diff options
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rw-r--r-- | src/confdb/confdb.h | 3 | ||||
| -rw-r--r-- | src/db/sysdb.c | 191 | ||||
| -rw-r--r-- | src/db/sysdb.h | 72 | ||||
| -rw-r--r-- | src/db/sysdb_subdomains.c | 435 | ||||
| -rw-r--r-- | src/tests/sysdb-tests.c | 232 |
6 files changed, 853 insertions, 81 deletions
diff --git a/Makefile.am b/Makefile.am index 8d2c8cee7..9cf904ebc 100644 --- a/Makefile.am +++ b/Makefile.am @@ -438,6 +438,7 @@ libsss_util_la_SOURCES = \ src/db/sysdb_upgrade.c \ src/db/sysdb_services.c \ src/db/sysdb_autofs.c \ + src/db/sysdb_subdomains.c \ src/monitor/monitor_sbus.c \ src/providers/dp_auth_util.c \ src/providers/dp_pam_data_util.c \ diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index c31966b90..b1053bda5 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -192,6 +192,9 @@ struct sss_domain_info { struct sysdb_ctx *sysdb; + char *flat_name; + char *domain_id; + struct sss_domain_info *next; }; diff --git a/src/db/sysdb.c b/src/db/sysdb.c index 65b413da5..de23607a5 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -776,6 +776,114 @@ int sysdb_get_db_file(TALLOC_CTX *mem_ctx, return EOK; } +errno_t sysdb_domain_create(struct sysdb_ctx *sysdb, const char *domain_name) +{ + struct ldb_message *msg; + TALLOC_CTX *tmp_ctx; + int ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + /* == create base domain object == */ + + msg = ldb_msg_new(tmp_ctx); + if (!msg) { + ret = ENOMEM; + goto done; + } + msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, SYSDB_DOM_BASE, domain_name); + if (!msg->dn) { + ret = ENOMEM; + goto done; + } + ret = ldb_msg_add_fmt(msg, "cn", "%s", domain_name); + if (ret != LDB_SUCCESS) { + ret = EIO; + goto done; + } + /* do a synchronous add */ + ret = ldb_add(sysdb->ldb, msg); + if (ret != LDB_SUCCESS) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to initialize DB (%d, [%s]) " + "for domain %s!\n", + ret, ldb_errstring(sysdb->ldb), + domain_name)); + ret = EIO; + goto done; + } + talloc_zfree(msg); + + /* == create Users tree == */ + + msg = ldb_msg_new(tmp_ctx); + if (!msg) { + ret = ENOMEM; + goto done; + } + msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, + SYSDB_TMPL_USER_BASE, domain_name); + if (!msg->dn) { + ret = ENOMEM; + goto done; + } + ret = ldb_msg_add_fmt(msg, "cn", "Users"); + if (ret != LDB_SUCCESS) { + ret = EIO; + goto done; + } + /* do a synchronous add */ + ret = ldb_add(sysdb->ldb, msg); + if (ret != LDB_SUCCESS) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to initialize DB (%d, [%s]) " + "for domain %s!\n", + ret, ldb_errstring(sysdb->ldb), + domain_name)); + ret = EIO; + goto done; + } + talloc_zfree(msg); + + /* == create Groups tree == */ + + msg = ldb_msg_new(tmp_ctx); + if (!msg) { + ret = ENOMEM; + goto done; + } + msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, + SYSDB_TMPL_GROUP_BASE, domain_name); + if (!msg->dn) { + ret = ENOMEM; + goto done; + } + ret = ldb_msg_add_fmt(msg, "cn", "Groups"); + if (ret != LDB_SUCCESS) { + ret = EIO; + goto done; + } + /* do a synchronous add */ + ret = ldb_add(sysdb->ldb, msg); + if (ret != LDB_SUCCESS) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to initialize DB (%d, [%s]) for " + "domain %s!\n", + ret, ldb_errstring(sysdb->ldb), + domain_name)); + ret = EIO; + goto done; + } + talloc_zfree(msg); + + ret = EOK; + +done: + talloc_zfree(tmp_ctx); + return ret; +} + static int remove_sysdb_from_domain(void *mem) { struct sysdb_ctx *ctx = talloc_get_type(mem, struct sysdb_ctx); @@ -817,7 +925,6 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb; const char *base_ldif; struct ldb_ldif *ldif; - struct ldb_message *msg; struct ldb_message_element *el; struct ldb_result *res; struct ldb_dn *verdn; @@ -994,88 +1101,10 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, ldb_ldif_read_free(sysdb->ldb, ldif); } - /* == create base domain object == */ - - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, SYSDB_DOM_BASE, domain->name); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_fmt(msg, "cn", "%s", domain->name); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - /* do a synchronous add */ - ret = ldb_add(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - DEBUG(0, ("Failed to initialize DB (%d, [%s]) for domain %s!\n", - ret, ldb_errstring(sysdb->ldb), domain->name)); - ret = EIO; - goto done; - } - talloc_zfree(msg); - - /* == create Users tree == */ - - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, - SYSDB_TMPL_USER_BASE, domain->name); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_fmt(msg, "cn", "Users"); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - /* do a synchronous add */ - ret = ldb_add(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - DEBUG(0, ("Failed to initialize DB (%d, [%s]) for domain %s!\n", - ret, ldb_errstring(sysdb->ldb), domain->name)); - ret = EIO; - goto done; - } - talloc_zfree(msg); - - /* == create Groups tree == */ - - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, - SYSDB_TMPL_GROUP_BASE, domain->name); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_fmt(msg, "cn", "Groups"); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - /* do a synchronous add */ - ret = ldb_add(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - DEBUG(0, ("Failed to initialize DB (%d, [%s]) for domain %s!\n", - ret, ldb_errstring(sysdb->ldb), domain->name)); - ret = EIO; + ret = sysdb_domain_create(sysdb, domain->name); + if (ret != EOK) { goto done; } - talloc_zfree(msg); /* The cache has been newly created. * We need to reopen the LDB to ensure that diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 6a1006d05..56c9f0525 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -41,6 +41,7 @@ #define SYSDB_TMPL_CUSTOM_BASE SYSDB_CUSTOM_CONTAINER",cn=%s,"SYSDB_BASE #define SYSDB_TMPL_NETGROUP_BASE SYSDB_NETGROUP_CONTAINER",cn=%s,"SYSDB_BASE +#define SYSDB_SUBDOMAIN_CLASS "subdomain" #define SYSDB_USER_CLASS "user" #define SYSDB_GROUP_CLASS "group" #define SYSDB_NETGROUP_CLASS "netgroup" @@ -120,6 +121,9 @@ #define SYSDB_SSH_PUBKEY "sshPublicKey" +#define SYSDB_SUBDOMAIN_FLAT "flatName" +#define SYSDB_SUBDOMAIN_ID "domainID" + #define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)" #define SYSDB_UC "objectclass="SYSDB_USER_CLASS @@ -207,6 +211,13 @@ struct sysdb_attrs { /* sysdb_attrs helper functions */ struct sysdb_attrs *sysdb_new_attrs(TALLOC_CTX *mem_ctx); +struct subdomain_info { + char *name; + char *flat_name; + char *id; +}; + + /* values are copied in the structure, allocated on "attrs" */ int sysdb_attrs_add_val(struct sysdb_attrs *attrs, const char *name, const struct ldb_val *val); @@ -308,6 +319,67 @@ int sysdb_transaction_start(struct sysdb_ctx *sysdb); int sysdb_transaction_commit(struct sysdb_ctx *sysdb); int sysdb_transaction_cancel(struct sysdb_ctx *sysdb); +/* functions related to subdomains */ +errno_t sysdb_get_subdomains(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + size_t *subdomain_count, + struct subdomain_info ***subdomain_list); + +errno_t sysdb_domain_create(struct sysdb_ctx *sysdb, const char *domain_name); + +errno_t sysdb_update_subdomains(struct sysdb_ctx *sysdb, + struct subdomain_info **subdomains); + +errno_t sysdb_get_subdomain_context(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *subdomain, + struct sysdb_ctx **subdomain_ctx); + + +errno_t sysdb_search_domuser_by_name(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *name, + const char **attrs, + struct ldb_message **msg); +errno_t sysdb_search_domuser_by_uid(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + uid_t uid, + const char **attrs, + struct ldb_message **msg); +errno_t sysdb_store_domuser(struct sss_domain_info *domain, + const char *name, + const char *pwd, + uid_t uid, gid_t gid, + const char *gecos, + const char *homedir, + const char *shell, + struct sysdb_attrs *attrs, + char **remove_attrs, + uint64_t cache_timeout, + time_t now); +errno_t sysdb_delete_domuser(struct sss_domain_info *domain, + const char *name, uid_t uid); + + +errno_t sysdb_search_domgroup_by_name(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *name, + const char **attrs, + struct ldb_message **msg); +errno_t sysdb_search_domgroup_by_gid(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + gid_t gid, + const char **attrs, + struct ldb_message **msg); +errno_t sysdb_store_domgroup(struct sss_domain_info *domain, + const char *name, + gid_t gid, + struct sysdb_attrs *attrs, + uint64_t cache_timeout, + time_t now); +errno_t sysdb_delete_domgroup(struct sss_domain_info *domain, + const char *name, gid_t gid); + /* Sysdb initialization. * call this function *only* once to initialize the database and get * the sysdb ctx */ diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c new file mode 100644 index 000000000..bac846ef7 --- /dev/null +++ b/src/db/sysdb_subdomains.c @@ -0,0 +1,435 @@ +/* + SSSD + + System Database - Sub-domain related calls + + Copyright (C) 2012 Jan Zeleny <jzeleny@redhat.com> + Copyright (C) 2012 Sumit Bose <sbose@redhat.com> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "util/util.h" +#include "db/sysdb_private.h" + +errno_t sysdb_get_subdomains(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + size_t *subdomain_count, + struct subdomain_info ***subdomain_list) +{ + int i; + errno_t ret; + TALLOC_CTX *tmp_ctx; + struct ldb_result *res; + const char *attrs[] = {"cn", + SYSDB_SUBDOMAIN_FLAT, + SYSDB_SUBDOMAIN_ID, + NULL}; + struct subdomain_info **list; + struct ldb_dn *basedn; + const char *tmp_str; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + basedn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_BASE); + if (basedn == NULL) { + ret = EIO; + goto done; + } + ret = ldb_search(sysdb->ldb, tmp_ctx, &res, + basedn, LDB_SCOPE_ONELEVEL, + attrs, "objectclass=%s", SYSDB_SUBDOMAIN_CLASS); + if (ret != LDB_SUCCESS) { + ret = EIO; + goto done; + } + + list = talloc_zero_array(tmp_ctx, struct subdomain_info *, res->count); + if (list == NULL) { + ret = ENOMEM; + goto done; + } + + for (i = 0; i < res->count; i++) { + list[i] = talloc_zero(list, struct subdomain_info); + if (list[i] == NULL) { + ret = ENOMEM; + goto done; + } + tmp_str = ldb_msg_find_attr_as_string(res->msgs[i], "cn", NULL); + if (tmp_str == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, ("The object [%s] doesn't have a name\n", + ldb_dn_get_linearized(res->msgs[i]->dn))); + ret = EINVAL; + goto done; + } + + list[i]->name = talloc_strdup(list, tmp_str); + if (list[i]->name == NULL) { + ret = ENOMEM; + goto done; + } + + tmp_str = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_SUBDOMAIN_FLAT, NULL); + if (tmp_str != NULL) { + list[i]->flat_name = talloc_strdup(list, tmp_str); + if (list[i]->flat_name == NULL) { + ret = ENOMEM; + goto done; + } + } + + tmp_str = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_SUBDOMAIN_ID, NULL); + if (tmp_str != NULL) { + list[i]->id = talloc_strdup(list, tmp_str); + if (list[i]->id == NULL) { + ret = ENOMEM; + goto done; + } + } + } + + *subdomain_count = res->count; + *subdomain_list = talloc_steal(mem_ctx, list); + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + +static errno_t sysdb_add_subdomain_attributes(struct sysdb_ctx *sysdb, + struct subdomain_info *domain_info) +{ + TALLOC_CTX *tmp_ctx; + struct ldb_message *msg; + int ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + msg = ldb_msg_new(tmp_ctx); + if (msg == NULL) { + ret = ENOMEM; + goto done; + } + + msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, SYSDB_DOM_BASE, + domain_info->name); + if (msg->dn == NULL) { + ret = ENOMEM; + goto done; + } + + ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_ADD, NULL); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + ret = ldb_msg_add_fmt(msg, SYSDB_OBJECTCLASS, "%s", SYSDB_SUBDOMAIN_CLASS); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret);; + goto done; + } + + if (domain_info->flat_name != NULL) { + ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FLAT, LDB_FLAG_MOD_ADD, + NULL); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + ret = ldb_msg_add_fmt(msg, SYSDB_SUBDOMAIN_FLAT, "%s", + domain_info->flat_name); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret);; + goto done; + } + } + + if (domain_info->id != NULL) { + ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ID, LDB_FLAG_MOD_ADD, + NULL); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + ret = ldb_msg_add_fmt(msg, SYSDB_SUBDOMAIN_ID, "%s", + domain_info->id); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret);; + goto done; + } + } + + ret = ldb_modify(sysdb->ldb, msg); + if (ret != LDB_SUCCESS) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add subdomain attributes to " + "[%s]: [%d][%s]!\n", + domain_info->name, ret, + ldb_errstring(sysdb->ldb))); + ret = sysdb_error_to_errno(ret); + goto done; + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} + +errno_t sysdb_update_subdomains(struct sysdb_ctx *sysdb, + struct subdomain_info **subdomains) +{ + int ret; + int sret; + size_t c; + size_t d; + TALLOC_CTX *tmp_ctx = NULL; + size_t cur_subdomains_count; + struct subdomain_info **cur_subdomains; + struct ldb_dn *dn; + bool in_transaction = false; + bool *keep_subdomain; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + /* Retrieve all subdomains that are currently in sysdb */ + ret = sysdb_get_subdomains(tmp_ctx, sysdb, &cur_subdomains_count, + &cur_subdomains); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_get_subdomains failed.\n")); + goto done; + } + + keep_subdomain = talloc_zero_array(tmp_ctx, bool, cur_subdomains_count); + if (keep_subdomain == NULL) { + ret = ENOMEM; + DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero_array failed.\n")); + goto done; + } + + ret = sysdb_transaction_start(sysdb); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_transaction_start failed.\n")); + goto done; + } + in_transaction = true; + + /* Go through a list of retrieved subdomains and: + * - if a subdomain already exists in sysdb, mark it for preservation + * - if the subdomain doesn't exist in sysdb, create its bare structure + */ + for (c = 0; subdomains[c] != NULL; c++) { + for (d = 0; d < cur_subdomains_count; d++) { + if (strcasecmp(subdomains[c]->name, cur_subdomains[d]->name) == 0) { + keep_subdomain[d] = true; + /* sub-domain already in cache, nothing to do */ + break; + } + } + + if (d == cur_subdomains_count) { + DEBUG(SSSDBG_TRACE_FUNC, ("Adding sub-domain [%s].\n", + subdomains[c]->name)); + ret = sysdb_domain_create(sysdb, subdomains[c]->name); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_domain_create failed.\n")); + goto done; + } + + ret = sysdb_add_subdomain_attributes(sysdb, subdomains[c]); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("sysdb_add_subdomain_attributes failed.\n")); + goto done; + } + } + } + + /* Now delete all subdomains that have been in sysdb prior to + * refreshing the list and are not marked for preservation + * (i.e. they are not in the new list of subdomains) + */ + for (d = 0; d < cur_subdomains_count; d++) { + if (!keep_subdomain[d]) { + DEBUG(SSSDBG_TRACE_FUNC, ("Removing sub-domain [%s].\n", + cur_subdomains[d]->name)); + dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, + cur_subdomains[d]->name); + if (dn == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_delete_recursive(sysdb, dn, true); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_delete_recursive failed.\n")); + goto done; + } + } + } + + ret = sysdb_transaction_commit(sysdb); + if (ret == EOK) { + in_transaction = false; + } else { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not commit transaction\n")); + } + +done: + if (in_transaction) { + sret = sysdb_transaction_cancel(sysdb); + if (sret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); + } + } + talloc_free(tmp_ctx); + return ret; +} + +errno_t sysdb_get_subdomain_context(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *subdomain, + struct sysdb_ctx **subdomain_ctx) +{ + struct sysdb_ctx *new_ctx; + + new_ctx = talloc_zero(mem_ctx, struct sysdb_ctx); + if (new_ctx == NULL) { + return ENOMEM; + } + + new_ctx->domain = subdomain; + new_ctx->mpg = true; + + new_ctx->ldb = sysdb->ldb; + new_ctx->ldb_file = sysdb->ldb_file; + + *subdomain_ctx = new_ctx; + + return EOK; +} + +#define CHECK_DOMAIN_INFO(dom_info) do { \ + if (dom_info == NULL || dom_info->sysdb == NULL) { \ + DEBUG(SSSDBG_OP_FAILURE, ("Invalid domain info.\n")); \ + return EINVAL; \ + } \ +} while(0) + +errno_t sysdb_search_domuser_by_name(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *name, + const char **attrs, + struct ldb_message **msg) +{ + CHECK_DOMAIN_INFO(domain); + + return sysdb_search_user_by_name(mem_ctx, domain->sysdb, name, attrs, msg); +} + +errno_t sysdb_search_domuser_by_uid(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + uid_t uid, + const char **attrs, + struct ldb_message **msg) +{ + CHECK_DOMAIN_INFO(domain); + + return sysdb_search_user_by_uid(mem_ctx, domain->sysdb, uid, attrs, msg); +} + +errno_t sysdb_store_domuser(struct sss_domain_info *domain, + const char *name, + const char *pwd, + uid_t uid, gid_t gid, + const char *gecos, + const char *homedir, + const char *shell, + struct sysdb_attrs *attrs, + char **remove_attrs, + uint64_t cache_timeout, + time_t now) +{ + CHECK_DOMAIN_INFO(domain); + + return sysdb_store_user(domain->sysdb, name, pwd, uid, gid, gecos, homedir, + shell, attrs, remove_attrs, cache_timeout, now); +} + +errno_t sysdb_delete_domuser(struct sss_domain_info *domain, + const char *name, uid_t uid) +{ + CHECK_DOMAIN_INFO(domain); + + return sysdb_delete_user(domain->sysdb, name, uid); +} + +errno_t sysdb_search_domgroup_by_name(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *name, + const char **attrs, + struct ldb_message **msg) +{ + CHECK_DOMAIN_INFO(domain); + + return sysdb_search_group_by_name(mem_ctx, domain->sysdb, name, attrs, msg); +} + +errno_t sysdb_search_domgroup_by_gid(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + gid_t gid, + const char **attrs, + struct ldb_message **msg) +{ + CHECK_DOMAIN_INFO(domain); + + return sysdb_search_group_by_gid(mem_ctx, domain->sysdb, gid, attrs, msg); +} + +errno_t sysdb_store_domgroup(struct sss_domain_info *domain, + const char *name, + gid_t gid, + struct sysdb_attrs *attrs, + uint64_t cache_timeout, + time_t now) +{ + CHECK_DOMAIN_INFO(domain); + + return sysdb_store_group(domain->sysdb, name, gid, attrs, cache_timeout, + now); +} + +errno_t sysdb_delete_domgroup(struct sss_domain_info *domain, + const char *name, gid_t gid) +{ + CHECK_DOMAIN_INFO(domain); + + return sysdb_delete_group(domain->sysdb, name, gid); +} diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index 765b59d8a..bcf3f732b 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -3249,6 +3249,228 @@ START_TEST(test_sysdb_original_dn_case_insensitive) } END_TEST +const struct subdomain_info dom1 = {discard_const("dom1.sub"), + discard_const("dom1"), + discard_const("S-1")}; +const struct subdomain_info dom2 = {discard_const("dom2.sub"), + discard_const("dom2"), + discard_const("S-2")}; +const struct subdomain_info dom_t = {discard_const("test.sub"), + discard_const("test"), + discard_const("S-3")}; + +START_TEST(test_sysdb_subdomain_create) +{ + struct sysdb_test_ctx *test_ctx; + errno_t ret; + struct subdomain_info **cur_subdomains = NULL; + size_t cur_subdomains_count; + const struct subdomain_info *new_subdom1[] = { &dom1, NULL}; + const struct subdomain_info *new_subdom2[] = { &dom2, NULL}; + const struct subdomain_info *empty[] = { NULL}; + + ret = setup_sysdb_tests(&test_ctx); + fail_if(ret != EOK, "Could not set up the test"); + + ret = sysdb_get_subdomains(test_ctx, test_ctx->sysdb, + &cur_subdomains_count, &cur_subdomains); + fail_unless(ret == EOK, "sysdb_get_subdomains failed with [%d][%s]", + ret, strerror(ret)); + fail_unless(cur_subdomains != NULL, "No sub-domains returned."); + fail_unless(cur_subdomains[0] == NULL, "No empyt sub-domain list returned."); + + ret = sysdb_update_subdomains(test_ctx->sysdb, discard_const_p(struct subdomain_info *, new_subdom1)); + fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", + ret, strerror(ret)); + + ret = sysdb_get_subdomains(test_ctx, test_ctx->sysdb, + &cur_subdomains_count, &cur_subdomains); + fail_unless(ret == EOK, "sysdb_get_subdomains failed with [%d][%s]", + ret, strerror(ret)); + fail_unless(cur_subdomains != NULL, "No sub-domains returned."); + fail_unless(cur_subdomains[0] != NULL, "Empyt sub-domain list returned."); + fail_unless(strcmp(cur_subdomains[0]->name, new_subdom1[0]->name) == 0, + "Unexpected sub-domain found, expected [%s], got [%s]", + new_subdom1[0]->name, cur_subdomains[0]->name); + + ret = sysdb_update_subdomains(test_ctx->sysdb, discard_const_p(struct subdomain_info *, new_subdom2)); + fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", + ret, strerror(ret)); + + ret = sysdb_get_subdomains(test_ctx, test_ctx->sysdb, + &cur_subdomains_count, &cur_subdomains); + fail_unless(ret == EOK, "sysdb_get_subdomains failed with [%d][%s]", + ret, strerror(ret)); + fail_unless(cur_subdomains != NULL, "No sub-domains returned."); + fail_unless(cur_subdomains[0] != NULL, "Empyt sub-domain list returned."); + fail_unless(strcmp(cur_subdomains[0]->name, new_subdom2[0]->name) == 0, + "Unexpected sub-domain found, expected [%s], got [%s]", + new_subdom2[0]->name, cur_subdomains[0]->name); + + ret = sysdb_update_subdomains(test_ctx->sysdb, discard_const_p(struct subdomain_info *, empty)); + fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", + ret, strerror(ret)); + + ret = sysdb_get_subdomains(test_ctx, test_ctx->sysdb, + &cur_subdomains_count, &cur_subdomains); + fail_unless(ret == EOK, "sysdb_get_subdomains failed with [%d][%s]", + ret, strerror(ret)); + fail_unless(cur_subdomains != NULL, "No sub-domains returned."); + fail_unless(cur_subdomains[0] == NULL, "No empyt sub-domain list returned."); +} +END_TEST + +START_TEST(test_sysdb_subdomain_store_user) +{ + struct sysdb_test_ctx *test_ctx; + errno_t ret; + const struct subdomain_info *test_subdom[] = { &dom_t, NULL}; + struct sss_domain_info *subdomain = NULL; + struct ldb_result *results = NULL; + struct ldb_dn *base_dn = NULL; + struct ldb_dn *check_dn = NULL; + + ret = setup_sysdb_tests(&test_ctx); + fail_if(ret != EOK, "Could not set up the test"); + + ret = sysdb_update_subdomains(test_ctx->sysdb, discard_const_p(struct subdomain_info *, test_subdom)); + fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", + ret, strerror(ret)); + + subdomain = new_subdomain(test_ctx, test_ctx->domain, "test.sub", + NULL, NULL); + fail_unless(subdomain != NULL, "new_subdomain failed."); + + ret = sysdb_store_user(subdomain->sysdb, "subdomuser", NULL, 12345, 0, + "Sub Domain User", "/home/subdomuser", "/bin/bash", + NULL, NULL, -1, 0); + fail_unless(ret == EOK, "sysdb_store_user failed."); + + base_dn =ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, "cn=sysdb"); + fail_unless(base_dn != NULL); + + check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, + "name=subdomuser,cn=users,cn=test.sub,cn=sysdb"); + fail_unless(check_dn != NULL); + + ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn, + LDB_SCOPE_SUBTREE, NULL, "name=subdomuser"); + fail_unless(ret == EOK, "ldb_search failed."); + fail_unless(results->count == 1, "Unexpected number of results, " + "expected [%d], got [%d]", + 1, results->count); + fail_unless(ldb_dn_compare(results->msgs[0]->dn, check_dn) == 0, + "Unexpedted DN returned"); + + ret = sysdb_delete_user(subdomain->sysdb, "subdomuser", 0); + fail_unless(ret == EOK, "sysdb_delete_user failed [%d][%s].", + ret, strerror(ret)); + + ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn, + LDB_SCOPE_SUBTREE, NULL, "name=subdomuser"); + fail_unless(ret == EOK, "ldb_search failed."); + fail_unless(results->count == 0, "Unexpected number of results, " + "expected [%d], got [%d]", + 0, results->count); +} +END_TEST + +START_TEST(test_sysdb_subdomain_user_ops) +{ + struct sysdb_test_ctx *test_ctx; + errno_t ret; + const struct subdomain_info *test_subdom[] = { &dom_t, NULL}; + struct sss_domain_info *subdomain = NULL; + struct ldb_message *msg = NULL; + struct ldb_dn *check_dn = NULL; + + ret = setup_sysdb_tests(&test_ctx); + fail_if(ret != EOK, "Could not set up the test"); + + ret = sysdb_update_subdomains(test_ctx->sysdb, discard_const_p(struct subdomain_info *, test_subdom)); + fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", + ret, strerror(ret)); + + subdomain = new_subdomain(test_ctx, test_ctx->domain, "test.sub", + NULL, NULL); + fail_unless(subdomain != NULL, "new_subdomain failed."); + + ret = sysdb_store_domuser(subdomain, "subdomuser", NULL, 12345, 0, + "Sub Domain User", "/home/subdomuser", "/bin/bash", + NULL, NULL, -1, 0); + fail_unless(ret == EOK, "sysdb_store_domuser failed."); + + check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, + "name=subdomuser,cn=users,cn=test.sub,cn=sysdb"); + fail_unless(check_dn != NULL); + + ret = sysdb_search_domuser_by_name(test_ctx, subdomain, "subdomuser", NULL, + &msg); + fail_unless(ret == EOK, "sysdb_search_domuser_by_name failed with [%d][%s].", + ret, strerror(ret)); + fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, + "Unexpedted DN returned"); + + ret = sysdb_search_domuser_by_uid(test_ctx, subdomain, 12345, NULL, &msg); + fail_unless(ret == EOK, "sysdb_search_domuser_by_uid failed with [%d][%s].", + ret, strerror(ret)); + fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, + "Unexpedted DN returned"); + + ret = sysdb_delete_domuser(subdomain, "subdomuser", 12345); + fail_unless(ret == EOK, "sysdb_delete_domuser failed with [%d][%s].", + ret, strerror(ret)); + +} +END_TEST + +START_TEST(test_sysdb_subdomain_group_ops) +{ + struct sysdb_test_ctx *test_ctx; + errno_t ret; + const struct subdomain_info *test_subdom[] = { &dom_t, NULL}; + struct sss_domain_info *subdomain = NULL; + struct ldb_message *msg = NULL; + struct ldb_dn *check_dn = NULL; + + ret = setup_sysdb_tests(&test_ctx); + fail_if(ret != EOK, "Could not set up the test"); + + ret = sysdb_update_subdomains(test_ctx->sysdb, discard_const_p(struct subdomain_info *, test_subdom)); + fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", + ret, strerror(ret)); + + subdomain = new_subdomain(test_ctx, test_ctx->domain, "test.sub", + NULL, NULL); + fail_unless(subdomain != NULL, "new_subdomain failed."); + + ret = sysdb_store_domgroup(subdomain, "subdomgroup", 12345, NULL, -1, 0); + fail_unless(ret == EOK, "sysdb_store_domgroup failed."); + + check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, + "name=subdomgroup,cn=groups,cn=test.sub,cn=sysdb"); + fail_unless(check_dn != NULL); + + ret = sysdb_search_domgroup_by_name(test_ctx, subdomain, "subdomgroup", NULL, + &msg); + fail_unless(ret == EOK, "sysdb_search_domgroup_by_name failed with [%d][%s].", + ret, strerror(ret)); + fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, + "Unexpedted DN returned"); + + ret = sysdb_search_domgroup_by_gid(test_ctx, subdomain, 12345, NULL, &msg); + fail_unless(ret == EOK, "sysdb_search_domgroup_by_gid failed with [%d][%s].", + ret, strerror(ret)); + fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, + "Unexpedted DN returned"); + + ret = sysdb_delete_domgroup(subdomain, "subdomgroup", 12345); + fail_unless(ret == EOK, "sysdb_delete_domgroup failed with [%d][%s].", + ret, strerror(ret)); + +} +END_TEST + Suite *create_sysdb_suite(void) { Suite *s = suite_create("sysdb"); @@ -3454,6 +3676,16 @@ Suite *create_sysdb_suite(void) suite_add_tcase(s, tc_memberof); + TCase *tc_subdomain = tcase_create("SYSDB sub-domain Tests"); + + tcase_add_test(tc_subdomain, test_sysdb_subdomain_create); + tcase_add_test(tc_subdomain, test_sysdb_subdomain_store_user); + tcase_add_test(tc_subdomain, test_sysdb_subdomain_user_ops); + tcase_add_test(tc_subdomain, test_sysdb_subdomain_group_ops); + + suite_add_tcase(s, tc_subdomain); + + return s; } |