Blame SOURCES/0041-sysdb-read-and-interpret-domain-s-enabled-attribute.patch

5fca41
From b2cd4a74e231611f7862a8bb39a655c5194a035a Mon Sep 17 00:00:00 2001
5fca41
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
5fca41
Date: Thu, 30 May 2019 12:52:33 +0200
5fca41
Subject: [PATCH 41/44] sysdb: read and interpret domain's enabled attribute
5fca41
5fca41
Disable domain if its sysdb object has enabled=false.
5fca41
5fca41
Resolves:
5fca41
https://pagure.io/SSSD/sssd/issue/4009
5fca41
5fca41
Reviewed-by: Sumit Bose <sbose@redhat.com>
5fca41
(cherry picked from commit d278704d85fea74c229b67e6a63b650b0d776c88)
5fca41
---
5fca41
 src/db/sysdb_private.h                      |  3 ++-
5fca41
 src/db/sysdb_subdomains.c                   | 29 ++++++++++++++++++---
5fca41
 src/tests/cmocka/test_fqnames.c             |  2 +-
5fca41
 src/tests/cmocka/test_negcache.c            |  2 +-
5fca41
 src/tests/cmocka/test_nss_srv.c             |  2 +-
5fca41
 src/tests/cmocka/test_responder_cache_req.c |  2 +-
5fca41
 src/tests/sysdb-tests.c                     |  8 +++---
5fca41
 7 files changed, 35 insertions(+), 13 deletions(-)
5fca41
5fca41
diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
5fca41
index 58544d826..f3d34dd6f 100644
5fca41
--- a/src/db/sysdb_private.h
5fca41
+++ b/src/db/sysdb_private.h
5fca41
@@ -206,7 +206,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
5fca41
                                       const char *forest,
5fca41
                                       const char **upn_suffixes,
5fca41
                                       uint32_t trust_direction,
5fca41
-                                      struct confdb_ctx *confdb);
5fca41
+                                      struct confdb_ctx *confdb,
5fca41
+                                      bool enabled);
5fca41
 
5fca41
 /* Helper functions to deal with the timestamp cache should not be used
5fca41
  * outside the sysdb itself. The timestamp cache should be completely
5fca41
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
5fca41
index d467dfce5..cf09b424e 100644
5fca41
--- a/src/db/sysdb_subdomains.c
5fca41
+++ b/src/db/sysdb_subdomains.c
5fca41
@@ -39,7 +39,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
5fca41
                                       const char *forest,
5fca41
                                       const char **upn_suffixes,
5fca41
                                       uint32_t trust_direction,
5fca41
-                                      struct confdb_ctx *confdb)
5fca41
+                                      struct confdb_ctx *confdb,
5fca41
+                                      bool enabled)
5fca41
 {
5fca41
     struct sss_domain_info *dom;
5fca41
     bool inherit_option;
5fca41
@@ -127,7 +128,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
5fca41
     dom->enumerate = enumerate;
5fca41
     dom->fqnames = true;
5fca41
     dom->mpg_mode = mpg_mode;
5fca41
-    dom->state = DOM_ACTIVE;
5fca41
+    dom->state = enabled ? DOM_ACTIVE : DOM_DISABLED;
5fca41
 
5fca41
     /* use fully qualified names as output in order to avoid causing
5fca41
      * conflicts with users who have the same name and either the
5fca41
@@ -313,6 +314,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
5fca41
                            SYSDB_SUBDOMAIN_FOREST,
5fca41
                            SYSDB_SUBDOMAIN_TRUST_DIRECTION,
5fca41
                            SYSDB_UPN_SUFFIXES,
5fca41
+                           SYSDB_ENABLED,
5fca41
                            NULL};
5fca41
     struct sss_domain_info *dom;
5fca41
     struct ldb_dn *basedn;
5fca41
@@ -322,6 +324,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
5fca41
     const char *id;
5fca41
     const char *forest;
5fca41
     const char *str_mpg_mode;
5fca41
+    bool enabled;
5fca41
     enum sss_domain_mpg_mode mpg_mode;
5fca41
     bool enumerate;
5fca41
     uint32_t trust_direction;
5fca41
@@ -406,10 +409,14 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
5fca41
                                              SYSDB_SUBDOMAIN_TRUST_DIRECTION,
5fca41
                                              0);
5fca41
 
5fca41
+        enabled = ldb_msg_find_attr_as_bool(res->msgs[i], SYSDB_ENABLED, true);
5fca41
+
5fca41
         for (dom = domain->subdomains; dom;
5fca41
                 dom = get_next_domain(dom, SSS_GND_INCLUDE_DISABLED)) {
5fca41
             if (strcasecmp(dom->name, name) == 0) {
5fca41
-                sss_domain_set_state(dom, DOM_ACTIVE);
5fca41
+                if (enabled) {
5fca41
+                    sss_domain_set_state(dom, DOM_ACTIVE);
5fca41
+                }
5fca41
 
5fca41
                 /* in theory these may change, but it should never happen */
5fca41
                 if (strcasecmp(dom->realm, realm) != 0) {
5fca41
@@ -522,7 +529,8 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
5fca41
         if (dom == NULL) {
5fca41
             dom = new_subdomain(domain, domain, name, realm,
5fca41
                                 flat, id, mpg_mode, enumerate, forest,
5fca41
-                                upn_suffixes, trust_direction, confdb);
5fca41
+                                upn_suffixes, trust_direction, confdb,
5fca41
+                                enabled);
5fca41
             if (dom == NULL) {
5fca41
                 ret = ENOMEM;
5fca41
                 goto done;
5fca41
@@ -548,12 +556,15 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
5fca41
     struct ldb_message_element *tmp_el;
5fca41
     struct ldb_dn *basedn;
5fca41
     struct ldb_result *res;
5fca41
+    enum sss_domain_state state;
5fca41
+    bool enabled;
5fca41
     const char *attrs[] = {"cn",
5fca41
                            SYSDB_SUBDOMAIN_REALM,
5fca41
                            SYSDB_SUBDOMAIN_FLAT,
5fca41
                            SYSDB_SUBDOMAIN_ID,
5fca41
                            SYSDB_SUBDOMAIN_FOREST,
5fca41
                            SYSDB_UPN_SUFFIXES,
5fca41
+                           SYSDB_ENABLED,
5fca41
                            NULL};
5fca41
     char *view_name = NULL;
5fca41
 
5fca41
@@ -650,6 +661,16 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
5fca41
         talloc_zfree(domain->upn_suffixes);
5fca41
     }
5fca41
 
5fca41
+    state = sss_domain_get_state(domain);
5fca41
+    enabled = ldb_msg_find_attr_as_bool(res->msgs[0], SYSDB_ENABLED, true);
5fca41
+    if (!enabled) {
5fca41
+        sss_domain_set_state(domain, DOM_DISABLED);
5fca41
+    } else if (state == DOM_DISABLED) {
5fca41
+        /* We do not want to enable INACTIVE or INCONSISTENT domain. This
5fca41
+         * is managed by data provider. */
5fca41
+        sss_domain_set_state(domain, DOM_ACTIVE);
5fca41
+    }
5fca41
+
5fca41
     ret = sysdb_get_view_name(tmp_ctx, domain->sysdb, &view_name);
5fca41
     if (ret != EOK && ret != ENOENT) {
5fca41
         DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_view_name failed.\n");
5fca41
diff --git a/src/tests/cmocka/test_fqnames.c b/src/tests/cmocka/test_fqnames.c
5fca41
index 09f7db0d1..770c0d7bf 100644
5fca41
--- a/src/tests/cmocka/test_fqnames.c
5fca41
+++ b/src/tests/cmocka/test_fqnames.c
5fca41
@@ -310,7 +310,7 @@ static int parse_name_test_setup(void **state)
5fca41
      */
5fca41
     test_ctx->subdom = new_subdomain(dom, dom, SUBDOMNAME, NULL, SUBFLATNAME,
5fca41
                                      NULL, MPG_DISABLED, false,
5fca41
-                                     NULL, NULL, 0, NULL);
5fca41
+                                     NULL, NULL, 0, NULL, true);
5fca41
     assert_non_null(test_ctx->subdom);
5fca41
 
5fca41
     check_leaks_push(test_ctx);
5fca41
diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
5fca41
index 0a7e563e0..0876cfdaf 100644
5fca41
--- a/src/tests/cmocka/test_negcache.c
5fca41
+++ b/src/tests/cmocka/test_negcache.c
5fca41
@@ -645,7 +645,7 @@ static void test_sss_ncache_prepopulate(void **state)
5fca41
     subdomain = new_subdomain(tc, tc->dom,
5fca41
                               testdom[0], testdom[1], testdom[2], testdom[3],
5fca41
                               false, false, NULL, NULL, 0,
5fca41
-                              tc->confdb);
5fca41
+                              tc->confdb, true);
5fca41
     assert_non_null(subdomain);
5fca41
 
5fca41
     ret = sysdb_subdomain_store(tc->sysdb,
5fca41
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
5fca41
index 0ae177571..95c080caf 100644
5fca41
--- a/src/tests/cmocka/test_nss_srv.c
5fca41
+++ b/src/tests/cmocka/test_nss_srv.c
5fca41
@@ -3475,7 +3475,7 @@ static int nss_subdom_test_setup_common(void **state, bool nonfqnames)
5fca41
     subdomain = new_subdomain(nss_test_ctx, nss_test_ctx->tctx->dom,
5fca41
                               testdom[0], testdom[1], testdom[2], testdom[3],
5fca41
                               false, false, NULL, NULL, 0,
5fca41
-                              nss_test_ctx->tctx->confdb);
5fca41
+                              nss_test_ctx->tctx->confdb, true);
5fca41
     assert_non_null(subdomain);
5fca41
 
5fca41
     ret = sysdb_subdomain_store(nss_test_ctx->tctx->sysdb,
5fca41
diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c
5fca41
index 47d9aab54..9f3b49cd9 100644
5fca41
--- a/src/tests/cmocka/test_responder_cache_req.c
5fca41
+++ b/src/tests/cmocka/test_responder_cache_req.c
5fca41
@@ -687,7 +687,7 @@ static int test_subdomain_setup(void **state)
5fca41
     test_ctx->subdomain = new_subdomain(test_ctx, test_ctx->tctx->dom,
5fca41
                               testdom[0], testdom[1], testdom[2], testdom[3],
5fca41
                               MPG_DISABLED, false, NULL, NULL, 0,
5fca41
-                              test_ctx->tctx->confdb);
5fca41
+                              test_ctx->tctx->confdb, true);
5fca41
     assert_non_null(test_ctx->subdomain);
5fca41
 
5fca41
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
5fca41
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
5fca41
index ed98fe6ce..832d60466 100644
5fca41
--- a/src/tests/sysdb-tests.c
5fca41
+++ b/src/tests/sysdb-tests.c
5fca41
@@ -1541,7 +1541,7 @@ START_TEST (test_sysdb_get_user_attr_subdomain)
5fca41
     /* Create subdomain */
5fca41
     subdomain = new_subdomain(test_ctx, test_ctx->domain,
5fca41
                               "test.sub", "TEST.SUB", "test", "S-3",
5fca41
-                              MPG_DISABLED, false, NULL, NULL, 0, NULL);
5fca41
+                              MPG_DISABLED, false, NULL, NULL, 0, NULL, true);
5fca41
     fail_if(subdomain == NULL, "Failed to create new subdomain.");
5fca41
 
5fca41
     ret = sss_names_init_from_args(test_ctx,
5fca41
@@ -6143,7 +6143,7 @@ START_TEST(test_sysdb_subdomain_store_user)
5fca41
 
5fca41
     subdomain = new_subdomain(test_ctx, test_ctx->domain,
5fca41
                               testdom[0], testdom[1], testdom[2], testdom[3],
5fca41
-                              MPG_DISABLED, false, NULL, NULL, 0, NULL);
5fca41
+                              MPG_DISABLED, false, NULL, NULL, 0, NULL, true);
5fca41
     fail_unless(subdomain != NULL, "Failed to create new subdomain.");
5fca41
     ret = sysdb_subdomain_store(test_ctx->sysdb,
5fca41
                                 testdom[0], testdom[1], testdom[2], testdom[3],
5fca41
@@ -6222,7 +6222,7 @@ START_TEST(test_sysdb_subdomain_user_ops)
5fca41
 
5fca41
     subdomain = new_subdomain(test_ctx, test_ctx->domain,
5fca41
                               testdom[0], testdom[1], testdom[2], testdom[3],
5fca41
-                              MPG_DISABLED, false, NULL, NULL, 0, NULL);
5fca41
+                              MPG_DISABLED, false, NULL, NULL, 0, NULL, true);
5fca41
     fail_unless(subdomain != NULL, "Failed to create new subdomain.");
5fca41
     ret = sysdb_subdomain_store(test_ctx->sysdb,
5fca41
                                 testdom[0], testdom[1], testdom[2], testdom[3],
5fca41
@@ -6295,7 +6295,7 @@ START_TEST(test_sysdb_subdomain_group_ops)
5fca41
 
5fca41
     subdomain = new_subdomain(test_ctx, test_ctx->domain,
5fca41
                               testdom[0], testdom[1], testdom[2], testdom[3],
5fca41
-                              MPG_DISABLED, false, NULL, NULL, 0, NULL);
5fca41
+                              MPG_DISABLED, false, NULL, NULL, 0, NULL, true);
5fca41
     fail_unless(subdomain != NULL, "Failed to create new subdomain.");
5fca41
     ret = sysdb_subdomain_store(test_ctx->sysdb,
5fca41
                                 testdom[0], testdom[1], testdom[2], testdom[3],
5fca41
-- 
5fca41
2.20.1
5fca41