From c860682bca53bbafe34b6c22ba151faf18ad2ace Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Thu, 2 Mar 2017 13:52:54 +0100
Subject: [PATCH 163/163] UTIL: Store UPN suffixes when creating a new
subdomain
We used to store UPN suffixes pointer into the domain structure only if
the domain changed, not when a new domain was created. As an effect, the
enterprise principals flag was not enabled unless a domain changed,
preventing logins with enterprise principals.
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 8718ff9ccd29f6431bfa8630bfa3576b2692c9ee)
---
src/db/sysdb_private.h | 1 +
src/db/sysdb_subdomains.c | 11 ++++++++++-
src/tests/cmocka/test_fqnames.c | 2 +-
src/tests/cmocka/test_nss_srv.c | 2 +-
src/tests/sysdb-tests.c | 8 ++++----
5 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
index b6bf3706e6b9e49d8dd4984f3334b317d17ed9bf..bfd24799950ab3b31d57df11b8f91c0b2572f13a 100644
--- a/src/db/sysdb_private.h
+++ b/src/db/sysdb_private.h
@@ -190,6 +190,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
bool mpg,
bool enumerate,
const char *forest,
+ const char **upn_suffixes,
uint32_t trust_direction);
/* Helper functions to deal with the timestamp cache should not be used
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index 780140484f6f023bc6e8c12266e3b81ff016ec10..4f326405f955abd462f892e6013a8c24764afd55 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -32,6 +32,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
bool mpg,
bool enumerate,
const char *forest,
+ const char **upn_suffixes,
uint32_t trust_direction)
{
struct sss_domain_info *dom;
@@ -108,6 +109,14 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
}
}
+ if (upn_suffixes != NULL) {
+ dom->upn_suffixes = dup_string_list(dom, upn_suffixes);
+ if (dom->upn_suffixes == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to copy UPN upn_suffixes.\n");
+ goto fail;
+ }
+ }
+
dom->enumerate = enumerate;
dom->fqnames = true;
dom->mpg = mpg;
@@ -442,7 +451,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
if (dom == NULL) {
dom = new_subdomain(domain, domain, name, realm,
flat, id, mpg, enumerate, forest,
- trust_direction);
+ upn_suffixes, trust_direction);
if (dom == NULL) {
ret = ENOMEM;
goto done;
diff --git a/src/tests/cmocka/test_fqnames.c b/src/tests/cmocka/test_fqnames.c
index f4cdd80ef94584fe4eb1f0578bf388da3ead824c..19788248a39774bb4509363145ac4ce0815b7d28 100644
--- a/src/tests/cmocka/test_fqnames.c
+++ b/src/tests/cmocka/test_fqnames.c
@@ -309,7 +309,7 @@ static int parse_name_test_setup(void **state)
* discovered
*/
test_ctx->subdom = new_subdomain(dom, dom, SUBDOMNAME, NULL, SUBFLATNAME,
- NULL, false, false, NULL, 0);
+ NULL, false, false, NULL, NULL, 0);
assert_non_null(test_ctx->subdom);
check_leaks_push(test_ctx);
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 41425e76f3b76fafa917f33fcfef0946f2f71c7d..5eee82d78f4e4ab4dcdc0dcdfb24c2e7d017acf5 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -3084,7 +3084,7 @@ static int nss_subdom_test_setup(void **state)
subdomain = new_subdomain(nss_test_ctx, nss_test_ctx->tctx->dom,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, 0);
+ false, false, NULL, NULL, 0);
assert_non_null(subdomain);
ret = sysdb_subdomain_store(nss_test_ctx->tctx->sysdb,
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index d1450015cb0f0b073045e7b6031423e3f5494d78..6fd1988668124dc2dc922b41d3f7387c6d00c486 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -1395,7 +1395,7 @@ START_TEST (test_sysdb_get_user_attr_subdomain)
/* Create subdomain */
subdomain = new_subdomain(test_ctx, test_ctx->domain,
"test.sub", "TEST.SUB", "test", "S-3",
- false, false, NULL, 0);
+ false, false, NULL, NULL, 0);
fail_if(subdomain == NULL, "Failed to create new subdomain.");
ret = sss_names_init_from_args(test_ctx,
@@ -5468,7 +5468,7 @@ START_TEST(test_sysdb_subdomain_store_user)
subdomain = new_subdomain(test_ctx, test_ctx->domain,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, 0);
+ false, false, NULL, NULL, 0);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
@@ -5547,7 +5547,7 @@ START_TEST(test_sysdb_subdomain_user_ops)
subdomain = new_subdomain(test_ctx, test_ctx->domain,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, 0);
+ false, false, NULL, NULL, 0);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
@@ -5620,7 +5620,7 @@ START_TEST(test_sysdb_subdomain_group_ops)
subdomain = new_subdomain(test_ctx, test_ctx->domain,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, 0);
+ false, false, NULL, NULL, 0);
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
--
2.9.3