From 50936fc7230a9b3f01e285e72c4182013542f53e Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 1 Jun 2015 16:53:01 +0200 Subject: UTIL/SYSDB: Move new_subdomain() to sysdb_subdomains.c and make it private In order to make updating the subdomain list a two-step process. Therefore we need to make sure that update_subdomains() is the only interface towards the SSSD that changes the subdomain list. Move the new_subdomain() function to sysdb_subdomains.c and only make it available through a private header so it's usable by unit tests. Reviewed-by: Sumit Bose --- src/db/sysdb_private.h | 17 +++++ src/db/sysdb_subdomains.c | 133 ++++++++++++++++++++++++++++++++++++++++ src/tests/cmocka/test_nss_srv.c | 1 + src/util/domain_info_utils.c | 133 ---------------------------------------- src/util/util.h | 11 ---- 5 files changed, 151 insertions(+), 144 deletions(-) (limited to 'src') diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h index 8a5b8be8c..2adb9ff91 100644 --- a/src/db/sysdb_private.h +++ b/src/db/sysdb_private.h @@ -125,4 +125,21 @@ int add_string(struct ldb_message *msg, int flags, const char *attr, const char *value); int add_ulong(struct ldb_message *msg, int flags, const char *attr, unsigned long value); + +/* The utility function to create a subdomain sss_domain_info object is handy + * for unit tests, so it should be available in a header, but not a public util + * one, because the only interface for the deamon itself should be adding + * the sysdb domain object and calling sysdb_update_subdomains() + */ +struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, + struct sss_domain_info *parent, + const char *name, + const char *realm, + const char *flat_name, + const char *id, + bool mpg, + bool enumerate, + const char *forest, + uint32_t trust_direction); + #endif /* __INT_SYS_DB_H__ */ diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index 44cee5e03..1be904e8d 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -23,6 +23,139 @@ #include "util/util.h" #include "db/sysdb_private.h" +struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, + struct sss_domain_info *parent, + const char *name, + const char *realm, + const char *flat_name, + const char *id, + bool mpg, + bool enumerate, + const char *forest, + uint32_t trust_direction) +{ + struct sss_domain_info *dom; + bool inherit_option; + + DEBUG(SSSDBG_TRACE_FUNC, + "Creating [%s] as subdomain of [%s]!\n", name, parent->name); + + dom = talloc_zero(mem_ctx, struct sss_domain_info); + if (dom == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n"); + return NULL; + } + + dom->parent = parent; + + /* Sub-domains always have the same view as the parent */ + dom->has_views = parent->has_views; + if (parent->view_name != NULL) { + dom->view_name = talloc_strdup(dom, parent->view_name); + if (dom->view_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy parent's view name.\n"); + goto fail; + } + } + + dom->name = talloc_strdup(dom, name); + if (dom->name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy domain name.\n"); + goto fail; + } + + dom->provider = talloc_strdup(dom, parent->provider); + if (dom->provider == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy provider name.\n"); + goto fail; + } + + dom->conn_name = talloc_strdup(dom, parent->conn_name); + if (dom->conn_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy connection name.\n"); + goto fail; + } + + if (realm != NULL) { + dom->realm = talloc_strdup(dom, realm); + if (dom->realm == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy realm name.\n"); + goto fail; + } + } + + if (flat_name != NULL) { + dom->flat_name = talloc_strdup(dom, flat_name); + if (dom->flat_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy flat name.\n"); + goto fail; + } + } + + if (id != NULL) { + dom->domain_id = talloc_strdup(dom, id); + if (dom->domain_id == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy id.\n"); + goto fail; + } + } + + if (forest != NULL) { + dom->forest = talloc_strdup(dom, forest); + if (dom->forest == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy forest.\n"); + goto fail; + } + } + + dom->enumerate = enumerate; + dom->fqnames = true; + dom->mpg = mpg; + /* If the parent domain filters out group members, the subdomain should + * as well if configured */ + inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS, + parent->sd_inherit, false); + if (inherit_option) { + dom->ignore_group_members = parent->ignore_group_members; + } + + dom->trust_direction = trust_direction; + /* If the parent domain explicitly limits ID ranges, the subdomain + * should honour the limits as well. + */ + dom->id_min = parent->id_min ? parent->id_min : 0; + dom->id_max = parent->id_max ? parent->id_max : 0xffffffff; + dom->pwd_expiration_warning = parent->pwd_expiration_warning; + dom->cache_credentials = parent->cache_credentials; + dom->cache_credentials_min_ff_length = + parent->cache_credentials_min_ff_length; + dom->case_sensitive = false; + dom->user_timeout = parent->user_timeout; + dom->group_timeout = parent->group_timeout; + dom->netgroup_timeout = parent->netgroup_timeout; + dom->service_timeout = parent->service_timeout; + dom->names = parent->names; + + dom->override_homedir = parent->override_homedir; + dom->fallback_homedir = parent->fallback_homedir; + dom->subdomain_homedir = parent->subdomain_homedir; + dom->override_shell = parent->override_shell; + dom->default_shell = parent->default_shell; + dom->homedir_substr = parent->homedir_substr; + + if (parent->sysdb == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Missing sysdb context in parent domain.\n"); + goto fail; + } + dom->sysdb = parent->sysdb; + + return dom; + +fail: + talloc_free(dom); + return NULL; +} + errno_t sysdb_update_subdomains(struct sss_domain_info *domain) { int i; diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c index 2fbb1abbc..d1a4c1685 100644 --- a/src/tests/cmocka/test_nss_srv.c +++ b/src/tests/cmocka/test_nss_srv.c @@ -32,6 +32,7 @@ #include "responder/nss/nsssrv_private.h" #include "sss_client/idmap/sss_nss_idmap.h" #include "util/util_sss_idmap.h" +#include "db/sysdb_private.h" /* new_subdomain() */ #define TESTS_PATH "tests_nss" #define TEST_CONF_DB "test_nss_conf.ldb" diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index aa5fc9ad0..4eabcff7a 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -195,139 +195,6 @@ done: return dom; } -struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, - struct sss_domain_info *parent, - const char *name, - const char *realm, - const char *flat_name, - const char *id, - bool mpg, - bool enumerate, - const char *forest, - uint32_t trust_direction) -{ - struct sss_domain_info *dom; - bool inherit_option; - - DEBUG(SSSDBG_TRACE_FUNC, - "Creating [%s] as subdomain of [%s]!\n", name, parent->name); - - dom = talloc_zero(mem_ctx, struct sss_domain_info); - if (dom == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n"); - return NULL; - } - - dom->parent = parent; - - /* Sub-domains always have the same view as the parent */ - dom->has_views = parent->has_views; - if (parent->view_name != NULL) { - dom->view_name = talloc_strdup(dom, parent->view_name); - if (dom->view_name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to copy parent's view name.\n"); - goto fail; - } - } - - dom->name = talloc_strdup(dom, name); - if (dom->name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to copy domain name.\n"); - goto fail; - } - - dom->provider = talloc_strdup(dom, parent->provider); - if (dom->provider == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to copy provider name.\n"); - goto fail; - } - - dom->conn_name = talloc_strdup(dom, parent->conn_name); - if (dom->conn_name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to copy connection name.\n"); - goto fail; - } - - if (realm != NULL) { - dom->realm = talloc_strdup(dom, realm); - if (dom->realm == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to copy realm name.\n"); - goto fail; - } - } - - if (flat_name != NULL) { - dom->flat_name = talloc_strdup(dom, flat_name); - if (dom->flat_name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to copy flat name.\n"); - goto fail; - } - } - - if (id != NULL) { - dom->domain_id = talloc_strdup(dom, id); - if (dom->domain_id == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to copy id.\n"); - goto fail; - } - } - - if (forest != NULL) { - dom->forest = talloc_strdup(dom, forest); - if (dom->forest == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to copy forest.\n"); - goto fail; - } - } - - dom->enumerate = enumerate; - dom->fqnames = true; - dom->mpg = mpg; - /* If the parent domain filters out group members, the subdomain should - * as well if configured */ - inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS, - parent->sd_inherit, false); - if (inherit_option) { - dom->ignore_group_members = parent->ignore_group_members; - } - - dom->trust_direction = trust_direction; - /* If the parent domain explicitly limits ID ranges, the subdomain - * should honour the limits as well. - */ - dom->id_min = parent->id_min ? parent->id_min : 0; - dom->id_max = parent->id_max ? parent->id_max : 0xffffffff; - dom->pwd_expiration_warning = parent->pwd_expiration_warning; - dom->cache_credentials = parent->cache_credentials; - dom->cache_credentials_min_ff_length = - parent->cache_credentials_min_ff_length; - dom->case_sensitive = false; - dom->user_timeout = parent->user_timeout; - dom->group_timeout = parent->group_timeout; - dom->netgroup_timeout = parent->netgroup_timeout; - dom->service_timeout = parent->service_timeout; - dom->names = parent->names; - - dom->override_homedir = parent->override_homedir; - dom->fallback_homedir = parent->fallback_homedir; - dom->subdomain_homedir = parent->subdomain_homedir; - dom->override_shell = parent->override_shell; - dom->default_shell = parent->default_shell; - dom->homedir_substr = parent->homedir_substr; - - if (parent->sysdb == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Missing sysdb context in parent domain.\n"); - goto fail; - } - dom->sysdb = parent->sysdb; - - return dom; - -fail: - talloc_free(dom); - return NULL; -} - errno_t sssd_domain_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *domain_name, diff --git a/src/util/util.h b/src/util/util.h index 8eaeef45d..786ed303e 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -569,17 +569,6 @@ find_domain_by_object_name(struct sss_domain_info *domain, bool subdomain_enumerates(struct sss_domain_info *parent, const char *sd_name); -struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, - struct sss_domain_info *parent, - const char *name, - const char *realm, - const char *flat_name, - const char *id, - bool mpg, - bool enumerate, - const char *forest, - uint32_t trust_direction); - errno_t sssd_domain_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *domain_name, -- cgit