dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 1bed72e4faa2734b0eef6a107b2dc24bf052e576 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 30 Oct 2017 20:50:41 +0100
Subject: [PATCH 73/83] DP: Create a new handler function getAccountDomain()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a new method getAccountDomain() which is a bit similar to
getAccountInfo, except it doesn't fetch, parse and store the entry, but
just returns the domain or a subdomain the entry was found in.

At the moment, the method only supports requests by ID.

A default handler is provided (and in this patch used by all the
domains) which returns ERR_GET_ACCT_DOM_NOT_SUPPORTED. This return
code should be evaluated by the responder so that this DP method is
not called again, because it's not supported by the back end type.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit c0f9f5a0f6d71a1596ee3cef549b4b02295313c3)
---
 src/providers/ad/ad_init.c                       |   4 +
 src/providers/data_provider/dp.h                 |  20 ++++
 src/providers/data_provider/dp_custom_data.h     |   6 ++
 src/providers/data_provider/dp_iface.c           |   3 +-
 src/providers/data_provider/dp_iface.h           |  17 ++++
 src/providers/data_provider/dp_iface.xml         |   7 ++
 src/providers/data_provider/dp_iface_generated.c |  31 +++++++
 src/providers/data_provider/dp_iface_generated.h |   5 +
 src/providers/data_provider/dp_target_id.c       | 113 +++++++++++++++++++++++
 src/providers/files/files_init.c                 |   6 ++
 src/providers/ipa/ipa_init.c                     |   4 +
 src/providers/ldap/ldap_init.c                   |   4 +
 src/providers/proxy/proxy_init.c                 |   4 +
 src/util/util_errors.c                           |   1 +
 src/util/util_errors.h                           |   1 +
 15 files changed, 225 insertions(+), 1 deletion(-)

diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
index e62025d4acd24844a5c7082d00c597516f35de16..7efb6aa71cbd2551422c87e0b0c5c1fe91390375 100644
--- a/src/providers/ad/ad_init.c
+++ b/src/providers/ad/ad_init.c
@@ -510,6 +510,10 @@ errno_t sssm_ad_id_init(TALLOC_CTX *mem_ctx,
                   sdap_online_check_handler_send, sdap_online_check_handler_recv, id_ctx->sdap_id_ctx,
                   struct sdap_id_ctx, void, struct dp_reply_std);
 
+    dp_set_method(dp_methods, DPM_ACCT_DOMAIN_HANDLER,
+                  default_account_domain_send, default_account_domain_recv, NULL,
+                  void, struct dp_get_acct_domain_data, struct dp_reply_std);
+
     return EOK;
 }
 
diff --git a/src/providers/data_provider/dp.h b/src/providers/data_provider/dp.h
index aa5b781158c54545b26034602bb25db46b189e87..ceb49da53b88142924e1792c6f64a22ec369677b 100644
--- a/src/providers/data_provider/dp.h
+++ b/src/providers/data_provider/dp.h
@@ -82,6 +82,7 @@ enum dp_methods {
     DPM_HOSTID_HANDLER,
     DPM_DOMAINS_HANDLER,
     DPM_SESSION_HANDLER,
+    DPM_ACCT_DOMAIN_HANDLER,
 
     DPM_REFRESH_ACCESS_RULES,
 
@@ -179,4 +180,23 @@ void dp_sbus_reset_users_memcache(struct data_provider *provider);
 void dp_sbus_reset_groups_memcache(struct data_provider *provider);
 void dp_sbus_reset_initgr_memcache(struct data_provider *provider);
 
+/*
+ * A dummy handler for DPM_ACCT_DOMAIN_HANDLER.
+ *
+ * Its purpose is to always return ERR_GET_ACCT_DOM_NOT_SUPPORTED
+ * which the responder should evaluate as "this back end does not
+ * support locating entries' domain" and never call
+ * DPM_ACCT_DOMAIN_HANDLER again
+ *
+ * This request cannot fail, except for critical errors like OOM.
+ */
+struct tevent_req *
+default_account_domain_send(TALLOC_CTX *mem_ctx,
+                            void *unused_ctx,
+                            struct dp_get_acct_domain_data *data,
+                            struct dp_req_params *params);
+errno_t default_account_domain_recv(TALLOC_CTX *mem_ctx,
+                                    struct tevent_req *req,
+                                    struct dp_reply_std *data);
+
 #endif /* _DP_H_ */
diff --git a/src/providers/data_provider/dp_custom_data.h b/src/providers/data_provider/dp_custom_data.h
index d9de288b62f4f6763ceb205dc596876cfc58bf6c..7c64bde4513961e79200e852c7277f77e064d5a3 100644
--- a/src/providers/data_provider/dp_custom_data.h
+++ b/src/providers/data_provider/dp_custom_data.h
@@ -43,6 +43,12 @@ struct dp_subdomains_data {
     const char *domain_hint;
 };
 
+struct dp_get_acct_domain_data {
+    uint32_t entry_type;
+    uint32_t filter_type;
+    const char *filter_value;
+};
+
 struct dp_id_data {
     uint32_t entry_type;
     uint32_t filter_type;
diff --git a/src/providers/data_provider/dp_iface.c b/src/providers/data_provider/dp_iface.c
index 28d70e686f63a3572ac595f493aa1d59436c563f..124be0048f38a93d06561ff7b0d1916838587103 100644
--- a/src/providers/data_provider/dp_iface.c
+++ b/src/providers/data_provider/dp_iface.c
@@ -33,7 +33,8 @@ struct iface_dp iface_dp = {
     .autofsHandler = dp_autofs_handler,
     .hostHandler = dp_host_handler,
     .getDomains = dp_subdomains_handler,
-    .getAccountInfo = dp_get_account_info_handler
+    .getAccountInfo = dp_get_account_info_handler,
+    .getAccountDomain = dp_get_account_domain_handler,
 };
 
 struct iface_dp_backend iface_dp_backend = {
diff --git a/src/providers/data_provider/dp_iface.h b/src/providers/data_provider/dp_iface.h
index 759b9e6c9eb7f53836ae0b641b34e6c31e65779f..0a2f81eb5c108aa7596c974157b0dfafb041869f 100644
--- a/src/providers/data_provider/dp_iface.h
+++ b/src/providers/data_provider/dp_iface.h
@@ -58,6 +58,23 @@ errno_t dp_subdomains_handler(struct sbus_request *sbus_req,
                               void *dp_cli,
                               const char *domain_hint);
 
+/*
+ * Return a domain the account belongs to.
+ *
+ * The request uses the dp_reply_std structure for reply, with the following
+ * semantics:
+ *  - DP_ERR_OK - it is expected that the string message contains the domain name
+ *                the entry was found in. A 'negative' reply where the
+ *                request returns DP_ERR_OK, but no domain should be treated
+ *                as authoritative, as if the entry does not exist.
+ *  - DP_ERR_*  - the string message contains error string that corresponds
+ *                to the errno field in dp_reply_std().
+ */
+errno_t dp_get_account_domain_handler(struct sbus_request *sbus_req,
+                                      void *dp_cli,
+                                      uint32_t entry_type,
+                                      const char *filter);
+
 /* org.freedesktop.sssd.DataProvider.Backend */
 errno_t dp_backend_is_online(struct sbus_request *sbus_req,
                              void *dp_cli,
diff --git a/src/providers/data_provider/dp_iface.xml b/src/providers/data_provider/dp_iface.xml
index 2bfa9dfa7e9d02d2d12c3358967f6969438a97a2..c2431850bca4baa529fb18e0480e781308b12dd6 100644
--- a/src/providers/data_provider/dp_iface.xml
+++ b/src/providers/data_provider/dp_iface.xml
@@ -79,5 +79,12 @@
             <arg name="error" type="u" direction="out" />
             <arg name="error_message" type="s" direction="out" />
         </method>
+        <method name="getAccountDomain">
+            <arg name="entry_type" type="u" direction="in" />
+            <arg name="filter" type="s" direction="in" />
+            <arg name="dp_error" type="q" direction="out" />
+            <arg name="error" type="u" direction="out" />
+            <arg name="domain_name" type="s" direction="out" />
+        </method>
     </interface>
 </node>
diff --git a/src/providers/data_provider/dp_iface_generated.c b/src/providers/data_provider/dp_iface_generated.c
index 11ee2e24a69cc8d4d19fdbeed613e76081aef15d..4d093444536b15d8a17f7e507b93948e1df6ffee 100644
--- a/src/providers/data_provider/dp_iface_generated.c
+++ b/src/providers/data_provider/dp_iface_generated.c
@@ -313,6 +313,30 @@ int iface_dp_getAccountInfo_finish(struct sbus_request *req, uint16_t arg_dp_err
                                          DBUS_TYPE_INVALID);
 }
 
+/* arguments for org.freedesktop.sssd.dataprovider.getAccountDomain */
+const struct sbus_arg_meta iface_dp_getAccountDomain__in[] = {
+    { "entry_type", "u" },
+    { "filter", "s" },
+    { NULL, }
+};
+
+/* arguments for org.freedesktop.sssd.dataprovider.getAccountDomain */
+const struct sbus_arg_meta iface_dp_getAccountDomain__out[] = {
+    { "dp_error", "q" },
+    { "error", "u" },
+    { "domain_name", "s" },
+    { NULL, }
+};
+
+int iface_dp_getAccountDomain_finish(struct sbus_request *req, uint16_t arg_dp_error, uint32_t arg_error, const char *arg_domain_name)
+{
+   return sbus_request_return_and_finish(req,
+                                         DBUS_TYPE_UINT16, &arg_dp_error,
+                                         DBUS_TYPE_UINT32, &arg_error,
+                                         DBUS_TYPE_STRING, &arg_domain_name,
+                                         DBUS_TYPE_INVALID);
+}
+
 /* methods for org.freedesktop.sssd.dataprovider */
 const struct sbus_method_meta iface_dp__methods[] = {
     {
@@ -357,6 +381,13 @@ const struct sbus_method_meta iface_dp__methods[] = {
         offsetof(struct iface_dp, getAccountInfo),
         invoke_uusss_method,
     },
+    {
+        "getAccountDomain", /* name */
+        iface_dp_getAccountDomain__in,
+        iface_dp_getAccountDomain__out,
+        offsetof(struct iface_dp, getAccountDomain),
+        invoke_us_method,
+    },
     { NULL, }
 };
 
diff --git a/src/providers/data_provider/dp_iface_generated.h b/src/providers/data_provider/dp_iface_generated.h
index 541a90b0b5a5bc0a346cbd04974d33c8bb0983c5..b629ec77487328a41615f3ca7e812088730f40c4 100644
--- a/src/providers/data_provider/dp_iface_generated.h
+++ b/src/providers/data_provider/dp_iface_generated.h
@@ -38,6 +38,7 @@
 #define IFACE_DP_HOSTHANDLER "hostHandler"
 #define IFACE_DP_GETDOMAINS "getDomains"
 #define IFACE_DP_GETACCOUNTINFO "getAccountInfo"
+#define IFACE_DP_GETACCOUNTDOMAIN "getAccountDomain"
 
 /* ------------------------------------------------------------------------
  * DBus handlers
@@ -110,6 +111,7 @@ struct iface_dp {
     int (*hostHandler)(struct sbus_request *req, void *data, uint32_t arg_dp_flags, const char *arg_name, const char *arg_alias);
     int (*getDomains)(struct sbus_request *req, void *data, const char *arg_domain_hint);
     int (*getAccountInfo)(struct sbus_request *req, void *data, uint32_t arg_dp_flags, uint32_t arg_entry_type, const char *arg_filter, const char *arg_domain, const char *arg_extra);
+    int (*getAccountDomain)(struct sbus_request *req, void *data, uint32_t arg_entry_type, const char *arg_filter);
 };
 
 /* finish function for autofsHandler */
@@ -124,6 +126,9 @@ int iface_dp_getDomains_finish(struct sbus_request *req, uint16_t arg_dp_error,
 /* finish function for getAccountInfo */
 int iface_dp_getAccountInfo_finish(struct sbus_request *req, uint16_t arg_dp_error, uint32_t arg_error, const char *arg_error_message);
 
+/* finish function for getAccountDomain */
+int iface_dp_getAccountDomain_finish(struct sbus_request *req, uint16_t arg_dp_error, uint32_t arg_error, const char *arg_domain_name);
+
 /* ------------------------------------------------------------------------
  * DBus Interface Metadata
  *
diff --git a/src/providers/data_provider/dp_target_id.c b/src/providers/data_provider/dp_target_id.c
index 820a6574cb3a224cce4b7d8286af306f234454a3..11a36e9ce9b1aefcabb04dfe51395b6f4e4bc899 100644
--- a/src/providers/data_provider/dp_target_id.c
+++ b/src/providers/data_provider/dp_target_id.c
@@ -490,3 +490,116 @@ done:
 
     return ret;
 }
+
+static bool
+check_and_parse_acct_domain_filter(struct dp_get_acct_domain_data *data,
+                                   const char *filter)
+{
+    /* We will use sizeof() to determine the length of a string so we don't
+     * call strlen over and over again with each request. Not a bottleneck,
+     * but unnecessary and simple to avoid. */
+    static struct {
+        const char *name;
+        size_t lenght;
+        uint32_t type;
+    } types[] = {FILTER_TYPE("idnumber", BE_FILTER_IDNUM),
+                 {0, 0, 0}};
+    int i;
+
+    if (SBUS_IS_STRING_EMPTY(filter)) {
+        return false;
+    }
+
+    for (i = 0; types[i].name != NULL; i++) {
+        if (strncmp(filter, types[i].name, types[i].lenght) == 0) {
+            data->filter_type = types[i].type;
+            data->filter_value = SBUS_SET_STRING(&filter[types[i].lenght]);
+            return true;
+        }
+    }
+
+    if (strcmp(filter, ENUM_INDICATOR) == 0) {
+        data->filter_type = BE_FILTER_ENUM;
+        data->filter_value = NULL;
+        return true;
+    }
+
+    return false;
+}
+
+errno_t dp_get_account_domain_handler(struct sbus_request *sbus_req,
+                                      void *dp_cli,
+                                      uint32_t entry_type,
+                                      const char *filter)
+{
+    struct dp_get_acct_domain_data *data;
+    const char *key = NULL;
+    errno_t ret;
+
+    data = talloc_zero(sbus_req, struct dp_get_acct_domain_data);
+    if (data == NULL) {
+        return ENOMEM;
+    }
+    data->entry_type = entry_type;
+
+    if (!check_and_parse_acct_domain_filter(data, filter)) {
+        ret = EINVAL;
+        goto done;
+    }
+
+    dp_req_with_reply(dp_cli, NULL, "AccountDomain", key, sbus_req,
+                      DPT_ID, DPM_ACCT_DOMAIN_HANDLER, 0, data,
+                      dp_req_reply_std, struct dp_reply_std);
+
+    ret = EOK;
+
+done:
+    if (ret != EOK) {
+        talloc_free(data);
+    }
+
+    return ret;
+}
+
+struct default_account_domain_state {
+    struct dp_reply_std reply;
+};
+
+struct tevent_req *
+default_account_domain_send(TALLOC_CTX *mem_ctx,
+                            void *unused_ctx,
+                            struct dp_get_acct_domain_data *data,
+                            struct dp_req_params *params)
+{
+    struct default_account_domain_state *state;
+    struct tevent_req *req;
+
+    req = tevent_req_create(mem_ctx, &state,
+                            struct default_account_domain_state);
+    if (req == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
+        return NULL;
+    }
+
+    dp_reply_std_set(&state->reply,
+                     DP_ERR_DECIDE, ERR_GET_ACCT_DOM_NOT_SUPPORTED,
+                     NULL);
+    tevent_req_done(req);
+    tevent_req_post(req, params->ev);
+    return req;
+}
+
+errno_t default_account_domain_recv(TALLOC_CTX *mem_ctx,
+                                    struct tevent_req *req,
+                                    struct dp_reply_std *data)
+{
+    struct default_account_domain_state *state = NULL;
+
+    state = tevent_req_data(req, struct default_account_domain_state);
+
+    TEVENT_REQ_RETURN_ON_ERROR(req);
+
+    *data = state->reply;
+
+    return EOK;
+}
diff --git a/src/providers/files/files_init.c b/src/providers/files/files_init.c
index b91dfbac9bf9d4b678ebdfa6b1cb0971b4477dd9..8e5cd4cf913b79653616120d6ed6540e62ade932 100644
--- a/src/providers/files/files_init.c
+++ b/src/providers/files/files_init.c
@@ -88,5 +88,11 @@ int sssm_files_id_init(TALLOC_CTX *mem_ctx,
                   ctx, struct files_id_ctx,
                   struct dp_id_data, struct dp_reply_std);
 
+    dp_set_method(dp_methods, DPM_ACCT_DOMAIN_HANDLER,
+                  default_account_domain_send,
+                  default_account_domain_recv,
+                  NULL, void,
+                  struct dp_get_acct_domain_data, struct dp_reply_std);
+
     return EOK;
 }
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index f335d51fd65959d256c54a5d92c594a24e895b7c..754e5315c3a7f84ac2901986ecdda73e4dad26bc 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -754,6 +754,10 @@ errno_t sssm_ipa_id_init(TALLOC_CTX *mem_ctx,
                   sdap_online_check_handler_send, sdap_online_check_handler_recv, id_ctx->sdap_id_ctx,
                   struct sdap_id_ctx, void, struct dp_reply_std);
 
+    dp_set_method(dp_methods, DPM_ACCT_DOMAIN_HANDLER,
+                  default_account_domain_send, default_account_domain_recv, NULL,
+                  void, struct dp_get_acct_domain_data, struct dp_reply_std);
+
     return EOK;
 }
 
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index 43d905893081c31ed659fd1ef8343f965bdc5af0..c0ede8941ee8480c2ec4765f89d12e903edcf012 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -531,6 +531,10 @@ errno_t sssm_ldap_id_init(TALLOC_CTX *mem_ctx,
                   sdap_online_check_handler_send, sdap_online_check_handler_recv, id_ctx,
                   struct sdap_id_ctx, void, struct dp_reply_std);
 
+    dp_set_method(dp_methods, DPM_ACCT_DOMAIN_HANDLER,
+                  default_account_domain_send, default_account_domain_recv, NULL,
+                  void, struct dp_get_acct_domain_data, struct dp_reply_std);
+
     return EOK;
 }
 
diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c
index 7c9d3dafbdf1f9448cc8f8b473aea15cf4206afc..7d997cb16ee62f10f4b86c9c3ab373a48676fe75 100644
--- a/src/providers/proxy/proxy_init.c
+++ b/src/providers/proxy/proxy_init.c
@@ -351,6 +351,10 @@ errno_t sssm_proxy_id_init(TALLOC_CTX *mem_ctx,
                   proxy_account_info_handler_send, proxy_account_info_handler_recv, ctx,
                   struct proxy_id_ctx, struct dp_id_data, struct dp_reply_std);
 
+    dp_set_method(dp_methods, DPM_ACCT_DOMAIN_HANDLER,
+                  default_account_domain_send, default_account_domain_recv, NULL,
+                  void, struct dp_get_acct_domain_data, struct dp_reply_std);
+
     ret = EOK;
 
 done:
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
index 5a92a2dcf6e65f93bc9732cebf562756357123b6..9a9ba3f3063cab4afb538c3a58527a2d2ed3fffd 100644
--- a/src/util/util_errors.c
+++ b/src/util/util_errors.c
@@ -115,6 +115,7 @@ struct err_string error_to_str[] = {
     { "Unable to initialize SSL" }, /* ERR_SSL_FAILURE */
     { "Unable to verify peer" }, /* ERR_UNABLE_TO_VERIFY_PEER */
     { "Unable to resolve host" }, /* ERR_UNABLE_TO_RESOLVE_HOST */
+    { "GetAccountDomain() not supported" }, /* ERR_GET_ACCT_DOM_NOT_SUPPORTED */
     { "ERR_LAST" } /* ERR_LAST */
 };
 
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
index 509ccb805fb97e59f9da0ea2f991ece2f2030ca4..5ee9862c3f2f60c078693b1b85a40f15436e818c 100644
--- a/src/util/util_errors.h
+++ b/src/util/util_errors.h
@@ -137,6 +137,7 @@ enum sssd_errors {
     ERR_SSL_FAILURE,
     ERR_UNABLE_TO_VERIFY_PEER,
     ERR_UNABLE_TO_RESOLVE_HOST,
+    ERR_GET_ACCT_DOM_NOT_SUPPORTED,
     ERR_LAST            /* ALWAYS LAST */
 };
 
-- 
2.14.3