +464,13 @@ int main(int argc, const char *argv[])
cmocka_unit_test_setup_teardown(test_ad_create_2way_trust_options,
test_ad_common_setup,
test_ad_common_teardown),
- cmocka_unit_test_setup_teardown(test_ldap_conn_list,
+ cmocka_unit_test_setup_teardown(test_ad_get_dom_ldap_conn,
test_ldap_conn_setup,
test_ldap_conn_teardown),
- cmocka_unit_test_setup_teardown(test_conn_list,
+ cmocka_unit_test_setup_teardown(test_gc_conn_list,
+ test_ldap_conn_setup,
+ test_ldap_conn_teardown),
+ cmocka_unit_test_setup_teardown(test_ldap_conn_list,
test_ldap_conn_setup,
test_ldap_conn_teardown),
};