summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/confdb/confdb.h1
-rw-r--r--src/db/sysdb.h4
-rw-r--r--src/db/sysdb_subdomains.c51
-rw-r--r--src/providers/ad/ad_subdomains.c2
-rw-r--r--src/providers/ipa/ipa_subdomains.c2
-rw-r--r--src/tests/cmocka/test_fqnames.c2
-rw-r--r--src/tests/cmocka/test_nss_srv.c4
-rw-r--r--src/tests/sysdb-tests.c40
-rw-r--r--src/util/domain_info_utils.c4
-rw-r--r--src/util/util.h3
10 files changed, 91 insertions, 22 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 93fbce5e5..25b8fe8d3 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -260,6 +260,7 @@ struct sss_domain_info {
char *flat_name;
char *domain_id;
char *forest;
+ uint32_t trust_direction;
struct timeval subdomains_last_checked;
bool has_views;
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index c3d2c1406..5649f2cb1 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -138,6 +138,7 @@
#define SYSDB_SUBDOMAIN_MPG "mpg"
#define SYSDB_SUBDOMAIN_ENUM "enumerate"
#define SYSDB_SUBDOMAIN_FOREST "memberOfForest"
+#define SYSDB_SUBDOMAIN_TRUST_DIRECTION "trustDirection"
#define SYSDB_BASE_ID "baseID"
#define SYSDB_ID_RANGE_SIZE "idRangeSize"
@@ -430,7 +431,8 @@ errno_t sysdb_domain_create(struct sysdb_ctx *sysdb, const char *domain_name);
errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
const char *name, const char *realm,
const char *flat_name, const char *domain_id,
- bool mpg, bool enumerate, const char *forest);
+ bool mpg, bool enumerate, const char *forest,
+ uint32_t trust_direction);
errno_t sysdb_update_subdomains(struct sss_domain_info *domain);
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index 06e9e094e..44cee5e03 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -36,6 +36,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
SYSDB_SUBDOMAIN_MPG,
SYSDB_SUBDOMAIN_ENUM,
SYSDB_SUBDOMAIN_FOREST,
+ SYSDB_SUBDOMAIN_TRUST_DIRECTION,
NULL};
struct sss_domain_info *dom;
struct ldb_dn *basedn;
@@ -46,6 +47,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
const char *forest;
bool mpg;
bool enumerate;
+ uint32_t trust_direction;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
@@ -106,6 +108,10 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
forest = ldb_msg_find_attr_as_string(res->msgs[i],
SYSDB_SUBDOMAIN_FOREST, NULL);
+ trust_direction = ldb_msg_find_attr_as_int(res->msgs[i],
+ SYSDB_SUBDOMAIN_TRUST_DIRECTION,
+ 0);
+
/* explicitly use dom->next as we need to check 'disabled' domains */
for (dom = domain->subdomains; dom; dom = dom->next) {
if (strcasecmp(dom->name, name) == 0) {
@@ -155,7 +161,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
if (dom->enumerate != enumerate) {
DEBUG(SSSDBG_TRACE_INTERNAL,
- "MPG state change from [%s] to [%s]!\n",
+ "enumerate state change from [%s] to [%s]!\n",
dom->enumerate ? "true" : "false",
enumerate ? "true" : "false");
dom->enumerate = enumerate;
@@ -204,13 +210,21 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
}
}
+ if (dom->trust_direction != trust_direction) {
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Trust direction change from [%d] to [%d]!\n",
+ dom->trust_direction, trust_direction);
+ dom->trust_direction = trust_direction;
+ }
+
break;
}
}
/* If not found in loop it is a new subdomain */
if (dom == NULL) {
dom = new_subdomain(domain, domain, name, realm,
- flat, id, mpg, enumerate, forest);
+ flat, id, mpg, enumerate, forest,
+ trust_direction);
if (dom == NULL) {
ret = ENOMEM;
goto done;
@@ -524,7 +538,8 @@ done:
errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
const char *name, const char *realm,
const char *flat_name, const char *domain_id,
- bool mpg, bool enumerate, const char *forest)
+ bool mpg, bool enumerate, const char *forest,
+ uint32_t trust_direction)
{
TALLOC_CTX *tmp_ctx;
struct ldb_message *msg;
@@ -537,6 +552,7 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
SYSDB_SUBDOMAIN_MPG,
SYSDB_SUBDOMAIN_ENUM,
SYSDB_SUBDOMAIN_FOREST,
+ SYSDB_SUBDOMAIN_TRUST_DIRECTION,
NULL};
const char *tmp_str;
bool tmp_bool;
@@ -547,6 +563,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
int mpg_flags = 0;
int enum_flags = 0;
int forest_flags = 0;
+ int td_flags = 0;
+ uint32_t tmp_td;
int ret;
tmp_ctx = talloc_new(NULL);
@@ -578,6 +596,7 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
mpg_flags = LDB_FLAG_MOD_ADD;
enum_flags = LDB_FLAG_MOD_ADD;
if (forest) forest_flags = LDB_FLAG_MOD_ADD;
+ if (trust_direction) td_flags = LDB_FLAG_MOD_ADD;
} else if (res->count != 1) {
ret = EINVAL;
goto done;
@@ -622,10 +641,18 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
forest_flags = LDB_FLAG_MOD_REPLACE;
}
}
+
+ tmp_td = ldb_msg_find_attr_as_uint(res->msgs[0],
+ SYSDB_SUBDOMAIN_TRUST_DIRECTION,
+ 0);
+ if (tmp_td != trust_direction) {
+ td_flags = LDB_FLAG_MOD_REPLACE;
+ }
}
if (!store && realm_flags == 0 && flat_flags == 0 && id_flags == 0
- && mpg_flags == 0 && enum_flags == 0 && forest_flags == 0) {
+ && mpg_flags == 0 && enum_flags == 0 && forest_flags == 0
+ && td_flags == 0) {
ret = EOK;
goto done;
}
@@ -738,6 +765,22 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
}
}
+ if (td_flags) {
+ ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_TRUST_DIRECTION,
+ td_flags, NULL);
+ if (ret != LDB_SUCCESS) {
+ ret = sysdb_error_to_errno(ret);
+ goto done;
+ }
+
+ ret = ldb_msg_add_fmt(msg, SYSDB_SUBDOMAIN_TRUST_DIRECTION,
+ "%u", trust_direction);
+ if (ret != LDB_SUCCESS) {
+ ret = sysdb_error_to_errno(ret);
+ goto done;
+ }
+ }
+
ret = ldb_modify(sysdb->ldb, msg);
if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add subdomain attributes to "
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 71c01b9d7..ac9d8baa1 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -313,7 +313,7 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx,
sid_str);
ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str,
- mpg, enumerate, domain->forest);
+ mpg, enumerate, domain->forest, 0);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_subdomain_store failed.\n");
goto done;
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index b0cf92e43..bd2fb47ee 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -697,7 +697,7 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent,
}
ret = sysdb_subdomain_store(parent->sysdb, name, realm, flat,
- id, mpg, enumerate, forest);
+ id, mpg, enumerate, forest, 0);
if (ret) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_subdomain_store failed.\n");
goto done;
diff --git a/src/tests/cmocka/test_fqnames.c b/src/tests/cmocka/test_fqnames.c
index 0326d5a64..3932e9624 100644
--- a/src/tests/cmocka/test_fqnames.c
+++ b/src/tests/cmocka/test_fqnames.c
@@ -309,7 +309,7 @@ static int parse_name_test_setup(void **state)
* discovered
*/
test_ctx->subdom = new_subdomain(dom, dom, SUBDOMNAME, NULL, SUBFLATNAME,
- NULL, false, false, NULL);
+ NULL, false, false, NULL, 0);
assert_non_null(test_ctx->subdom);
check_leaks_push(test_ctx);
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 9119d4b15..2fbb1abbc 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -2666,12 +2666,12 @@ static int nss_subdom_test_setup(void **state)
subdomain = new_subdomain(nss_test_ctx, nss_test_ctx->tctx->dom,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL);
+ false, false, NULL, 0);
assert_non_null(subdomain);
ret = sysdb_subdomain_store(nss_test_ctx->tctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL);
+ false, false, NULL, 0);
assert_int_equal(ret, EOK);
ret = sysdb_update_subdomains(nss_test_ctx->tctx->dom);
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index 6a77c6eeb..81e31363b 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -1312,7 +1312,7 @@ START_TEST (test_sysdb_get_user_attr_subdomain)
/* Create subdomain */
subdomain = new_subdomain(test_ctx, test_ctx->domain,
"test.sub", "TEST.SUB", "test", "S-3",
- false, false, NULL);
+ false, false, NULL, 0);
fail_if(subdomain == NULL, "Failed to create new subdomain.");
ret = sss_names_init_from_args(test_ctx,
@@ -5235,21 +5235,22 @@ START_TEST(test_sysdb_subdomain_create)
ret = sysdb_subdomain_store(test_ctx->sysdb,
dom1[0], dom1[1], dom1[2], dom1[3],
- false, false, NULL);
+ false, false, NULL, 0);
fail_if(ret != EOK, "Could not set up the test (dom1)");
ret = sysdb_update_subdomains(test_ctx->domain);
fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]",
ret, strerror(ret));
- fail_if(test_ctx->domain->subdomains == NULL, "Empyt sub-domain list.");
+ fail_if(test_ctx->domain->subdomains == NULL, "Empty sub-domain list.");
fail_if(strcmp(test_ctx->domain->subdomains->name, dom1[0]) != 0,
"Unexpected sub-domain found, expected [%s], got [%s]",
dom1[0], test_ctx->domain->subdomains->name);
+ fail_unless(test_ctx->domain->subdomains->trust_direction == 0);
ret = sysdb_subdomain_store(test_ctx->sysdb,
dom2[0], dom2[1], dom2[2], dom2[3],
- false, false, NULL);
+ false, false, NULL, 1);
fail_if(ret != EOK, "Could not set up the test (dom2)");
ret = sysdb_update_subdomains(test_ctx->domain);
@@ -5260,6 +5261,25 @@ START_TEST(test_sysdb_subdomain_create)
fail_if(strcmp(test_ctx->domain->subdomains->next->name, dom2[0]) != 0,
"Unexpected sub-domain found, expected [%s], got [%s]",
dom2[0], test_ctx->domain->subdomains->next->name);
+ fail_unless(test_ctx->domain->subdomains->next->trust_direction == 1);
+
+ /* Reverse the trust directions */
+ ret = sysdb_subdomain_store(test_ctx->sysdb,
+ dom1[0], dom1[1], dom1[2], dom1[3],
+ false, false, NULL, 1);
+ fail_if(ret != EOK, "Could not set up the test (dom1)");
+
+ ret = sysdb_subdomain_store(test_ctx->sysdb,
+ dom2[0], dom2[1], dom2[2], dom2[3],
+ false, false, NULL, 0);
+ fail_if(ret != EOK, "Could not set up the test (dom2)");
+
+ ret = sysdb_update_subdomains(test_ctx->domain);
+ fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]",
+ ret, strerror(ret));
+
+ fail_unless(test_ctx->domain->subdomains->trust_direction == 1);
+ fail_unless(test_ctx->domain->subdomains->next->trust_direction == 0);
ret = sysdb_subdomain_delete(test_ctx->sysdb, dom2[0]);
fail_if(ret != EOK, "Could not delete subdomain");
@@ -5294,11 +5314,11 @@ START_TEST(test_sysdb_subdomain_store_user)
subdomain = new_subdomain(test_ctx, test_ctx->domain,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL);
+ false, false, NULL, 0);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL);
+ false, false, NULL, 0);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
ret = sysdb_update_subdomains(test_ctx->domain);
@@ -5365,11 +5385,11 @@ START_TEST(test_sysdb_subdomain_user_ops)
subdomain = new_subdomain(test_ctx, test_ctx->domain,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL);
+ false, false, NULL, 0);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL);
+ false, false, NULL, 0);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
ret = sysdb_update_subdomains(test_ctx->domain);
@@ -5420,11 +5440,11 @@ START_TEST(test_sysdb_subdomain_group_ops)
subdomain = new_subdomain(test_ctx, test_ctx->domain,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL);
+ false, false, NULL, 0);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL);
+ false, false, NULL, 0);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
ret = sysdb_update_subdomains(test_ctx->domain);
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index 073ba3c6a..aa5fc9ad0 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -203,7 +203,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
const char *id,
bool mpg,
bool enumerate,
- const char *forest)
+ const char *forest,
+ uint32_t trust_direction)
{
struct sss_domain_info *dom;
bool inherit_option;
@@ -290,6 +291,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
dom->ignore_group_members = parent->ignore_group_members;
}
+ dom->trust_direction = trust_direction;
/* If the parent domain explicitly limits ID ranges, the subdomain
* should honour the limits as well.
*/
diff --git a/src/util/util.h b/src/util/util.h
index c86bcea5b..8eaeef45d 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -577,7 +577,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
const char *id,
bool mpg,
bool enumerate,
- const char *forest);
+ const char *forest,
+ uint32_t trust_direction);
errno_t sssd_domain_init(TALLOC_CTX *mem_ctx,
struct confdb_ctx *cdb,
generated by cgit (git 2.34.1) at 2024-11-05 22:18:03 +0000