From f3be4b46d39c1a0106b60d561bbdeee4c80961aa Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 1 Jul 2016 12:54:39 +0200
Subject: [PATCH 24/27] sysdb: make subdomain calls aware of upn_suffixes
sysdb_subdomain_store() and sysdb_update_subdomains() can now update
upn_suffixes as well.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 20348a30feb4be619b3b691c24c9be8131507c46)
---
src/confdb/confdb.h | 2 +-
src/db/sysdb.h | 3 +-
src/db/sysdb_subdomains.c | 56 +++++++++++++++++++++++++--
src/providers/ad/ad_subdomains.c | 2 +-
src/providers/ipa/ipa_subdomains.c | 9 ++++-
src/tests/cmocka/test_ipa_subdomains_server.c | 4 +-
src/tests/cmocka/test_nss_srv.c | 2 +-
src/tests/cmocka/test_sysdb_subdomains.c | 28 +++++++-------
src/tests/sysdb-tests.c | 6 +--
9 files changed, 85 insertions(+), 27 deletions(-)
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 0265ccac5ee2e7b8baa05bf6b09df39ea5b4059a..72adbd80ea534eb0becd3e517c00b0c26d00444c 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -315,7 +315,7 @@ struct sss_domain_info {
*/
char *forest;
struct sss_domain_info *forest_root;
- char **upn_suffixes;
+ const char **upn_suffixes;
};
/**
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index a8dcaa4a9ac5715150487f7efc9c35b778fa0163..407ce3c18a7077e8fe45c3c9c7576ae626105122 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -466,7 +466,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
const char *name, const char *realm,
const char *flat_name, const char *domain_id,
bool mpg, bool enumerate, const char *forest,
- uint32_t trust_direction);
+ uint32_t trust_direction,
+ struct ldb_message_element *upn_suffixes);
errno_t sysdb_update_subdomains(struct sss_domain_info *domain);
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index c0a190f36d886325a5be1e5d1145b6aef6860ffc..02206e470e8e035cc05848137df6a1eb04806869 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -237,6 +237,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
SYSDB_SUBDOMAIN_ENUM,
SYSDB_SUBDOMAIN_FOREST,
SYSDB_SUBDOMAIN_TRUST_DIRECTION,
+ SYSDB_UPN_SUFFIXES,
NULL};
struct sss_domain_info *dom;
struct ldb_dn *basedn;
@@ -248,6 +249,8 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
bool mpg;
bool enumerate;
uint32_t trust_direction;
+ struct ldb_message_element *tmp_el;
+ const char **upn_suffixes;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
@@ -308,6 +311,17 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
forest = ldb_msg_find_attr_as_string(res->msgs[i],
SYSDB_SUBDOMAIN_FOREST, NULL);
+ upn_suffixes = NULL;
+ tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES);
+ if (tmp_el != NULL) {
+ upn_suffixes = sss_ldb_el_to_string_list(tmp_ctx, tmp_el);
+ if (upn_suffixes == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "sss_ldb_el_to_string_list failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+
trust_direction = ldb_msg_find_attr_as_int(res->msgs[i],
SYSDB_SUBDOMAIN_TRUST_DIRECTION,
0);
@@ -382,6 +396,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
}
}
+ talloc_zfree(dom->upn_suffixes);
+ dom->upn_suffixes = talloc_steal(dom, upn_suffixes);
+
if (!dom->has_views && dom->view_name == NULL) {
/* maybe views are not initialized, copy from parent */
dom->has_views = dom->parent->has_views;
@@ -448,7 +465,7 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
errno_t ret;
TALLOC_CTX *tmp_ctx;
const char *tmp_str;
- struct ldb_message_element **tmp_el;
+ struct ldb_message_element *tmp_el;
struct ldb_dn *basedn;
struct ldb_result *res;
const char *attrs[] = {"cn",
@@ -806,7 +823,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
const char *name, const char *realm,
const char *flat_name, const char *domain_id,
bool mpg, bool enumerate, const char *forest,
- uint32_t trust_direction)
+ uint32_t trust_direction,
+ struct ldb_message_element *upn_suffixes)
{
TALLOC_CTX *tmp_ctx;
struct ldb_message *msg;
@@ -820,8 +838,10 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
SYSDB_SUBDOMAIN_ENUM,
SYSDB_SUBDOMAIN_FOREST,
SYSDB_SUBDOMAIN_TRUST_DIRECTION,
+ SYSDB_UPN_SUFFIXES,
NULL};
const char *tmp_str;
+ struct ldb_message_element *tmp_el;
bool tmp_bool;
bool store = false;
int realm_flags = 0;
@@ -831,6 +851,7 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
int enum_flags = 0;
int forest_flags = 0;
int td_flags = 0;
+ int upn_flags = 0;
uint32_t tmp_td;
int ret;
@@ -864,6 +885,7 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
enum_flags = LDB_FLAG_MOD_ADD;
if (forest) forest_flags = LDB_FLAG_MOD_ADD;
if (trust_direction) td_flags = LDB_FLAG_MOD_ADD;
+ if (upn_suffixes) upn_flags = LDB_FLAG_MOD_ADD;
} else if (res->count != 1) {
ret = EINVAL;
goto done;
@@ -915,11 +937,21 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
if (tmp_td != trust_direction) {
td_flags = LDB_FLAG_MOD_REPLACE;
}
+
+ if (upn_suffixes) {
+ tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES);
+ /* Luckily ldb_msg_element_compare() only compares the values and
+ * not the name. */
+ if (tmp_el == NULL
+ || ldb_msg_element_compare(upn_suffixes, tmp_el) != 0) {
+ upn_flags = LDB_FLAG_MOD_REPLACE;
+ }
+ }
}
if (!store && realm_flags == 0 && flat_flags == 0 && id_flags == 0
&& mpg_flags == 0 && enum_flags == 0 && forest_flags == 0
- && td_flags == 0) {
+ && td_flags == 0 && upn_flags == 0) {
ret = EOK;
goto done;
}
@@ -1048,6 +1080,24 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
}
}
+ if (upn_flags) {
+ tmp_el = talloc_zero(tmp_ctx, struct ldb_message_element);
+ if (tmp_el == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+
+ tmp_el->name = SYSDB_UPN_SUFFIXES;
+ tmp_el->num_values = upn_suffixes->num_values;
+ tmp_el->values = upn_suffixes->values;
+ ret = ldb_msg_add(msg, tmp_el, upn_flags);
+ if (ret != LDB_SUCCESS) {
+ ret = sysdb_error_to_errno(ret);
+ goto done;
+ }
+ }
+
ret = ldb_modify(sysdb->ldb, msg);
if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add subdomain attributes to "
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 0a8d1f53cb005507abe4ac55d0fa1ccc9e32b173..928c4fe93cc6afa5c3f69c14503896db820a4c0a 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -252,7 +252,7 @@ ad_subdom_store(struct sdap_idmap_ctx *idmap_ctx,
mpg = sdap_idmap_domain_has_algorithmic_mapping(idmap_ctx, name, sid_str);
ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str,
- mpg, enumerate, domain->forest, 0);
+ mpg, enumerate, domain->forest, 0, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_subdomain_store failed.\n");
goto done;
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 62b8f65e5d29a4850f90ea7c19abd297becc96f5..925b1d8b133eb56724ee4f9133a2487090982a8b 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -375,6 +375,7 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent,
bool mpg;
bool enumerate;
uint32_t direction;
+ struct ldb_message_element *alternative_domain_suffixes = NULL;
tmp_ctx = talloc_new(parent);
if (tmp_ctx == NULL) {
@@ -405,6 +406,12 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent,
goto done;
}
+ ret = sysdb_attrs_get_el_ext(attrs, IPA_ADDITIONAL_SUFFIXES, false,
+ &alternative_domain_suffixes);
+ if (ret != EOK && ret != ENOENT) {
+ goto done;
+ }
+
mpg = sdap_idmap_domain_has_algorithmic_mapping(sdap_idmap_ctx, name, id);
ret = ipa_subdom_get_forest(tmp_ctx, sysdb_ctx_get_ldb(parent->sysdb),
@@ -431,7 +438,7 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent,
"Trust direction of %s is %s\n", name, ipa_trust_dir2str(direction));
ret = sysdb_subdomain_store(parent->sysdb, name, realm, flat,
id, mpg, enumerate, forest,
- direction);
+ direction, alternative_domain_suffixes);
if (ret) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_subdomain_store failed.\n");
goto done;
diff --git a/src/tests/cmocka/test_ipa_subdomains_server.c b/src/tests/cmocka/test_ipa_subdomains_server.c
index 0fddc951894dee45658497851473b9bddbba0ef7..123cf11c01ef4687eecad31a9d73120a87c643e1 100644
--- a/src/tests/cmocka/test_ipa_subdomains_server.c
+++ b/src/tests/cmocka/test_ipa_subdomains_server.c
@@ -253,14 +253,14 @@ static void add_test_subdomains(struct trust_test_ctx *test_ctx,
SUBDOM_NAME, SUBDOM_REALM,
NULL, SUBDOM_SID,
true, false, SUBDOM_REALM,
- direction);
+ direction, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
CHILD_NAME, CHILD_REALM,
CHILD_FLAT, CHILD_SID,
true, false, SUBDOM_REALM,
- direction);
+ direction, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_update_subdomains(test_ctx->tctx->dom);
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 4137e9151be561a57a8f2e674f385ecb37119255..82a304feed864b09168d0f3e06a4e1bb120df7e4 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -3089,7 +3089,7 @@ static int nss_subdom_test_setup(void **state)
ret = sysdb_subdomain_store(nss_test_ctx->tctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, 0);
+ false, false, NULL, 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_update_subdomains(nss_test_ctx->tctx->dom);
diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c
index 6d1ec884284487a12bcbfad77c00cd6c30f67707..c9db56841e841472c81d00a79f475dbbd975ccb0 100644
--- a/src/tests/cmocka/test_sysdb_subdomains.c
+++ b/src/tests/cmocka/test_sysdb_subdomains.c
@@ -103,7 +103,7 @@ static void test_sysdb_subdomain_create(void **state)
ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
dom1[0], dom1[1], dom1[2], dom1[3],
- false, false, NULL, 0);
+ false, false, NULL, 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_update_subdomains(test_ctx->tctx->dom);
@@ -115,7 +115,7 @@ static void test_sysdb_subdomain_create(void **state)
ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
dom2[0], dom2[1], dom2[2], dom2[3],
- false, false, NULL, 1);
+ false, false, NULL, 1, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_update_subdomains(test_ctx->tctx->dom);
@@ -128,12 +128,12 @@ static void test_sysdb_subdomain_create(void **state)
/* Reverse the trust directions */
ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
dom1[0], dom1[1], dom1[2], dom1[3],
- false, false, NULL, 1);
+ false, false, NULL, 1, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
dom2[0], dom2[1], dom2[2], dom2[3],
- false, false, NULL, 0);
+ false, false, NULL, 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_update_subdomains(test_ctx->tctx->dom);
@@ -215,27 +215,27 @@ static void test_sysdb_link_forest_root_ipa(void **state)
ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
dom1[0], dom1[1], dom1[2], dom1[3],
- false, false, dom1[4], 0);
+ false, false, dom1[4], 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
child_dom1[0], child_dom1[1],
child_dom1[2], child_dom1[3],
false, false, child_dom1[4],
- 0);
+ 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
dom2[0], dom2[1], dom2[2], dom2[3],
false, false, dom2[4],
- 0);
+ 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
child_dom2[0], child_dom2[1],
child_dom2[2], child_dom2[3],
false, false, child_dom2[4],
- 0);
+ 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_update_subdomains(test_ctx->tctx->dom);
@@ -308,14 +308,14 @@ static void test_sysdb_link_forest_root_ad(void **state)
child_dom[0], child_dom[1],
child_dom[2], child_dom[3],
false, false, child_dom[4],
- 0);
+ 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
sub_dom[0], sub_dom[1],
sub_dom[2], sub_dom[3],
false, false, sub_dom[4],
- 0);
+ 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_update_subdomains(test_ctx->tctx->dom);
@@ -385,14 +385,14 @@ static void test_sysdb_link_forest_member_ad(void **state)
sub_dom[0], sub_dom[1],
sub_dom[2], sub_dom[3],
false, false, sub_dom[4],
- 0);
+ 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
forest_root[0], forest_root[1],
forest_root[2], forest_root[3],
false, false, forest_root[4],
- 0);
+ 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_master_domain_update(test_ctx->tctx->dom);
@@ -469,7 +469,7 @@ static void test_sysdb_link_ad_multidom(void **state)
child_dom[0], child_dom[1],
child_dom[2], child_dom[3],
false, false, child_dom[4],
- 0);
+ 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_master_domain_update(main_dom1);
@@ -489,7 +489,7 @@ static void test_sysdb_link_ad_multidom(void **state)
ret = sysdb_subdomain_store(main_dom2->sysdb,
dom2_forest_root[0], dom2_forest_root[1],
dom2_forest_root[2], dom2_forest_root[3],
- false, false, dom2_forest_root[4], 0);
+ false, false, dom2_forest_root[4], 0, NULL);
assert_int_equal(ret, EOK);
ret = sysdb_master_domain_update(main_dom2);
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index bac8a8788b4fde0d6039121efead6fc20fa046f9..d1450015cb0f0b073045e7b6031423e3f5494d78 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -5472,7 +5472,7 @@ START_TEST(test_sysdb_subdomain_store_user)
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, 0);
+ false, false, NULL, 0, NULL);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
ret = sysdb_update_subdomains(test_ctx->domain);
@@ -5551,7 +5551,7 @@ START_TEST(test_sysdb_subdomain_user_ops)
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, 0);
+ false, false, NULL, 0, NULL);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
ret = sysdb_update_subdomains(test_ctx->domain);
@@ -5624,7 +5624,7 @@ START_TEST(test_sysdb_subdomain_group_ops)
fail_unless(subdomain != NULL, "Failed to create new subdomin.");
ret = sysdb_subdomain_store(test_ctx->sysdb,
testdom[0], testdom[1], testdom[2], testdom[3],
- false, false, NULL, 0);
+ false, false, NULL, 0, NULL);
fail_if(ret != EOK, "Could not set up the test (test subdom)");
ret = sysdb_update_subdomains(test_ctx->domain);
--
2.4.11