diff options
| -rw-r--r-- | src/db/sysdb.h | 4 | ||||
| -rw-r--r-- | src/db/sysdb_subdomains.c | 22 | ||||
| -rw-r--r-- | src/providers/ad/ad_id.c | 11 | ||||
| -rw-r--r-- | src/providers/ad/ad_subdomains.c | 10 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 11 | ||||
| -rw-r--r-- | src/tests/cmocka/test_sysdb_subdomains.c | 35 |
6 files changed, 89 insertions, 4 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 5649f2cb1..f667977ed 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -439,7 +439,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain); errno_t sysdb_master_domain_update(struct sss_domain_info *domain); errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, - const char *flat, const char *id, + const char *realm, + const char *flat, + const char *id, const char* forest); errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name); diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index 1be904e8d..53115c1a7 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -561,7 +561,9 @@ done: } errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, - const char *flat, const char *id, + const char *realm, + const char *flat, + const char *id, const char* forest) { TALLOC_CTX *tmp_ctx; @@ -641,6 +643,24 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, do_update = true; } + if (realm != NULL && (domain->realm == NULL || + strcmp(domain->realm, realm) != 0)) { + ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_REALM, + LDB_FLAG_MOD_REPLACE, NULL); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_REALM, realm); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + do_update = true; + } + if (do_update == false) { ret = EOK; goto done; diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index d8ea26875..7a0c6eccd 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -454,6 +454,7 @@ struct ad_enumeration_state { struct sdap_id_op *sdap_op; struct tevent_context *ev; + const char *realm; struct sdap_domain *sdom; struct sdap_domain *sditer; }; @@ -493,6 +494,14 @@ ad_enumeration_send(TALLOC_CTX *mem_ctx, state->sditer = state->sdom; state->id_ctx = talloc_get_type(ectx->pvt, struct ad_id_ctx); + state->realm = dp_opt_get_cstring(state->id_ctx->ad_options->basic, + AD_KRB5_REALM); + if (state->realm == NULL) { + DEBUG(SSSDBG_CONF_SETTINGS, "Missing realm\n"); + ret = EINVAL; + goto fail; + } + state->sdap_op = sdap_id_op_create(state, state->id_ctx->ldap_ctx->conn_cache); if (state->sdap_op == NULL) { @@ -575,7 +584,7 @@ ad_enumeration_master_done(struct tevent_req *subreq) return; } - ret = sysdb_master_domain_add_info(state->sdom->dom, + ret = sysdb_master_domain_add_info(state->sdom->dom, state->realm, flat_name, master_sid, forest); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot save master domain info\n"); diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index ac9d8baa1..d889dfb6d 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -598,6 +598,7 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req) { struct ad_subdomains_req_ctx *ctx; errno_t ret; + const char *realm; ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx); @@ -610,7 +611,16 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req) goto done; } + realm = dp_opt_get_cstring(ctx->sd_ctx->ad_id_ctx->ad_options->basic, + AD_KRB5_REALM); + if (realm == NULL) { + DEBUG(SSSDBG_CONF_SETTINGS, "Missing realm.\n"); + ret = EINVAL; + goto done; + } + ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain, + realm, ctx->flat_name, ctx->master_sid, ctx->forest); if (ret != EOK) { diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index bd2fb47ee..02ced703c 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -1419,6 +1419,7 @@ static void ipa_subdomains_handler_master_done(struct tevent_req *req) if (reply_count) { const char *flat = NULL; const char *id = NULL; + const char *realm; ret = sysdb_attrs_get_string(reply[0], IPA_FLATNAME, &flat); if (ret != EOK) { @@ -1430,8 +1431,16 @@ static void ipa_subdomains_handler_master_done(struct tevent_req *req) goto done; } + realm = dp_opt_get_string(ctx->sd_ctx->id_ctx->ipa_options->basic, + IPA_KRB5_REALM); + if (realm == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm for IPA?\n"); + ret = EINVAL; + goto done; + } + ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain, - flat, id, NULL); + realm, flat, id, NULL); } else { ctx->search_base_iter++; ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_MASTER); diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c index e9c190549..22a38eccc 100644 --- a/src/tests/cmocka/test_sysdb_subdomains.c +++ b/src/tests/cmocka/test_sysdb_subdomains.c @@ -135,6 +135,38 @@ static void test_sysdb_subdomain_create(void **state) assert_true(test_ctx->tctx->dom->subdomains->disabled); } +static void test_sysdb_master_domain_ops(void **state) +{ + errno_t ret; + struct subdom_test_ctx *test_ctx = + talloc_get_type(*state, struct subdom_test_ctx); + + + ret = sysdb_master_domain_add_info(test_ctx->tctx->dom, + "realm1", "flat1", "id1", "forest1"); + assert_int_equal(ret, EOK); + + ret = sysdb_master_domain_update(test_ctx->tctx->dom); + assert_int_equal(ret, EOK); + + assert_string_equal(test_ctx->tctx->dom->realm, "realm1"); + assert_string_equal(test_ctx->tctx->dom->flat_name, "flat1"); + assert_string_equal(test_ctx->tctx->dom->domain_id, "id1"); + assert_string_equal(test_ctx->tctx->dom->forest, "forest1"); + + ret = sysdb_master_domain_add_info(test_ctx->tctx->dom, + "realm2", "flat2", "id2", "forest2"); + assert_int_equal(ret, EOK); + + ret = sysdb_master_domain_update(test_ctx->tctx->dom); + assert_int_equal(ret, EOK); + + assert_string_equal(test_ctx->tctx->dom->realm, "realm2"); + assert_string_equal(test_ctx->tctx->dom->flat_name, "flat2"); + assert_string_equal(test_ctx->tctx->dom->domain_id, "id2"); + assert_string_equal(test_ctx->tctx->dom->forest, "forest2"); +} + int main(int argc, const char *argv[]) { int rv; @@ -150,6 +182,9 @@ int main(int argc, const char *argv[]) }; const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(test_sysdb_master_domain_ops, + test_sysdb_subdom_setup, + test_sysdb_subdom_teardown), cmocka_unit_test_setup_teardown(test_sysdb_subdomain_create, test_sysdb_subdom_setup, test_sysdb_subdom_teardown), |