dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0107-CACHE_REQ-Allow-configurationless-shortname-lookups.patch

bb7cd1
From 7c6fd66fa9ca942bc240b49f903d9d3d85340c4c Mon Sep 17 00:00:00 2001
bb7cd1
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
bb7cd1
Date: Tue, 11 Apr 2017 17:19:29 +0200
bb7cd1
Subject: [PATCH 107/110] CACHE_REQ: Allow configurationless shortname lookups
bb7cd1
MIME-Version: 1.0
bb7cd1
Content-Type: text/plain; charset=UTF-8
bb7cd1
Content-Transfer-Encoding: 8bit
bb7cd1
bb7cd1
Configurationless shortnames lookups must be allowed when a domains'
bb7cd1
resolution order is present and the (head) domain is not enforcing the
bb7cd1
usage of fully-qualified-names.
bb7cd1
bb7cd1
With this patch SSSD does not require any kind of changes from client
bb7cd1
side for taking advantage of shortname lookups.
bb7cd1
bb7cd1
Related:
bb7cd1
https://pagure.io/SSSD/sssd/issue/3001
bb7cd1
bb7cd1
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
bb7cd1
bb7cd1
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
bb7cd1
(cherry picked from commit dae798231fc2c575f213785768bc24ed765ba243)
bb7cd1
---
bb7cd1
 src/responder/common/cache_req/cache_req.c        |  2 +-
bb7cd1
 src/responder/common/cache_req/cache_req_domain.c | 48 +++++++++++++++++++++++
bb7cd1
 src/responder/common/cache_req/cache_req_domain.h |  1 +
bb7cd1
 3 files changed, 50 insertions(+), 1 deletion(-)
bb7cd1
bb7cd1
diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c
bb7cd1
index 3a5fecf34427437bbf95317e05c5bd8b07b4537d..797325a30e6c1ed5f1d4b4c147c65391d5204b52 100644
bb7cd1
--- a/src/responder/common/cache_req/cache_req.c
bb7cd1
+++ b/src/responder/common/cache_req/cache_req.c
bb7cd1
@@ -480,7 +480,7 @@ static errno_t cache_req_search_domains_next(struct tevent_req *req)
bb7cd1
          * qualified names on domain less search. We do not descend into
bb7cd1
          * subdomains here since those are implicitly qualified.
bb7cd1
          */
bb7cd1
-        if (state->check_next && !allow_no_fqn && domain->fqnames) {
bb7cd1
+        if (state->check_next && !allow_no_fqn && state->cr_domain->fqnames) {
bb7cd1
             state->cr_domain = state->cr_domain->next;
bb7cd1
             continue;
bb7cd1
         }
bb7cd1
diff --git a/src/responder/common/cache_req/cache_req_domain.c b/src/responder/common/cache_req/cache_req_domain.c
bb7cd1
index 86a88efd54ca0f4a0748b44ece1b8515438d4628..bfdd2b7f640178f6d0a0d92f2fed329c856b478c 100644
bb7cd1
--- a/src/responder/common/cache_req/cache_req_domain.c
bb7cd1
+++ b/src/responder/common/cache_req/cache_req_domain.c
bb7cd1
@@ -60,6 +60,48 @@ void cache_req_domain_list_zfree(struct cache_req_domain **cr_domains)
bb7cd1
     *cr_domains = NULL;
bb7cd1
 }
bb7cd1
 
bb7cd1
+static bool
bb7cd1
+cache_req_domain_use_fqnames(struct sss_domain_info *domain,
bb7cd1
+                             bool enforce_non_fqnames)
bb7cd1
+{
bb7cd1
+    struct sss_domain_info *head;
bb7cd1
+
bb7cd1
+    head = get_domains_head(domain);
bb7cd1
+
bb7cd1
+    /*
bb7cd1
+     * In order to decide whether fully_qualified_names must be used on the
bb7cd1
+     * lookups we have to take into consideration:
bb7cd1
+     * - use_fully_qualified_name value of the head of the domains;
bb7cd1
+     *   (head->fqnames)
bb7cd1
+     * - the presence of a domains' resolution order list;
bb7cd1
+     *   (non_fqnames_enforced)
bb7cd1
+     *
bb7cd1
+     * The relationship between those two can be described by:
bb7cd1
+     * - head->fqnames:
bb7cd1
+     *   - true: in this case doesn't matter whether it's enforced or not,
bb7cd1
+     *           fully-qualified-names will _always_ be used
bb7cd1
+     *   - false: in this case (which is also the default case), the usage
bb7cd1
+     *            depends on it being enforced;
bb7cd1
+     *
bb7cd1
+     *     - enforce_non_fqnames:
bb7cd1
+     *       - true: in this case, the usage of fully-qualified-names is not
bb7cd1
+     *               needed;
bb7cd1
+     *       - false: in this case, the usage of fully-qualified-names will be
bb7cd1
+     *                done accordingly to what's set for the domain itself.
bb7cd1
+     */
bb7cd1
+    switch (head->fqnames) {
bb7cd1
+    case true:
bb7cd1
+        return true;
bb7cd1
+    case false:
bb7cd1
+        switch (enforce_non_fqnames) {
bb7cd1
+        case true:
bb7cd1
+            return false;
bb7cd1
+        case false:
bb7cd1
+            return domain->fqnames;
bb7cd1
+        }
bb7cd1
+    }
bb7cd1
+}
bb7cd1
+
bb7cd1
 static struct cache_req_domain *
bb7cd1
 cache_req_domain_new_list_from_string_list(TALLOC_CTX *mem_ctx,
bb7cd1
                                            struct sss_domain_info *domains,
bb7cd1
@@ -71,9 +113,11 @@ cache_req_domain_new_list_from_string_list(TALLOC_CTX *mem_ctx,
bb7cd1
     char *name;
bb7cd1
     int flag = SSS_GND_ALL_DOMAINS;
bb7cd1
     int i;
bb7cd1
+    bool enforce_non_fqnames = false;
bb7cd1
     errno_t ret;
bb7cd1
 
bb7cd1
     if (resolution_order != NULL) {
bb7cd1
+        enforce_non_fqnames = true;
bb7cd1
         for (i = 0; resolution_order[i] != NULL; i++) {
bb7cd1
             name = resolution_order[i];
bb7cd1
             for (dom = domains; dom; dom = get_next_domain(dom, flag)) {
bb7cd1
@@ -87,6 +131,8 @@ cache_req_domain_new_list_from_string_list(TALLOC_CTX *mem_ctx,
bb7cd1
                     goto done;
bb7cd1
                 }
bb7cd1
                 cr_domain->domain = dom;
bb7cd1
+                cr_domain->fqnames =
bb7cd1
+                    cache_req_domain_use_fqnames(dom, enforce_non_fqnames);
bb7cd1
 
bb7cd1
                 DLIST_ADD_END(cr_domains, cr_domain,
bb7cd1
                               struct cache_req_domain *);
bb7cd1
@@ -106,6 +152,8 @@ cache_req_domain_new_list_from_string_list(TALLOC_CTX *mem_ctx,
bb7cd1
             goto done;
bb7cd1
         }
bb7cd1
         cr_domain->domain = dom;
bb7cd1
+        cr_domain->fqnames =
bb7cd1
+            cache_req_domain_use_fqnames(dom, enforce_non_fqnames);
bb7cd1
 
bb7cd1
         DLIST_ADD_END(cr_domains, cr_domain, struct cache_req_domain *);
bb7cd1
     }
bb7cd1
diff --git a/src/responder/common/cache_req/cache_req_domain.h b/src/responder/common/cache_req/cache_req_domain.h
bb7cd1
index 000087e5ca2074f22169a4af627810f4f287e430..5bcbb9b493caf05bf71aac5cf7633ded91f22e73 100644
bb7cd1
--- a/src/responder/common/cache_req/cache_req_domain.h
bb7cd1
+++ b/src/responder/common/cache_req/cache_req_domain.h
bb7cd1
@@ -25,6 +25,7 @@
bb7cd1
 
bb7cd1
 struct cache_req_domain {
bb7cd1
     struct sss_domain_info *domain;
bb7cd1
+    bool fqnames;
bb7cd1
 
bb7cd1
     struct cache_req_domain *prev;
bb7cd1
     struct cache_req_domain *next;
bb7cd1
-- 
bb7cd1
2.9.3
bb7cd1