dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0100-AD-Provide-common-connection-list-construction-funct.patch

6cf099
From 809f139ac4c23dd9db20ea6068e18682f32eb1db Mon Sep 17 00:00:00 2001
6cf099
From: Jakub Hrozek <jhrozek@redhat.com>
6cf099
Date: Thu, 1 Oct 2015 13:13:05 +0200
6cf099
Subject: [PATCH 100/101] AD: Provide common connection list construction
6cf099
 functions
6cf099
6cf099
https://fedorahosted.org/sssd/ticket/2810
6cf099
6cf099
Provides a new AD common function ad_ldap_conn_list() that creates a
6cf099
list of AD connection to use along with properties to avoid mistakes
6cf099
when manually constructing these lists.
6cf099
6cf099
Reviewed-by: Sumit Bose <sbose@redhat.com>
6cf099
(cherry picked from commit 309aa83d16b5919f727af04850bcd0799ba0962f)
6cf099
(cherry picked from commit 15a4b34ccfcfbcec2c9ba529d0113adf251abc16)
6cf099
---
6cf099
 src/providers/ad/ad_common.c          | 26 +++++++++++++++++++
6cf099
 src/providers/ad/ad_common.h          |  5 ++++
6cf099
 src/providers/ad/ad_id.c              | 17 +------------
6cf099
 src/providers/ipa/ipa_subdomains_id.c | 21 ++++++----------
6cf099
 src/tests/cmocka/test_ad_common.c     | 47 ++++++++++++++++++++++++++++++-----
6cf099
 5 files changed, 81 insertions(+), 35 deletions(-)
6cf099
6cf099
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
6cf099
index 130cdeb613aae3843f7453a478815daaae6aab77..df277e55e234d4d4efe34d5f5d8efdfe7267fb60 100644
6cf099
--- a/src/providers/ad/ad_common.c
6cf099
+++ b/src/providers/ad/ad_common.c
6cf099
@@ -1236,6 +1236,14 @@ ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom)
6cf099
     subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx);
6cf099
     conn = subdom_id_ctx->ldap_ctx;
6cf099
 
6cf099
+    if (IS_SUBDOMAIN(sdom->dom) == true && conn != NULL) {
6cf099
+        /* Regardless of connection types, a subdomain error must not be
6cf099
+         * allowed to set the whole back end offline, rather report an error
6cf099
+         * and let the caller deal with it (normally disable the subdomain
6cf099
+         */
6cf099
+        conn->ignore_mark_offline = true;
6cf099
+    }
6cf099
+
6cf099
     return conn;
6cf099
 }
6cf099
 
6cf099
@@ -1260,3 +1268,21 @@ ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx,
6cf099
 
6cf099
     return clist;
6cf099
 }
6cf099
+
6cf099
+struct sdap_id_conn_ctx **
6cf099
+ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
6cf099
+                  struct ad_id_ctx *ad_ctx,
6cf099
+                  struct sss_domain_info *dom)
6cf099
+{
6cf099
+    struct sdap_id_conn_ctx **clist;
6cf099
+
6cf099
+    clist = talloc_zero_array(mem_ctx, struct sdap_id_conn_ctx *, 2);
6cf099
+    if (clist == NULL) {
6cf099
+        return NULL;
6cf099
+    }
6cf099
+
6cf099
+    clist[0] = ad_get_dom_ldap_conn(ad_ctx, dom);
6cf099
+
6cf099
+    clist[1] = NULL;
6cf099
+    return clist;
6cf099
+}
6cf099
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
6cf099
index 817f5b42cad7cad6a88244fd43bd91a4358d56c0..701e461987cb286ca7add2766ffb4dc496bde01e 100644
6cf099
--- a/src/providers/ad/ad_common.h
6cf099
+++ b/src/providers/ad/ad_common.h
6cf099
@@ -148,6 +148,11 @@ struct sdap_id_conn_ctx **
6cf099
 ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx,
6cf099
                struct sss_domain_info *dom);
6cf099
 
6cf099
+struct sdap_id_conn_ctx **
6cf099
+ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
6cf099
+                  struct ad_id_ctx *ad_ctx,
6cf099
+                  struct sss_domain_info *dom);
6cf099
+
6cf099
 struct sdap_id_conn_ctx *
6cf099
 ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom);
6cf099
 
6cf099
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
6cf099
index ecaf6c993bf7ddb7ba565d40ef0ad250114f5536..be0cb3b12f2e3a2b53d740ecf3befc07fd853f8b 100644
6cf099
--- a/src/providers/ad/ad_id.c
6cf099
+++ b/src/providers/ad/ad_id.c
6cf099
@@ -269,29 +269,14 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx,
6cf099
     case BE_REQ_GROUP: /* group */
6cf099
     case BE_REQ_INITGROUPS: /* init groups for user */
6cf099
         clist = ad_gc_conn_list(breq, ad_ctx, dom);
6cf099
-        if (clist == NULL) return NULL;
6cf099
         break;
6cf099
 
6cf099
     default:
6cf099
         /* Requests for other object should only contact LDAP by default */
6cf099
-        clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 2);
6cf099
-        if (clist == NULL) return NULL;
6cf099
-
6cf099
-        clist[0] = ad_ctx->ldap_ctx;
6cf099
-        clist[1] = NULL;
6cf099
+        clist = ad_ldap_conn_list(breq, ad_ctx, dom);
6cf099
         break;
6cf099
     }
6cf099
 
6cf099
-    /* Regardless of connection types, a subdomain error must not be allowed
6cf099
-     * to set the whole back end offline, rather report an error and let the
6cf099
-     * caller deal with it (normally disable the subdomain
6cf099
-     */
6cf099
-    if (IS_SUBDOMAIN(dom)) {
6cf099
-        for (cindex = 0; clist[cindex] != NULL; cindex++) {
6cf099
-            clist[cindex]->ignore_mark_offline = true;
6cf099
-        }
6cf099
-    }
6cf099
-
6cf099
     return clist;
6cf099
 }
6cf099
 
6cf099
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
6cf099
index 86dd71f3cc09f11de88c4269d49552718c5ba027..7acbb38e66c2c36ff230ae35b236544195a8104b 100644
6cf099
--- a/src/providers/ipa/ipa_subdomains_id.c
6cf099
+++ b/src/providers/ipa/ipa_subdomains_id.c
6cf099
@@ -640,21 +640,16 @@ ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx,
6cf099
     case BE_REQ_BY_SECID:
6cf099
     case BE_REQ_GROUP:
6cf099
         clist = ad_gc_conn_list(req, ad_id_ctx, state->obj_dom);
6cf099
-        if (clist == NULL) {
6cf099
-            ret = ENOMEM;
6cf099
-            goto fail;
6cf099
-        }
6cf099
-        clist[1]->ignore_mark_offline = true;
6cf099
         break;
6cf099
     default:
6cf099
-        clist = talloc_zero_array(req, struct sdap_id_conn_ctx *, 2);
6cf099
-        if (clist == NULL) {
6cf099
-            ret = ENOMEM;
6cf099
-            goto fail;
6cf099
-        }
6cf099
-        clist[0] = ad_id_ctx->ldap_ctx;
6cf099
-        clist[0]->ignore_mark_offline = true;
6cf099
-        clist[1] = NULL;
6cf099
+        clist = ad_ldap_conn_list(req, ad_id_ctx, state->obj_dom);
6cf099
+        break;
6cf099
+    }
6cf099
+
6cf099
+    if (clist == NULL) {
6cf099
+        DEBUG(SSSDBG_OP_FAILURE, "Cannot generate AD connection list!\n");
6cf099
+        ret = ENOMEM;
6cf099
+        goto fail;
6cf099
     }
6cf099
 
6cf099
     /* Now we already need ad_id_ctx in particular sdap_id_conn_ctx */
6cf099
diff --git a/src/tests/cmocka/test_ad_common.c b/src/tests/cmocka/test_ad_common.c
6cf099
index 985a05fae5a4d09ab102ed611c7d03ca8e4d955b..c7bcc0f7cfde7164672123a35940327ee3ca4aba 100644
6cf099
--- a/src/tests/cmocka/test_ad_common.c
6cf099
+++ b/src/tests/cmocka/test_ad_common.c
6cf099
@@ -337,7 +337,7 @@ __wrap_sdap_set_sasl_options(struct sdap_options *id_opts,
6cf099
     return EOK;
6cf099
 }
6cf099
 
6cf099
-void test_ldap_conn_list(void **state)
6cf099
+void test_ad_get_dom_ldap_conn(void **state)
6cf099
 {
6cf099
     struct sdap_id_conn_ctx *conn;
6cf099
 
6cf099
@@ -352,7 +352,7 @@ void test_ldap_conn_list(void **state)
6cf099
     assert_true(conn == test_ctx->subdom_ad_ctx->ldap_ctx);
6cf099
 }
6cf099
 
6cf099
-void test_conn_list(void **state)
6cf099
+void test_gc_conn_list(void **state)
6cf099
 {
6cf099
     struct sdap_id_conn_ctx **conn_list;
6cf099
 
6cf099
@@ -379,7 +379,8 @@ void test_conn_list(void **state)
6cf099
     assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx);
6cf099
     assert_true(conn_list[0]->ignore_mark_offline);
6cf099
     assert_true(conn_list[1] == test_ctx->subdom_ad_ctx->ldap_ctx);
6cf099
-    assert_false(conn_list[1]->ignore_mark_offline);
6cf099
+    /* Subdomain error should not set the backend offline! */
6cf099
+    assert_true(conn_list[1]->ignore_mark_offline);
6cf099
     talloc_free(conn_list);
6cf099
 
6cf099
     dp_opt_set_bool(test_ctx->ad_ctx->ad_options->basic, AD_ENABLE_GC, false);
6cf099
@@ -398,6 +399,37 @@ void test_conn_list(void **state)
6cf099
     assert_non_null(conn_list);
6cf099
 
6cf099
     assert_true(conn_list[0] == test_ctx->subdom_ad_ctx->ldap_ctx);
6cf099
+    assert_true(conn_list[0]->ignore_mark_offline);
6cf099
+    assert_null(conn_list[1]);
6cf099
+    talloc_free(conn_list);
6cf099
+}
6cf099
+
6cf099
+void test_ldap_conn_list(void **state)
6cf099
+{
6cf099
+    struct sdap_id_conn_ctx **conn_list;
6cf099
+
6cf099
+    struct ad_common_test_ctx *test_ctx = talloc_get_type(*state,
6cf099
+                                                     struct ad_common_test_ctx);
6cf099
+    assert_non_null(test_ctx);
6cf099
+
6cf099
+    conn_list = ad_ldap_conn_list(test_ctx,
6cf099
+                                  test_ctx->ad_ctx,
6cf099
+                                  test_ctx->dom);
6cf099
+    assert_non_null(conn_list);
6cf099
+
6cf099
+    assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx);
6cf099
+    assert_false(conn_list[0]->ignore_mark_offline);
6cf099
+    assert_null(conn_list[1]);
6cf099
+    talloc_free(conn_list);
6cf099
+
6cf099
+    conn_list = ad_ldap_conn_list(test_ctx,
6cf099
+                                  test_ctx->ad_ctx,
6cf099
+                                  test_ctx->subdom);
6cf099
+    assert_non_null(conn_list);
6cf099
+
6cf099
+    assert_true(conn_list[0] == test_ctx->subdom_ad_ctx->ldap_ctx);
6cf099
+    assert_true(conn_list[0]->ignore_mark_offline);
6cf099
+    assert_null(conn_list[1]);
6cf099
     talloc_free(conn_list);
6cf099
 }
6cf099
 
6cf099
@@ -419,12 +451,15 @@ int main(int argc, const char *argv[])
6cf099
         cmocka_unit_test_setup_teardown(test_ad_create_2way_trust_options,
6cf099
                                         test_ad_common_setup,
6cf099
                                         test_ad_common_teardown),
6cf099
+        cmocka_unit_test_setup_teardown(test_ad_get_dom_ldap_conn,
6cf099
+                                        test_ldap_conn_setup,
6cf099
+                                        test_ldap_conn_teardown),
6cf099
+        cmocka_unit_test_setup_teardown(test_gc_conn_list,
6cf099
+                                        test_ldap_conn_setup,
6cf099
+                                        test_ldap_conn_teardown),
6cf099
         cmocka_unit_test_setup_teardown(test_ldap_conn_list,
6cf099
                                         test_ldap_conn_setup,
6cf099
                                         test_ldap_conn_teardown),
6cf099
-        cmocka_unit_test_setup_teardown(test_conn_list,
6cf099
-                                        test_ldap_conn_setup,
6cf099
-                                        test_ldap_conn_teardown),
6cf099
     };
6cf099
 
6cf099
     /* Set debug level to invalid value so we can deside if -d 0 was used. */
6cf099
-- 
6cf099
2.4.3
6cf099