dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Files

  1.   71e59364bf4bf30ca1631dcafcbe696959a37827
  2.   SOURCES
  3.   0094-AD-IPA-Reset-subdomain-service-name-not-domain-name.patch
Blob Blame History Raw 
From b3285f9f8a5eac3e4e70ed3bd6b74c15ad806e9e Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 19 Dec 2018 14:12:25 +0100
Subject: [PATCH 94/95] AD/IPA: Reset subdomain service name, not domain name

Related:
https://pagure.io/SSSD/sssd/issue/3911

Since commit 778f241e78241b0d6b8734148175f8dee804f494 the subdomain fail
over services use the "sd_" prefix. This was done to make it easier,
until the whole failover design works better with subdomains, to see
which services belong to the main domain from tools.

However, some parts of the code would still just use the domain name for
the failover service, which meant the service was not found, notably
when trying to reset services:

(Thu Dec 13 05:29:31 2018) [sssd[be[testrelm.test]]] [ipa_srv_ad_acct_retried] (0x0400): Subdomain re-set, will retry lookup
(Thu Dec 13 05:29:31 2018) [sssd[be[testrelm.test]]] [be_fo_reset_svc] (0x1000): Resetting all servers in service ipaad2016.test
(Thu Dec 13 05:29:31 2018) [sssd[be[testrelm.test]]] [be_fo_reset_svc] (0x0080): Cannot retrieve service [ipaad2016.test]

This patch switches to reading the service names from the ad_options and
the sdap_service structures that are contained within ad_options.

Reviewed-by: Tomas Halman <thalman@redhat.com>
---
 src/providers/ad/ad_common.c          | 13 +++++++++++++
 src/providers/ad/ad_common.h          |  4 ++++
 src/providers/ipa/ipa_subdomains_id.c | 11 ++++++++++-
 src/providers/ldap/ldap_common.c      | 11 +++++++++++
 src/providers/ldap/ldap_common.h      |  3 +++
 5 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index 0d154ca57..cb5912838 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -839,6 +839,19 @@ done:
     return ret;
 }
 
+void
+ad_failover_reset(struct be_ctx *bectx,
+                  struct ad_service *adsvc)
+{
+    if (adsvc == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "NULL service\n");
+        return;
+    }
+
+    sdap_service_reset_fo(bectx, adsvc->sdap);
+    sdap_service_reset_fo(bectx, adsvc->gc);
+}
+
 static void
 ad_resolve_callback(void *private_data, struct fo_server *server)
 {
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index cb4dda750..662276cb6 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -148,6 +148,10 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx,
                  bool use_kdcinfo,
                  struct ad_service **_service);
 
+void
+ad_failover_reset(struct be_ctx *bectx,
+                  struct ad_service *adsvc);
+
 errno_t
 ad_get_id_options(struct ad_options *ad_opts,
                    struct confdb_ctx *cdb,
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
index 48cf74460..b841f0a52 100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -1757,6 +1757,7 @@ fail:
 static void ipa_srv_ad_acct_retried(struct tevent_req *subreq)
 {
     errno_t ret;
+    struct ad_id_ctx *ad_id_ctx;
     struct tevent_req *req = tevent_req_callback_data(subreq,
                                                 struct tevent_req);
     struct ipa_srv_ad_acct_state *state = tevent_req_data(req,
@@ -1772,7 +1773,15 @@ static void ipa_srv_ad_acct_retried(struct tevent_req *subreq)
     }
 
     DEBUG(SSSDBG_TRACE_FUNC, "Subdomain re-set, will retry lookup\n");
-    be_fo_reset_svc(state->be_ctx, state->obj_dom->name);
+    ad_id_ctx = ipa_get_ad_id_ctx(state->ipa_ctx, state->obj_dom);
+    if (ad_id_ctx == NULL || ad_id_ctx->ad_options == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "No AD ID ctx or no ID CTX options?\n");
+        state->dp_error = DP_ERR_FATAL;
+        tevent_req_error(req, EINVAL);
+        return;
+    }
+
+    ad_failover_reset(state->be_ctx, ad_id_ctx->ad_options->service);
 
     ret = ipa_srv_ad_acct_lookup_step(req);
     if (ret != EOK) {
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 9cd8ec09c..237749aae 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -520,6 +520,17 @@ static int ldap_user_data_cmp(void *ud1, void *ud2)
     return strcasecmp((char*) ud1, (char*) ud2);
 }
 
+void sdap_service_reset_fo(struct be_ctx *ctx,
+                           struct sdap_service *service)
+{
+    if (service == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "NULL service\n");
+        return;
+    }
+
+    be_fo_reset_svc(ctx, service->name);
+}
+
 int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
                       const char *service_name, const char *dns_service_name,
                       const char *urls, const char *backup_urls,
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index 6c08d789b..89d819fb9 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -171,6 +171,9 @@ int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
                       const char *urls, const char *backup_urls,
                       struct sdap_service **_service);
 
+void sdap_service_reset_fo(struct be_ctx *ctx,
+                           struct sdap_service *service);
+
 const char *sdap_gssapi_realm(struct dp_option *opts);
 
 int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
-- 
2.19.1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation