dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0023-sysdb-add-UPN-suffix-support-for-the-master-domain.patch

b2d430
From 2ffd083501491a8ac3880dc834d01f7ee00fddfc Mon Sep 17 00:00:00 2001
b2d430
From: Sumit Bose <sbose@redhat.com>
b2d430
Date: Thu, 30 Jun 2016 13:48:58 +0200
b2d430
Subject: [PATCH 23/27] sysdb: add UPN suffix support for the master domain
b2d430
b2d430
sysdb_master_domain_update() and sysdb_master_domain_add_info() are now
b2d430
aware of the UPN suffix attribute.
b2d430
b2d430
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
b2d430
(cherry picked from commit 132b31fd5fb74a7627896cdceaf29c7601ed4795)
b2d430
---
b2d430
 src/confdb/confdb.h                      |  1 +
b2d430
 src/db/sysdb.h                           |  4 ++-
b2d430
 src/db/sysdb_subdomains.c                | 49 ++++++++++++++++++++++++++++++--
b2d430
 src/providers/ad/ad_id.c                 |  2 +-
b2d430
 src/providers/ad/ad_subdomains.c         |  2 +-
b2d430
 src/providers/ipa/ipa_subdomains.c       | 10 ++++++-
b2d430
 src/tests/cmocka/test_sysdb_subdomains.c | 18 ++++++++----
b2d430
 7 files changed, 74 insertions(+), 12 deletions(-)
b2d430
b2d430
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
b2d430
index cc8f66f02eb5ac10ced826326f80bbf5eda82ee1..0265ccac5ee2e7b8baa05bf6b09df39ea5b4059a 100644
b2d430
--- a/src/confdb/confdb.h
b2d430
+++ b/src/confdb/confdb.h
b2d430
@@ -315,6 +315,7 @@ struct sss_domain_info {
b2d430
      */
b2d430
     char *forest;
b2d430
     struct sss_domain_info *forest_root;
b2d430
+    char **upn_suffixes;
b2d430
 };
b2d430
 
b2d430
 /**
b2d430
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
b2d430
index 609921fbb0f29561d7e52e8d1404a929af3c5b26..a8dcaa4a9ac5715150487f7efc9c35b778fa0163 100644
b2d430
--- a/src/db/sysdb.h
b2d430
+++ b/src/db/sysdb.h
b2d430
@@ -147,6 +147,7 @@
b2d430
 #define SYSDB_SUBDOMAIN_ENUM "enumerate"
b2d430
 #define SYSDB_SUBDOMAIN_FOREST "memberOfForest"
b2d430
 #define SYSDB_SUBDOMAIN_TRUST_DIRECTION "trustDirection"
b2d430
+#define SYSDB_UPN_SUFFIXES "upnSuffixes"
b2d430
 
b2d430
 #define SYSDB_BASE_ID "baseID"
b2d430
 #define SYSDB_ID_RANGE_SIZE "idRangeSize"
b2d430
@@ -475,7 +476,8 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
b2d430
                                      const char *realm,
b2d430
                                      const char *flat,
b2d430
                                      const char *id,
b2d430
-                                     const char* forest);
b2d430
+                                     const char *forest,
b2d430
+                                     struct ldb_message_element *alt_dom_suf);
b2d430
 
b2d430
 errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name);
b2d430
 
b2d430
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
b2d430
index 456e6621b3434a9dbf2e611ad880facbc171c174..c0a190f36d886325a5be1e5d1145b6aef6860ffc 100644
b2d430
--- a/src/db/sysdb_subdomains.c
b2d430
+++ b/src/db/sysdb_subdomains.c
b2d430
@@ -448,6 +448,7 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
b2d430
     errno_t ret;
b2d430
     TALLOC_CTX *tmp_ctx;
b2d430
     const char *tmp_str;
b2d430
+    struct ldb_message_element **tmp_el;
b2d430
     struct ldb_dn *basedn;
b2d430
     struct ldb_result *res;
b2d430
     const char *attrs[] = {"cn",
b2d430
@@ -455,6 +456,7 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
b2d430
                            SYSDB_SUBDOMAIN_FLAT,
b2d430
                            SYSDB_SUBDOMAIN_ID,
b2d430
                            SYSDB_SUBDOMAIN_FOREST,
b2d430
+                           SYSDB_UPN_SUFFIXES,
b2d430
                            NULL};
b2d430
     char *view_name = NULL;
b2d430
 
b2d430
@@ -539,6 +541,19 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
b2d430
         }
b2d430
     }
b2d430
 
b2d430
+    tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES);
b2d430
+    if (tmp_el != NULL) {
b2d430
+        talloc_free(domain->upn_suffixes);
b2d430
+        domain->upn_suffixes = sss_ldb_el_to_string_list(domain, tmp_el);
b2d430
+        if (domain->upn_suffixes == NULL) {
b2d430
+            DEBUG(SSSDBG_OP_FAILURE, "sss_ldb_el_to_string_list failed.\n");
b2d430
+            ret = ENOMEM;
b2d430
+            goto done;
b2d430
+        }
b2d430
+    } else {
b2d430
+        talloc_zfree(domain->upn_suffixes);
b2d430
+    }
b2d430
+
b2d430
     ret = sysdb_get_view_name(tmp_ctx, domain->sysdb, &view_name);
b2d430
     if (ret != EOK && ret != ENOENT) {
b2d430
         DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_view_name failed.\n");
b2d430
@@ -633,7 +648,8 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
b2d430
                                      const char *realm,
b2d430
                                      const char *flat,
b2d430
                                      const char *id,
b2d430
-                                     const char* forest)
b2d430
+                                     const char *forest,
b2d430
+                                     struct ldb_message_element *upn_suffixes)
b2d430
 {
b2d430
     TALLOC_CTX *tmp_ctx;
b2d430
     struct ldb_message *msg;
b2d430
@@ -720,7 +736,6 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
b2d430
             ret = sysdb_error_to_errno(ret);
b2d430
             goto done;
b2d430
         }
b2d430
-
b2d430
         ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_REALM, realm);
b2d430
         if (ret != LDB_SUCCESS) {
b2d430
             ret = sysdb_error_to_errno(ret);
b2d430
@@ -730,6 +745,36 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
b2d430
         do_update = true;
b2d430
     }
b2d430
 
b2d430
+    if (upn_suffixes != NULL) {
b2d430
+        talloc_free(discard_const(upn_suffixes->name));
b2d430
+        upn_suffixes->name = talloc_strdup(upn_suffixes, SYSDB_UPN_SUFFIXES);
b2d430
+        if (upn_suffixes->name == NULL) {
b2d430
+            DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
b2d430
+            ret = ENOMEM;
b2d430
+            goto done;
b2d430
+        }
b2d430
+
b2d430
+        ret = ldb_msg_add(msg, upn_suffixes, LDB_FLAG_MOD_REPLACE);
b2d430
+        if (ret != LDB_SUCCESS) {
b2d430
+            ret = sysdb_error_to_errno(ret);
b2d430
+            goto done;
b2d430
+        }
b2d430
+
b2d430
+        do_update = true;
b2d430
+    } else {
b2d430
+        /* Remove alternative_domain_suffixes from the cache */
b2d430
+        if (domain->upn_suffixes != NULL) {
b2d430
+            ret = ldb_msg_add_empty(msg, SYSDB_UPN_SUFFIXES,
b2d430
+                                    LDB_FLAG_MOD_DELETE, NULL);
b2d430
+            if (ret != LDB_SUCCESS) {
b2d430
+                ret = sysdb_error_to_errno(ret);
b2d430
+                goto done;
b2d430
+            }
b2d430
+        }
b2d430
+
b2d430
+        do_update = true;
b2d430
+    }
b2d430
+
b2d430
     if (do_update == false) {
b2d430
         ret = EOK;
b2d430
         goto done;
b2d430
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
b2d430
index 92ac4ab6a13d7094f7a663b4a070feea3be09571..98915b4b966e2665dbd34257e4002d72b95d76b2 100644
b2d430
--- a/src/providers/ad/ad_id.c
b2d430
+++ b/src/providers/ad/ad_id.c
b2d430
@@ -631,7 +631,7 @@ ad_enumeration_master_done(struct tevent_req *subreq)
b2d430
     }
b2d430
 
b2d430
     ret = sysdb_master_domain_add_info(state->sdom->dom, state->realm,
b2d430
-                                       flat_name, master_sid, forest);
b2d430
+                                       flat_name, master_sid, forest, NULL);
b2d430
     if (ret != EOK) {
b2d430
         DEBUG(SSSDBG_OP_FAILURE, "Cannot save master domain info\n");
b2d430
         tevent_req_error(req, ret);
b2d430
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
b2d430
index 05dfc3085fb14a87b5703518d784056b71bf5de0..0a8d1f53cb005507abe4ac55d0fa1ccc9e32b173 100644
b2d430
--- a/src/providers/ad/ad_subdomains.c
b2d430
+++ b/src/providers/ad/ad_subdomains.c
b2d430
@@ -1131,7 +1131,7 @@ static void ad_subdomains_refresh_master_done(struct tevent_req *subreq)
b2d430
     }
b2d430
 
b2d430
     ret = sysdb_master_domain_add_info(state->be_ctx->domain, realm,
b2d430
-                                       flat_name, master_sid, forest);
b2d430
+                                       flat_name, master_sid, forest, NULL);
b2d430
     if (ret != EOK) {
b2d430
         DEBUG(SSSDBG_OP_FAILURE, "Cannot save master domain info [%d]: %s\n",
b2d430
               ret, sss_strerror(ret));
b2d430
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
b2d430
index 263d6207960c232d08114bd0163b3fd03a690685..62b8f65e5d29a4850f90ea7c19abd297becc96f5 100644
b2d430
--- a/src/providers/ipa/ipa_subdomains.c
b2d430
+++ b/src/providers/ipa/ipa_subdomains.c
b2d430
@@ -855,6 +855,7 @@ static void ipa_subdomains_master_done(struct tevent_req *subreq)
b2d430
     const char *flat = NULL;
b2d430
     const char *id = NULL;
b2d430
     const char *realm = NULL;
b2d430
+    struct ldb_message_element *alternative_domain_suffixes = NULL;
b2d430
     errno_t ret;
b2d430
 
b2d430
     req = tevent_req_callback_data(subreq, struct tevent_req);
b2d430
@@ -879,6 +880,12 @@ static void ipa_subdomains_master_done(struct tevent_req *subreq)
b2d430
         if (ret != EOK) {
b2d430
             goto done;
b2d430
         }
b2d430
+
b2d430
+        ret = sysdb_attrs_get_el_ext(reply[0], IPA_ADDITIONAL_SUFFIXES, false,
b2d430
+                                     &alternative_domain_suffixes);
b2d430
+        if (ret != EOK && ret != ENOENT) {
b2d430
+            goto done;
b2d430
+        }
b2d430
     } else {
b2d430
         /* All search paths are searched and no master domain record was
b2d430
          * found.
b2d430
@@ -896,7 +903,8 @@ static void ipa_subdomains_master_done(struct tevent_req *subreq)
b2d430
         goto done;
b2d430
     }
b2d430
 
b2d430
-    ret = sysdb_master_domain_add_info(state->domain, realm, flat, id, NULL);
b2d430
+    ret = sysdb_master_domain_add_info(state->domain, realm, flat, id, NULL,
b2d430
+                                       alternative_domain_suffixes);
b2d430
     if (ret != EOK) {
b2d430
         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add master domain info "
b2d430
               "[%d]: %s\n", ret, sss_strerror(ret));
b2d430
diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c
b2d430
index f55c2918015900351483e3471bf946ea60872dae..6d1ec884284487a12bcbfad77c00cd6c30f67707 100644
b2d430
--- a/src/tests/cmocka/test_sysdb_subdomains.c
b2d430
+++ b/src/tests/cmocka/test_sysdb_subdomains.c
b2d430
@@ -165,7 +165,8 @@ static void test_sysdb_master_domain_ops(void **state)
b2d430
         talloc_get_type(*state, struct subdom_test_ctx);
b2d430
 
b2d430
     ret = sysdb_master_domain_add_info(test_ctx->tctx->dom,
b2d430
-                                       "realm1", "flat1", "id1", "forest1");
b2d430
+                                       "realm1", "flat1", "id1", "forest1",
b2d430
+                                       NULL);
b2d430
     assert_int_equal(ret, EOK);
b2d430
 
b2d430
     ret = sysdb_master_domain_update(test_ctx->tctx->dom);
b2d430
@@ -177,7 +178,8 @@ static void test_sysdb_master_domain_ops(void **state)
b2d430
     assert_string_equal(test_ctx->tctx->dom->forest, "forest1");
b2d430
 
b2d430
     ret = sysdb_master_domain_add_info(test_ctx->tctx->dom,
b2d430
-                                       "realm2", "flat2", "id2", "forest2");
b2d430
+                                       "realm2", "flat2", "id2", "forest2",
b2d430
+                                       NULL);
b2d430
     assert_int_equal(ret, EOK);
b2d430
 
b2d430
     ret = sysdb_master_domain_update(test_ctx->tctx->dom);
b2d430
@@ -298,7 +300,8 @@ static void test_sysdb_link_forest_root_ad(void **state)
b2d430
                                        TEST_REALM,
b2d430
                                        TEST_FLAT_NAME,
b2d430
                                        TEST_SID,
b2d430
-                                       TEST_FOREST);
b2d430
+                                       TEST_FOREST,
b2d430
+                                       NULL);
b2d430
     assert_int_equal(ret, EOK);
b2d430
 
b2d430
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
b2d430
@@ -374,7 +377,8 @@ static void test_sysdb_link_forest_member_ad(void **state)
b2d430
                                        child_dom[1],
b2d430
                                        child_dom[2],
b2d430
                                        child_dom[3],
b2d430
-                                       TEST_FOREST);
b2d430
+                                       TEST_FOREST,
b2d430
+                                       NULL);
b2d430
     assert_int_equal(ret, EOK);
b2d430
 
b2d430
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
b2d430
@@ -457,7 +461,8 @@ static void test_sysdb_link_ad_multidom(void **state)
b2d430
                                        TEST_REALM,
b2d430
                                        TEST_FLAT_NAME,
b2d430
                                        TEST_SID,
b2d430
-                                       TEST_FOREST);
b2d430
+                                       TEST_FOREST,
b2d430
+                                       NULL);
b2d430
     assert_int_equal(ret, EOK);
b2d430
 
b2d430
     ret = sysdb_subdomain_store(main_dom1->sysdb,
b2d430
@@ -477,7 +482,8 @@ static void test_sysdb_link_ad_multidom(void **state)
b2d430
                                        TEST_REALM2,
b2d430
                                        TEST_FLAT_NAME2,
b2d430
                                        TEST_SID2,
b2d430
-                                       TEST_FOREST2);
b2d430
+                                       TEST_FOREST2,
b2d430
+                                       NULL);
b2d430
     assert_int_equal(ret, EOK);
b2d430
 
b2d430
     ret = sysdb_subdomain_store(main_dom2->sysdb,
b2d430
-- 
b2d430
2.4.11
b2d430