summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-06-27 21:49:26 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-28 20:20:59 +0200
commit09d7c105839bfc7447ea0f766413ed86675ca075 (patch)
tree382c007bb5182e17af6243f67fd06e08627aad82
parent20ccfd63a17dc15dd24e6543424d86913d511c4b (diff)
downloadsssd-09d7c105839bfc7447ea0f766413ed86675ca075.tar.gz
sssd-09d7c105839bfc7447ea0f766413ed86675ca075.tar.xz
sssd-09d7c105839bfc7447ea0f766413ed86675ca075.zip
Save mpg state for subdomains
The information of a subdomain will use magic private groups (mpg) or not will be stored together with other information about the domain in the cache.
-rw-r--r--src/db/sysdb.h4
-rw-r--r--src/db/sysdb_subdomains.c33
-rw-r--r--src/providers/ad/ad_subdomains.c4
-rw-r--r--src/providers/ipa/ipa_subdomains.c13
-rw-r--r--src/tests/sysdb-tests.c13
5 files changed, 54 insertions, 13 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 0b99dee07..7045edf7b 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -124,6 +124,7 @@
#define SYSDB_SUBDOMAIN_REALM "realmName"
#define SYSDB_SUBDOMAIN_FLAT "flatName"
#define SYSDB_SUBDOMAIN_ID "domainID"
+#define SYSDB_SUBDOMAIN_MPG "mpg"
#define SYSDB_BASE_ID "baseID"
#define SYSDB_ID_RANGE_SIZE "idRangeSize"
@@ -366,7 +367,8 @@ errno_t sysdb_domain_create(struct sysdb_ctx *sysdb, const char *domain_name);
errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
const char *name, const char *realm,
- const char *flat_name, const char *domain_id);
+ const char *flat_name, const char *domain_id,
+ bool mpg);
errno_t sysdb_update_subdomains(struct sss_domain_info *domain);
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index 3e0d7b40a..ef248ff24 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -346,7 +346,8 @@ done:
errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
const char *name, const char *realm,
- const char *flat_name, const char *domain_id)
+ const char *flat_name, const char *domain_id,
+ bool mpg)
{
TALLOC_CTX *tmp_ctx;
struct ldb_message *msg;
@@ -356,12 +357,15 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
SYSDB_SUBDOMAIN_REALM,
SYSDB_SUBDOMAIN_FLAT,
SYSDB_SUBDOMAIN_ID,
+ SYSDB_SUBDOMAIN_MPG,
NULL};
const char *tmp_str;
+ bool tmp_bool;
bool store = false;
int realm_flags = 0;
int flat_flags = 0;
int id_flags = 0;
+ int mpg_flags = 0;
int ret;
tmp_ctx = talloc_new(NULL);
@@ -390,6 +394,7 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
if (realm) realm_flags = LDB_FLAG_MOD_ADD;
if (flat_name) flat_flags = LDB_FLAG_MOD_ADD;
if (domain_id) id_flags = LDB_FLAG_MOD_ADD;
+ mpg_flags = LDB_FLAG_MOD_ADD;
} else if (res->count != 1) {
ret = EINVAL;
goto done;
@@ -415,9 +420,16 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
id_flags = LDB_FLAG_MOD_REPLACE;
}
}
+
+ tmp_bool = ldb_msg_find_attr_as_bool(res->msgs[0], SYSDB_SUBDOMAIN_MPG,
+ !mpg);
+ if (tmp_bool != mpg) {
+ mpg_flags = LDB_FLAG_MOD_REPLACE;
+ }
}
- if (!store && realm_flags == 0 && flat_flags == 0 && id_flags == 0) {
+ if (!store && realm_flags == 0 && flat_flags == 0 && id_flags == 0
+ && mpg_flags == 0) {
ret = EOK;
goto done;
}
@@ -429,7 +441,7 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
}
msg->dn = dn;
- if (store) {
+ if (store) {
ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_ADD, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
@@ -485,6 +497,21 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
}
}
+ if (mpg_flags) {
+ ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_MPG, mpg_flags, NULL);
+ if (ret != LDB_SUCCESS) {
+ ret = sysdb_error_to_errno(ret);
+ goto done;
+ }
+
+ ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_MPG,
+ mpg ? "TRUE" : "FALSE");
+ if (ret != LDB_SUCCESS) {
+ ret = sysdb_error_to_errno(ret);
+ goto done;
+ }
+ }
+
ret = ldb_modify(sysdb->ldb, msg);
if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add subdomain attributes to "
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 20aaa2d71..724d0736b 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -220,7 +220,9 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx,
goto done;
}
- ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str);
+ /* AD subdomains are currently all mpg */
+ ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str,
+ true);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n"));
goto done;
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 119f44a54..a67526c83 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -23,6 +23,7 @@
*/
#include "providers/ldap/sdap_async.h"
+#include "providers/ldap/sdap_idmap.h"
#include "providers/ipa/ipa_subdomains.h"
#include "providers/ipa/ipa_common.h"
#include <ctype.h>
@@ -232,6 +233,7 @@ done:
}
static errno_t ipa_subdom_store(struct sss_domain_info *domain,
+ struct sdap_idmap_ctx *sdap_idmap_ctx,
struct sysdb_attrs *attrs)
{
TALLOC_CTX *tmp_ctx;
@@ -240,6 +242,7 @@ static errno_t ipa_subdom_store(struct sss_domain_info *domain,
const char *flat;
const char *id;
int ret;
+ bool mpg;
tmp_ctx = talloc_new(domain);
if (tmp_ctx == NULL) {
@@ -270,7 +273,9 @@ static errno_t ipa_subdom_store(struct sss_domain_info *domain,
goto done;
}
- ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, id);
+ mpg = sdap_idmap_domain_has_algorithmic_mapping(sdap_idmap_ctx, id);
+
+ ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, id, mpg);
if (ret) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n"));
goto done;
@@ -323,7 +328,8 @@ static errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx,
}
} else {
/* ok let's try to update it */
- ret = ipa_subdom_store(domain, reply[c]);
+ ret = ipa_subdom_store(domain, ctx->sdap_id_ctx->opts->idmap_ctx,
+ reply[c]);
if (ret) {
/* Nothing we can do about the errorr. Let's at least try
* to reuse the existing domain
@@ -352,7 +358,8 @@ static errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx,
/* Nothing we can do about the errorr. Let's at least try
* to reuse the existing domain.
*/
- ret = ipa_subdom_store(domain, reply[c]);
+ ret = ipa_subdom_store(domain, ctx->sdap_id_ctx->opts->idmap_ctx,
+ reply[c]);
if (ret) {
DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to parse subdom data, "
"will try to use cached subdomain\n"));
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index db2d903dd..124711797 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -4486,7 +4486,7 @@ START_TEST(test_sysdb_subdomain_create)
fail_if(ret != EOK, "Could not set up the test");
ret = sysdb_subdomain_store(test_ctx->sysdb,
- dom1[0], dom1[1], dom1[2], dom1[3]);
+ dom1[0], dom1[1], dom1[2], dom1[3], false);
fail_if(ret != EOK, "Could not set up the test (dom1)");
ret = sysdb_update_subdomains(test_ctx->domain);
@@ -4499,7 +4499,7 @@ START_TEST(test_sysdb_subdomain_create)
dom1[0], test_ctx->domain->subdomains->name);
ret = sysdb_subdomain_store(test_ctx->sysdb,
- dom2[0], dom2[1], dom2[2], dom2[3]);
+ dom2[0], dom2[1], dom2[2], dom2[3], false);
fail_if(ret != EOK, "Could not set up the test (dom2)");
ret = sysdb_update_subdomains(test_ctx->domain);
@@ -4543,7 +4543,8 @@ START_TEST(test_sysdb_subdomain_store_user)
testdom[0], testdom[1], testdom[2], testdom[3]);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
- testdom[0], testdom[1], testdom[2], testdom[3]);
+ testdom[0], testdom[1], testdom[2], testdom[3],
+ false);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
ret = sysdb_update_subdomains(test_ctx->domain);
@@ -4600,7 +4601,8 @@ START_TEST(test_sysdb_subdomain_user_ops)
testdom[0], testdom[1], testdom[2], testdom[3]);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
- testdom[0], testdom[1], testdom[2], testdom[3]);
+ testdom[0], testdom[1], testdom[2], testdom[3],
+ false);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
ret = sysdb_update_subdomains(test_ctx->domain);
@@ -4653,7 +4655,8 @@ START_TEST(test_sysdb_subdomain_group_ops)
testdom[0], testdom[1], testdom[2], testdom[3]);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
- testdom[0], testdom[1], testdom[2], testdom[3]);
+ testdom[0], testdom[1], testdom[2], testdom[3],
+ false);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
ret = sysdb_update_subdomains(test_ctx->domain);