diff options
author | Michal Židek <mzidek@redhat.com> | 2017-03-23 13:14:56 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-29 14:00:17 +0200 |
commit | a63d74f65db2db7389cd373cb37adcdaaa2d56ea (patch) | |
tree | 6be7d69c1593aba3bbcb0b473d518f3bf1f5286a /src/db | |
parent | e0e038218580166648ac24f23180f0f4c2769d99 (diff) | |
download | sssd-a63d74f65db2db7389cd373cb37adcdaaa2d56ea.tar.gz sssd-a63d74f65db2db7389cd373cb37adcdaaa2d56ea.tar.xz sssd-a63d74f65db2db7389cd373cb37adcdaaa2d56ea.zip |
SUBDOMAINS: Allow use_fully_qualified_names for subdomains
Allow option use_fully_qualified_names in subdomain section.
This option was recently added to subdomain_inherit.
Resolves:
https://pagure.io/SSSD/sssd/issue/3337
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Diffstat (limited to 'src/db')
-rw-r--r-- | src/db/sysdb.h | 3 | ||||
-rw-r--r-- | src/db/sysdb_private.h | 3 | ||||
-rw-r--r-- | src/db/sysdb_subdomains.c | 63 |
3 files changed, 64 insertions, 5 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 0cbb2c5c0..6762b51be 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -494,7 +494,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb, uint32_t trust_direction, struct ldb_message_element *upn_suffixes); -errno_t sysdb_update_subdomains(struct sss_domain_info *domain); +errno_t sysdb_update_subdomains(struct sss_domain_info *domain, + struct confdb_ctx *confdb); errno_t sysdb_master_domain_update(struct sss_domain_info *domain); diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h index bfd247999..dfddd2dda 100644 --- a/src/db/sysdb_private.h +++ b/src/db/sysdb_private.h @@ -191,7 +191,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, bool enumerate, const char *forest, const char **upn_suffixes, - uint32_t trust_direction); + uint32_t trust_direction, + struct confdb_ctx *confdb); /* Helper functions to deal with the timestamp cache should not be used * outside the sysdb itself. The timestamp cache should be completely diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index 01f49763b..916dbba15 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -23,6 +23,10 @@ #include "util/util.h" #include "db/sysdb_private.h" +static errno_t +check_subdom_config_file(struct confdb_ctx *confdb, + struct sss_domain_info *subdomain); + struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, struct sss_domain_info *parent, const char *name, @@ -33,10 +37,12 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, bool enumerate, const char *forest, const char **upn_suffixes, - uint32_t trust_direction) + uint32_t trust_direction, + struct confdb_ctx *confdb) { struct sss_domain_info *dom; bool inherit_option; + errno_t ret; DEBUG(SSSDBG_TRACE_FUNC, "Creating [%s] as subdomain of [%s]!\n", name, parent->name); @@ -160,6 +166,17 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, } dom->sysdb = parent->sysdb; + if (confdb != NULL) { + /* If confdb was provided, also check for sssd.conf */ + ret = check_subdom_config_file(confdb, dom); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read subdomain configuration [%d]: %s", + ret, sss_strerror(ret)); + goto fail; + } + } + return dom; fail: @@ -167,6 +184,45 @@ fail: return NULL; } +static errno_t +check_subdom_config_file(struct confdb_ctx *confdb, + struct sss_domain_info *subdomain) +{ + char *sd_conf_path; + TALLOC_CTX *tmp_ctx; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + sd_conf_path = subdomain_create_conf_path(tmp_ctx, subdomain); + if (sd_conf_path == NULL) { + ret = ENOMEM; + goto done; + } + + /* use_fully_qualified_names */ + ret = confdb_get_bool(confdb, sd_conf_path, CONFDB_DOMAIN_FQ, + true, &subdomain->fqnames); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to get %s option for the subdomain: %s\n", + CONFDB_DOMAIN_FQ, subdomain->name); + goto done; + } + + DEBUG(SSSDBG_CONF_SETTINGS, "%s/%s has value %s\n", + sd_conf_path, CONFDB_DOMAIN_FQ, + subdomain->fqnames ? "TRUE" : "FALSE"); + + ret = EOK; +done: + talloc_free(tmp_ctx); + return ret; +} + static bool is_forest_root(struct sss_domain_info *d) { if (d->forest == NULL) { @@ -232,7 +288,8 @@ static void link_forest_roots(struct sss_domain_info *domain) } } -errno_t sysdb_update_subdomains(struct sss_domain_info *domain) +errno_t sysdb_update_subdomains(struct sss_domain_info *domain, + struct confdb_ctx *confdb) { int i; errno_t ret; @@ -451,7 +508,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain) if (dom == NULL) { dom = new_subdomain(domain, domain, name, realm, flat, id, mpg, enumerate, forest, - upn_suffixes, trust_direction); + upn_suffixes, trust_direction, confdb); if (dom == NULL) { ret = ENOMEM; goto done; |