From 802cfa810009895f9d507a1d404d93fef9ca4aca Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 30 Jun 2016 13:48:58 +0200 Subject: sysdb: add UPN suffix support for the master domain sysdb_master_domain_update() and sysdb_master_domain_add_info() are now aware of the UPN suffix attribute. --- src/confdb/confdb.h | 1 + src/db/sysdb.h | 4 ++- src/db/sysdb_subdomains.c | 49 ++++++++++++++++++++++++++++++-- src/providers/ad/ad_id.c | 2 +- src/providers/ad/ad_subdomains.c | 2 +- src/providers/ipa/ipa_subdomains.c | 10 ++++++- src/tests/cmocka/test_sysdb_subdomains.c | 18 ++++++++---- 7 files changed, 74 insertions(+), 12 deletions(-) diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index b8ad827b7..cd5eb0398 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -316,6 +316,7 @@ struct sss_domain_info { */ char *forest; struct sss_domain_info *forest_root; + char **upn_suffixes; }; /** diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 2bc20ff97..71717c3e1 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -147,6 +147,7 @@ #define SYSDB_SUBDOMAIN_ENUM "enumerate" #define SYSDB_SUBDOMAIN_FOREST "memberOfForest" #define SYSDB_SUBDOMAIN_TRUST_DIRECTION "trustDirection" +#define SYSDB_UPN_SUFFIXES "upnSuffixes" #define SYSDB_BASE_ID "baseID" #define SYSDB_ID_RANGE_SIZE "idRangeSize" @@ -469,7 +470,8 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, const char *realm, const char *flat, const char *id, - const char* forest); + const char *forest, + struct ldb_message_element *alt_dom_suf); errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name); diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index 456e6621b..c0a190f36 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -448,6 +448,7 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain) errno_t ret; TALLOC_CTX *tmp_ctx; const char *tmp_str; + struct ldb_message_element **tmp_el; struct ldb_dn *basedn; struct ldb_result *res; const char *attrs[] = {"cn", @@ -455,6 +456,7 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain) SYSDB_SUBDOMAIN_FLAT, SYSDB_SUBDOMAIN_ID, SYSDB_SUBDOMAIN_FOREST, + SYSDB_UPN_SUFFIXES, NULL}; char *view_name = NULL; @@ -539,6 +541,19 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain) } } + tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES); + if (tmp_el != NULL) { + talloc_free(domain->upn_suffixes); + domain->upn_suffixes = sss_ldb_el_to_string_list(domain, tmp_el); + if (domain->upn_suffixes == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "sss_ldb_el_to_string_list failed.\n"); + ret = ENOMEM; + goto done; + } + } else { + talloc_zfree(domain->upn_suffixes); + } + ret = sysdb_get_view_name(tmp_ctx, domain->sysdb, &view_name); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_view_name failed.\n"); @@ -633,7 +648,8 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, const char *realm, const char *flat, const char *id, - const char* forest) + const char *forest, + struct ldb_message_element *upn_suffixes) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; @@ -720,7 +736,6 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, ret = sysdb_error_to_errno(ret); goto done; } - ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_REALM, realm); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); @@ -730,6 +745,36 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, do_update = true; } + if (upn_suffixes != NULL) { + talloc_free(discard_const(upn_suffixes->name)); + upn_suffixes->name = talloc_strdup(upn_suffixes, SYSDB_UPN_SUFFIXES); + if (upn_suffixes->name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + ret = ENOMEM; + goto done; + } + + ret = ldb_msg_add(msg, upn_suffixes, LDB_FLAG_MOD_REPLACE); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + do_update = true; + } else { + /* Remove alternative_domain_suffixes from the cache */ + if (domain->upn_suffixes != NULL) { + ret = ldb_msg_add_empty(msg, SYSDB_UPN_SUFFIXES, + LDB_FLAG_MOD_DELETE, NULL); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + } + + do_update = true; + } + if (do_update == false) { ret = EOK; goto done; diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index 92ac4ab6a..98915b4b9 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -631,7 +631,7 @@ ad_enumeration_master_done(struct tevent_req *subreq) } ret = sysdb_master_domain_add_info(state->sdom->dom, state->realm, - flat_name, master_sid, forest); + flat_name, master_sid, forest, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot save master domain info\n"); tevent_req_error(req, ret); diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 5b0bee866..8747d9911 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -1126,7 +1126,7 @@ static void ad_subdomains_refresh_master_done(struct tevent_req *subreq) } ret = sysdb_master_domain_add_info(state->be_ctx->domain, realm, - flat_name, master_sid, forest); + flat_name, master_sid, forest, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot save master domain info [%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 40de7da6e..9b9fe836d 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -852,6 +852,7 @@ static void ipa_subdomains_master_done(struct tevent_req *subreq) const char *flat = NULL; const char *id = NULL; const char *realm = NULL; + struct ldb_message_element *alternative_domain_suffixes = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); @@ -876,6 +877,12 @@ static void ipa_subdomains_master_done(struct tevent_req *subreq) if (ret != EOK) { goto done; } + + ret = sysdb_attrs_get_el_ext(reply[0], IPA_ADDITIONAL_SUFFIXES, false, + &alternative_domain_suffixes); + if (ret != EOK && ret != ENOENT) { + goto done; + } } else { /* All search paths are searched and no master domain record was * found. @@ -893,7 +900,8 @@ static void ipa_subdomains_master_done(struct tevent_req *subreq) goto done; } - ret = sysdb_master_domain_add_info(state->domain, realm, flat, id, NULL); + ret = sysdb_master_domain_add_info(state->domain, realm, flat, id, NULL, + alternative_domain_suffixes); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add master domain info " "[%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c index f55c29180..6d1ec8842 100644 --- a/src/tests/cmocka/test_sysdb_subdomains.c +++ b/src/tests/cmocka/test_sysdb_subdomains.c @@ -165,7 +165,8 @@ static void test_sysdb_master_domain_ops(void **state) talloc_get_type(*state, struct subdom_test_ctx); ret = sysdb_master_domain_add_info(test_ctx->tctx->dom, - "realm1", "flat1", "id1", "forest1"); + "realm1", "flat1", "id1", "forest1", + NULL); assert_int_equal(ret, EOK); ret = sysdb_master_domain_update(test_ctx->tctx->dom); @@ -177,7 +178,8 @@ static void test_sysdb_master_domain_ops(void **state) assert_string_equal(test_ctx->tctx->dom->forest, "forest1"); ret = sysdb_master_domain_add_info(test_ctx->tctx->dom, - "realm2", "flat2", "id2", "forest2"); + "realm2", "flat2", "id2", "forest2", + NULL); assert_int_equal(ret, EOK); ret = sysdb_master_domain_update(test_ctx->tctx->dom); @@ -298,7 +300,8 @@ static void test_sysdb_link_forest_root_ad(void **state) TEST_REALM, TEST_FLAT_NAME, TEST_SID, - TEST_FOREST); + TEST_FOREST, + NULL); assert_int_equal(ret, EOK); ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, @@ -374,7 +377,8 @@ static void test_sysdb_link_forest_member_ad(void **state) child_dom[1], child_dom[2], child_dom[3], - TEST_FOREST); + TEST_FOREST, + NULL); assert_int_equal(ret, EOK); ret = sysdb_subdomain_store(test_ctx->tctx->sysdb, @@ -457,7 +461,8 @@ static void test_sysdb_link_ad_multidom(void **state) TEST_REALM, TEST_FLAT_NAME, TEST_SID, - TEST_FOREST); + TEST_FOREST, + NULL); assert_int_equal(ret, EOK); ret = sysdb_subdomain_store(main_dom1->sysdb, @@ -477,7 +482,8 @@ static void test_sysdb_link_ad_multidom(void **state) TEST_REALM2, TEST_FLAT_NAME2, TEST_SID2, - TEST_FOREST2); + TEST_FOREST2, + NULL); assert_int_equal(ret, EOK); ret = sysdb_subdomain_store(main_dom2->sysdb, -- cgit