SYSDB: Add realm to sysdb_master_domain_add_info

Adding realm to both master domain and subdomain will make it easier to
set and select forest roots. Even master domains can be forest members,
it's preferable to avoid special-casing as much as possible.

Includes a unit test.

Reviewed-by: Sumit Bose <sbose@redhat.com>

3 files changed, 30 insertions, 2 deletions

diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
index d8ea26875..7a0c6eccd 100644
--- a/src/providers/ad/ad_id.c
+++ b/src/providers/ad/ad_id.c
@@ -454,6 +454,7 @@ struct ad_enumeration_state {
     struct sdap_id_op *sdap_op;
     struct tevent_context *ev;
 
+    const char *realm;
     struct sdap_domain *sdom;
     struct sdap_domain *sditer;
 };
@@ -493,6 +494,14 @@ ad_enumeration_send(TALLOC_CTX *mem_ctx,
     state->sditer = state->sdom;
     state->id_ctx = talloc_get_type(ectx->pvt, struct ad_id_ctx);
 
+    state->realm = dp_opt_get_cstring(state->id_ctx->ad_options->basic,
+                                      AD_KRB5_REALM);
+    if (state->realm == NULL) {
+        DEBUG(SSSDBG_CONF_SETTINGS, "Missing realm\n");
+        ret = EINVAL;
+        goto fail;
+    }
+
     state->sdap_op = sdap_id_op_create(state,
                                        state->id_ctx->ldap_ctx->conn_cache);
     if (state->sdap_op == NULL) {
@@ -575,7 +584,7 @@ ad_enumeration_master_done(struct tevent_req *subreq)
         return;
     }
 
-    ret = sysdb_master_domain_add_info(state->sdom->dom,
+    ret = sysdb_master_domain_add_info(state->sdom->dom, state->realm,
                                        flat_name, master_sid, forest);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, "Cannot save master domain info\n");
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index ac9d8baa1..d889dfb6d 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -598,6 +598,7 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req)
 {
     struct ad_subdomains_req_ctx *ctx;
     errno_t ret;
+    const char *realm;
 
     ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx);
 
@@ -610,7 +611,16 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req)
         goto done;
     }
 
+    realm = dp_opt_get_cstring(ctx->sd_ctx->ad_id_ctx->ad_options->basic,
+                               AD_KRB5_REALM);
+    if (realm == NULL) {
+        DEBUG(SSSDBG_CONF_SETTINGS, "Missing realm.\n");
+        ret = EINVAL;
+        goto done;
+    }
+
     ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain,
+                                       realm,
                                        ctx->flat_name, ctx->master_sid,
                                        ctx->forest);
     if (ret != EOK) {
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index bd2fb47ee..02ced703c 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -1419,6 +1419,7 @@ static void ipa_subdomains_handler_master_done(struct tevent_req *req)
     if (reply_count) {
         const char *flat = NULL;
         const char *id = NULL;
+        const char *realm;
 
         ret = sysdb_attrs_get_string(reply[0], IPA_FLATNAME, &flat);
         if (ret != EOK) {
@@ -1430,8 +1431,16 @@ static void ipa_subdomains_handler_master_done(struct tevent_req *req)
             goto done;
         }
 
+        realm = dp_opt_get_string(ctx->sd_ctx->id_ctx->ipa_options->basic,
+                                  IPA_KRB5_REALM);
+        if (realm == NULL) {
+            DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm for IPA?\n");
+            ret = EINVAL;
+            goto done;
+        }
+
         ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain,
-                                           flat, id, NULL);
+                                           realm, flat, id, NULL);
     } else {
         ctx->search_base_iter++;
         ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_MASTER);