SUBDOMAINS: Allow use_fully_qualified_names for subdomains

Allow option use_fully_qualified_names in subdomain section.
This option was recently added to subdomain_inherit.

Resolves:
https://pagure.io/SSSD/sssd/issue/3337

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

3 files changed, 64 insertions, 5 deletions

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 0cbb2c5c0..6762b51be 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -494,7 +494,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
                               uint32_t trust_direction,
                               struct ldb_message_element *upn_suffixes);
 
-errno_t sysdb_update_subdomains(struct sss_domain_info *domain);
+errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+                                struct confdb_ctx *confdb);
 
 errno_t sysdb_master_domain_update(struct sss_domain_info *domain);
 
diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
index bfd247999..dfddd2dda 100644
--- a/src/db/sysdb_private.h
+++ b/src/db/sysdb_private.h
@@ -191,7 +191,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
                                       bool enumerate,
                                       const char *forest,
                                       const char **upn_suffixes,
-                                      uint32_t trust_direction);
+                                      uint32_t trust_direction,
+                                      struct confdb_ctx *confdb);
 
 /* Helper functions to deal with the timestamp cache should not be used
  * outside the sysdb itself. The timestamp cache should be completely
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index 01f49763b..916dbba15 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -23,6 +23,10 @@
 #include "util/util.h"
 #include "db/sysdb_private.h"
 
+static errno_t
+check_subdom_config_file(struct confdb_ctx *confdb,
+                         struct sss_domain_info *subdomain);
+
 struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
                                       struct sss_domain_info *parent,
                                       const char *name,
@@ -33,10 +37,12 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
                                       bool enumerate,
                                       const char *forest,
                                       const char **upn_suffixes,
-                                      uint32_t trust_direction)
+                                      uint32_t trust_direction,
+                                      struct confdb_ctx *confdb)
 {
     struct sss_domain_info *dom;
     bool inherit_option;
+    errno_t ret;
 
     DEBUG(SSSDBG_TRACE_FUNC,
           "Creating [%s] as subdomain of [%s]!\n", name, parent->name);
@@ -160,6 +166,17 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
     }
     dom->sysdb = parent->sysdb;
 
+    if (confdb != NULL) {
+        /* If confdb was provided, also check for sssd.conf */
+        ret = check_subdom_config_file(confdb, dom);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "Failed to read subdomain configuration [%d]: %s",
+                   ret, sss_strerror(ret));
+            goto fail;
+        }
+    }
+
     return dom;
 
 fail:
@@ -167,6 +184,45 @@ fail:
     return NULL;
 }
 
+static errno_t
+check_subdom_config_file(struct confdb_ctx *confdb,
+                         struct sss_domain_info *subdomain)
+{
+    char *sd_conf_path;
+    TALLOC_CTX *tmp_ctx;
+    errno_t ret;
+
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        return ENOMEM;
+    }
+
+    sd_conf_path = subdomain_create_conf_path(tmp_ctx, subdomain);
+    if (sd_conf_path == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    /* use_fully_qualified_names */
+    ret = confdb_get_bool(confdb, sd_conf_path, CONFDB_DOMAIN_FQ,
+                          true, &subdomain->fqnames);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "Failed to get %s option for the subdomain: %s\n",
+              CONFDB_DOMAIN_FQ, subdomain->name);
+        goto done;
+    }
+
+    DEBUG(SSSDBG_CONF_SETTINGS, "%s/%s has value %s\n",
+          sd_conf_path, CONFDB_DOMAIN_FQ,
+          subdomain->fqnames ? "TRUE" : "FALSE");
+
+    ret = EOK;
+done:
+    talloc_free(tmp_ctx);
+    return ret;
+}
+
 static bool is_forest_root(struct sss_domain_info *d)
 {
     if (d->forest == NULL) {
@@ -232,7 +288,8 @@ static void link_forest_roots(struct sss_domain_info *domain)
     }
 }
 
-errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
+errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+                                struct confdb_ctx *confdb)
 {
     int i;
     errno_t ret;
@@ -451,7 +508,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
         if (dom == NULL) {
             dom = new_subdomain(domain, domain, name, realm,
                                 flat, id, mpg, enumerate, forest,
-                                upn_suffixes, trust_direction);
+                                upn_suffixes, trust_direction, confdb);
             if (dom == NULL) {
                 ret = ENOMEM;
                 goto done;