diff options
| author | Sumit Bose <sbose@redhat.com> | 2016-07-01 12:54:39 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-07-18 17:10:59 +0200 |
| commit | 20348a30feb4be619b3b691c24c9be8131507c46 (patch) | |
| tree | 7aa7c86963d3cf7bdaddb188088738c873bdfe2f /src | |
| parent | 132b31fd5fb74a7627896cdceaf29c7601ed4795 (diff) | |
| download | sssd-20348a30feb4be619b3b691c24c9be8131507c46.tar.gz sssd-20348a30feb4be619b3b691c24c9be8131507c46.tar.xz sssd-20348a30feb4be619b3b691c24c9be8131507c46.zip | |
sysdb: make subdomain calls aware of upn_suffixes
sysdb_subdomain_store() and sysdb_update_subdomains() can now update
upn_suffixes as well.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/confdb/confdb.h | 2 | ||||
| -rw-r--r-- | src/db/sysdb.h | 3 | ||||
| -rw-r--r-- | src/db/sysdb_subdomains.c | 56 | ||||
| -rw-r--r-- | src/providers/ad/ad_subdomains.c | 2 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 9 | ||||
| -rw-r--r-- | src/tests/cmocka/test_ipa_subdomains_server.c | 4 | ||||
| -rw-r--r-- | src/tests/cmocka/test_nss_srv.c | 2 | ||||
| -rw-r--r-- | src/tests/cmocka/test_sysdb_subdomains.c | 28 | ||||
| -rw-r--r-- | src/tests/sysdb-tests.c | 6 |
9 files changed, 85 insertions, 27 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 0265ccac5..72adbd80e 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -315,7 +315,7 @@ struct sss_domain_info { */ char *forest; struct sss_domain_info *forest_root; - char **upn_suffixes; + const char **upn_suffixes; }; /** diff --git a/src/db/sysdb.h b/src/db/sysdb.h index a8dcaa4a9..407ce3c18 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -466,7 +466,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb, const char *name, const char *realm, const char *flat_name, const char *domain_id, bool mpg, bool enumerate, const char *forest, - uint32_t trust_direction); + uint32_t trust_direction, + struct ldb_message_element *upn_suffixes); errno_t sysdb_update_subdomains(struct sss_domain_info *domain); diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index c0a190f36..02206e470 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -237,6 +237,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain) SYSDB_SUBDOMAIN_ENUM, SYSDB_SUBDOMAIN_FOREST, SYSDB_SUBDOMAIN_TRUST_DIRECTION, + SYSDB_UPN_SUFFIXES, NULL}; struct sss_domain_info *dom; struct ldb_dn *basedn; @@ -248,6 +249,8 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain) bool mpg; bool enumerate; uint32_t trust_direction; + struct ldb_message_element *tmp_el; + const char **upn_suffixes; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -308,6 +311,17 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain) forest = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_SUBDOMAIN_FOREST, NULL); + upn_suffixes = NULL; + tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES); + if (tmp_el != NULL) { + upn_suffixes = sss_ldb_el_to_string_list(tmp_ctx, tmp_el); + if (upn_suffixes == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "sss_ldb_el_to_string_list failed.\n"); + ret = ENOMEM; + goto done; + } + } + trust_direction = ldb_msg_find_attr_as_int(res->msgs[i], SYSDB_SUBDOMAIN_TRUST_DIRECTION, 0); @@ -382,6 +396,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain) } } + talloc_zfree(dom->upn_suffixes); + dom->upn_suffixes = talloc_steal(dom, upn_suffixes); + if (!dom->has_views && dom->view_name == NULL) { /* maybe views are not initialized, copy from parent */ dom->has_views = dom->parent->has_views; @@ -448,7 +465,7 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain) errno_t ret; TALLOC_CTX *tmp_ctx; const char *tmp_str; - struct ldb_message_element **tmp_el; + struct ldb_message_element *tmp_el; struct ldb_dn *basedn; struct ldb_result *res; const char *attrs[] = {"cn", @@ -806,7 +823,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb, const char *name, const char *realm, const char *flat_name, const char *domain_id, bool mpg, bool enumerate, const char *forest, - uint32_t trust_direction) + uint32_t trust_direction, + struct ldb_message_element *upn_suffixes) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; @@ -820,8 +838,10 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb, SYSDB_SUBDOMAIN_ENUM, SYSDB_SUBDOMAIN_FOREST, SYSDB_SUBDOMAIN_TRUST_DIRECTION, + SYSDB_UPN_SUFFIXES, NULL}; const char *tmp_str; + struct ldb_message_element *tmp_el; bool tmp_bool; bool store = false; int realm_flags = 0; @@ -831,6 +851,7 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb, int enum_flags = 0; int forest_flags = 0; int td_flags = 0; + int upn_flags = 0; uint32_t tmp_td; int ret; @@ -864,6 +885,7 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb, enum_flags = LDB_FLAG_MOD_ADD; if (forest) forest_flags = LDB_FLAG_MOD_ADD; if (trust_direction) td_flags = LDB_FLAG_MOD_ADD; + if (upn_suffixes) upn_flags = LDB_FLAG_MOD_ADD; } else if (res->count != 1) { ret = EINVAL; goto done; @@ -915,11 +937,21 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb, if (tmp_td != trust_direction) { td_flags = LDB_FLAG_MOD_REPLACE; } + + if (upn_suffixes) { + tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES); + /* Luckily ldb_msg_element_compare() only compares the values and + * not the name. */ + if (tmp_el == NULL + || ldb_msg_element_compare(upn_suffixes, tmp_el) != 0) { + upn_flags = LDB_FLAG_MOD_REPLACE; + } + } } if (!store && realm_flags == 0 && flat_flags == 0 && id_flags == 0 && mpg_flags == 0 && enum_flags == 0 && forest_flags == 0 - && td_flags == 0) { + && td_flags == 0 && upn_flags == 0) { ret = EOK; goto done; } @@ -1048,6 +1080,24 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb, } } + if (upn_flags) { + tmp_el = talloc_zero(tmp_ctx, struct ldb_message_element); + if (tmp_el == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n"); + ret = ENOMEM; + goto done; + } + + tmp_el->name = SYSDB_UPN_SUFFIXES; + tmp_el->num_values = upn_suffixes->num_values; + tmp_el->values = upn_suffixes->values; + ret = ldb_msg_add(msg, tmp_el, upn_flags); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + } + ret = ldb_modify(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add subdomain attributes to " diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 0a8d1f53c..928c4fe93 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -252,7 +252,7 @@ ad_subdom_store(struct sdap_idmap_ctx *idmap_ctx, mpg = sdap_idmap_domain_has_algorithmic_mapping(idmap_ctx, name, sid_str); ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str, - mpg, enumerate, domain->forest, 0); + mpg, enumerate, domain->forest, 0, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_subdomain_store failed.\n"); goto done; diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 62b8f65e5..925b1d8b1 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -375,6 +375,7 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent, bool mpg; bool enumerate; uint32_t direction; + struct ldb_message_element *alternative_domain_suffixes = NULL; tmp_ctx = talloc_new(parent); if (tmp_ctx == NULL) { @@ -405,6 +406,12 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent, goto done; } + ret = sysdb_attrs_get_el_ext(attrs, IPA_ADDITIONAL_SUFFIXES, false, + &alternative_domain_suffixes); + if (ret != EOK && ret != ENOENT) { + goto done; + } + mpg = sdap_idmap_domain_has_algorithmic_mapping(sdap_idmap_ctx, name, id); ret = ipa_subdom_get_forest(tmp_ctx, sysdb_ctx_get_ldb(parent->sysdb), @@ -431,7 +438,7 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent, "Trust direction of %s is %s\n", name, ipa_trust_dir2str(direction)); ret = sysdb_subdomain_store(parent->sysdb, name, realm, flat, id, mpg, enumerate, forest, - direction); + direction, alternative_domain_suffixes); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_subdomain_store failed.\n"); goto done; diff --git a/src/tests/cmocka/test_ipa_subdomains_server.c b/src/tests/cmocka/test_ipa_subdomains_server.c index 0fddc9518..123cf11c0 100644 --- a/src/tests/cmocka/test_ipa_subdomains_server.c +++ b/src/tests/cmocka/test_ipa_subdomains_server.c @@ -253,14 +253,14 @@ static void add_test_subdomains(struct trust_test_ctx *test_ctx, SUBDOM_NAME, SUBDOM_REALM, NULL, SUBDOM_SID, true, false, SUBDOM_REALM, - direction); + direction, NULL); assert_int_equal(ret, EOK); ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, CHILD_NAME, CHILD_REALM, CHILD_FLAT, CHILD_SID, true, false, SUBDOM_REALM, - direction); + direction, NULL); assert_int_equal(ret, EOK); ret = sysdb_update_subdomains(test_ctx->tctx->dom); diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c index 4137e9151..82a304fee 100644 --- a/src/tests/cmocka/test_nss_srv.c +++ b/src/tests/cmocka/test_nss_srv.c @@ -3089,7 +3089,7 @@ static int nss_subdom_test_setup(void **state) ret = sysdb_subdomain_store(nss_test_ctx->tctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, 0); + false, false, NULL, 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_update_subdomains(nss_test_ctx->tctx->dom); diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c index 6d1ec8842..c9db56841 100644 --- a/src/tests/cmocka/test_sysdb_subdomains.c +++ b/src/tests/cmocka/test_sysdb_subdomains.c @@ -103,7 +103,7 @@ static void test_sysdb_subdomain_create(void **state) ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, dom1[0], dom1[1], dom1[2], dom1[3], - false, false, NULL, 0); + false, false, NULL, 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_update_subdomains(test_ctx->tctx->dom); @@ -115,7 +115,7 @@ static void test_sysdb_subdomain_create(void **state) ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, dom2[0], dom2[1], dom2[2], dom2[3], - false, false, NULL, 1); + false, false, NULL, 1, NULL); assert_int_equal(ret, EOK); ret = sysdb_update_subdomains(test_ctx->tctx->dom); @@ -128,12 +128,12 @@ static void test_sysdb_subdomain_create(void **state) /* Reverse the trust directions */ ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, dom1[0], dom1[1], dom1[2], dom1[3], - false, false, NULL, 1); + false, false, NULL, 1, NULL); assert_int_equal(ret, EOK); ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, dom2[0], dom2[1], dom2[2], dom2[3], - false, false, NULL, 0); + false, false, NULL, 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_update_subdomains(test_ctx->tctx->dom); @@ -215,27 +215,27 @@ static void test_sysdb_link_forest_root_ipa(void **state) ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, dom1[0], dom1[1], dom1[2], dom1[3], - false, false, dom1[4], 0); + false, false, dom1[4], 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, child_dom1[0], child_dom1[1], child_dom1[2], child_dom1[3], false, false, child_dom1[4], - 0); + 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, dom2[0], dom2[1], dom2[2], dom2[3], false, false, dom2[4], - 0); + 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, child_dom2[0], child_dom2[1], child_dom2[2], child_dom2[3], false, false, child_dom2[4], - 0); + 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_update_subdomains(test_ctx->tctx->dom); @@ -308,14 +308,14 @@ static void test_sysdb_link_forest_root_ad(void **state) child_dom[0], child_dom[1], child_dom[2], child_dom[3], false, false, child_dom[4], - 0); + 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, sub_dom[0], sub_dom[1], sub_dom[2], sub_dom[3], false, false, sub_dom[4], - 0); + 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_update_subdomains(test_ctx->tctx->dom); @@ -385,14 +385,14 @@ static void test_sysdb_link_forest_member_ad(void **state) sub_dom[0], sub_dom[1], sub_dom[2], sub_dom[3], false, false, sub_dom[4], - 0); + 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, forest_root[0], forest_root[1], forest_root[2], forest_root[3], false, false, forest_root[4], - 0); + 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_master_domain_update(test_ctx->tctx->dom); @@ -469,7 +469,7 @@ static void test_sysdb_link_ad_multidom(void **state) child_dom[0], child_dom[1], child_dom[2], child_dom[3], false, false, child_dom[4], - 0); + 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_master_domain_update(main_dom1); @@ -489,7 +489,7 @@ static void test_sysdb_link_ad_multidom(void **state) ret = sysdb_subdomain_store(main_dom2->sysdb, dom2_forest_root[0], dom2_forest_root[1], dom2_forest_root[2], dom2_forest_root[3], - false, false, dom2_forest_root[4], 0); + false, false, dom2_forest_root[4], 0, NULL); assert_int_equal(ret, EOK); ret = sysdb_master_domain_update(main_dom2); diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index bac8a8788..d1450015c 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -5472,7 +5472,7 @@ START_TEST(test_sysdb_subdomain_store_user) fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, 0); + false, false, NULL, 0, NULL); fail_if(ret != EOK, "Could not set up the test (test subdom)"); ret = sysdb_update_subdomains(test_ctx->domain); @@ -5551,7 +5551,7 @@ START_TEST(test_sysdb_subdomain_user_ops) fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, 0); + false, false, NULL, 0, NULL); fail_if(ret != EOK, "Could not set up the test (test subdom)"); ret = sysdb_update_subdomains(test_ctx->domain); @@ -5624,7 +5624,7 @@ START_TEST(test_sysdb_subdomain_group_ops) fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, 0); + false, false, NULL, 0, NULL); fail_if(ret != EOK, "Could not set up the test (test subdom)"); ret = sysdb_update_subdomains(test_ctx->domain); |