dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Files

  1.   6cf099e23f0d52471d4c0199a7e8bbd588dac686
  2.   SOURCES
  3.   0074-UTIL-Convert-domain-disabled-into-tri-state-with-dom.patch
Blob Blame History Raw 
From 875a41bcd24d1deb2bd190eaaaf7a366de128cee Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 18 Aug 2015 15:15:44 +0000
Subject: [PATCH 74/87] UTIL: Convert domain->disabled into tri-state with
 domain states
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Required for:
https://fedorahosted.org/sssd/ticket/2637

This is a first step towards making it possible for domain to be around,
but not contacted by Data Provider.

Also explicitly create domains as active, previously we only relied on
talloc_zero marking dom->disabled as false.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
 src/confdb/confdb.c                      |  2 ++
 src/confdb/confdb.h                      | 19 ++++++++++++++++++-
 src/db/sysdb_subdomains.c                |  7 +++++--
 src/providers/ad/ad_subdomains.c         |  2 +-
 src/providers/ipa/ipa_subdomains.c       |  2 +-
 src/responder/common/responder_common.c  |  5 +++--
 src/tests/cmocka/test_sysdb_subdomains.c |  6 +++++-
 src/tests/cmocka/test_utils.c            |  6 +++---
 src/util/domain_info_utils.c             | 20 +++++++++++++++++---
 src/util/util.h                          |  3 +++
 src/util/util_errors.c                   |  1 +
 src/util/util_errors.h                   |  1 +
 12 files changed, 60 insertions(+), 14 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 3a8a1c01b92e62302ac4f787ccd085be9d8f05c3..c097aad7745eda4fff051c7da027776f95db0f03 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1342,6 +1342,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
     domain->has_views = false;
     domain->view_name = NULL;
 
+    domain->state = DOM_ACTIVE;
+
     *_domain = domain;
     ret = EOK;
 done:
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 9aa264899e789f2491b9873daf44bb55aff1c95d..e8c1caa67852a8f3d9d74fc61dbe6f8b4169daf7 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -215,6 +215,23 @@
 struct confdb_ctx;
 struct config_file_ctx;
 
+/** sssd domain state */
+enum sss_domain_state {
+    /** Domain is usable by both responders and providers. This
+     * is the default state after creating a new domain
+     */
+    DOM_ACTIVE,
+    /** Domain was removed, should not be used be neither responders
+     * not providers.
+     */
+    DOM_DISABLED,
+    /** Domain cannot be contacted. Providers return an offline error code
+     * when receiving request for inactive domain, but responders should
+     * return cached data
+     */
+    DOM_INACTIVE,
+};
+
 /**
  * Data structure storing all of the basic features
  * of a domain.
@@ -277,7 +294,7 @@ struct sss_domain_info {
     struct sss_domain_info *prev;
     struct sss_domain_info *next;
 
-    bool disabled;
+    enum sss_domain_state state;
     char **sd_inherit;
 
     /* Do not use the forest pointer directly in new code, but rather the
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index 142520c1836d74ef7bc5c5269487b8971f261b88..546dc1c8d7e5e30ce9e0b56b097894d24d8c94a7 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -111,6 +111,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
     dom->enumerate = enumerate;
     dom->fqnames = true;
     dom->mpg = mpg;
+    dom->state = DOM_ACTIVE;
+
     /* If the parent domain filters out group members, the subdomain should
      * as well if configured */
     inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS,
@@ -268,7 +270,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
     /* disable all domains,
      * let the search result refresh any that are still valid */
     for (dom = domain->subdomains; dom; dom = get_next_domain(dom, false)) {
-        dom->disabled = true;
+        sss_domain_set_state(dom, DOM_DISABLED);
     }
 
     if (res->count == 0) {
@@ -312,7 +314,8 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
         /* explicitly use dom->next as we need to check 'disabled' domains */
         for (dom = domain->subdomains; dom; dom = dom->next) {
             if (strcasecmp(dom->name, name) == 0) {
-                dom->disabled = false;
+                sss_domain_set_state(dom, DOM_ACTIVE);
+
                 /* in theory these may change, but it should never happen */
                 if (strcasecmp(dom->realm, realm) != 0) {
                     DEBUG(SSSDBG_TRACE_INTERNAL,
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 9b42f03a0067ab5844432a0f19dd2930dcc200c9..d1d468043410c80e6bf7f0f48a13bd9e962552af 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -376,7 +376,7 @@ static errno_t ad_subdomains_refresh(struct ad_subdomains_ctx *ctx,
 
         if (c >= count) {
             /* ok this subdomain does not exist anymore, let's clean up */
-            dom->disabled = true;
+            sss_domain_set_state(dom, DOM_DISABLED);
             ret = sysdb_subdomain_delete(dom->sysdb, dom->name);
             if (ret != EOK) {
                 goto done;
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index b2e2fec353f7b168d28a880cb0f1b6181abb1ccb..089736b47d8f384a8024682dd203d324292df9ce 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -528,7 +528,7 @@ static errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx,
 
         if (c >= count) {
             /* ok this subdomain does not exist anymore, let's clean up */
-            dom->disabled = true;
+            sss_domain_set_state(dom, DOM_DISABLED);
             ret = sysdb_subdomain_delete(dom->sysdb, dom->name);
             if (ret != EOK) {
                 goto done;
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 36e7f15948632e9c637886dee259b494e46ceecb..2097004cb0fc24d8b356f9d924243f948227ef58 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -923,7 +923,7 @@ responder_get_domain(struct resp_ctx *rctx, const char *name)
     struct sss_domain_info *ret_dom = NULL;
 
     for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) {
-        if (dom->disabled) {
+        if (sss_domain_get_state(dom) == DOM_DISABLED) {
             continue;
         }
 
@@ -958,7 +958,8 @@ errno_t responder_get_domain_by_id(struct resp_ctx *rctx, const char *id,
     id_len = strlen(id);
 
     for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) {
-        if (dom->disabled || dom->domain_id == NULL) {
+        if (sss_domain_get_state(dom) == DOM_DISABLED ||
+                dom->domain_id == NULL) {
             continue;
         }
 
diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c
index 82e77815ec848afcdedc90e35e440f7532b5c0b2..8d1a26a5918eaa9dec975c360f69840400e4bd2c 100644
--- a/src/tests/cmocka/test_sysdb_subdomains.c
+++ b/src/tests/cmocka/test_sysdb_subdomains.c
@@ -151,7 +151,11 @@ static void test_sysdb_subdomain_create(void **state)
     ret = sysdb_update_subdomains(test_ctx->tctx->dom);
     assert_int_equal(ret, EOK);
 
-    assert_true(test_ctx->tctx->dom->subdomains->disabled);
+    assert_int_equal(sss_domain_get_state(test_ctx->tctx->dom->subdomains),
+                     DOM_DISABLED);
+    assert_int_equal(
+            sss_domain_get_state(test_ctx->tctx->dom->subdomains->next),
+            DOM_DISABLED);
 }
 
 static void test_sysdb_master_domain_ops(void **state)
diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c
index c7ebe0997ec00197e8852bedbcf26ef1f6394fc3..0f72434ca77fbfe1bd88a75fd932719dbfc59444 100644
--- a/src/tests/cmocka/test_utils.c
+++ b/src/tests/cmocka/test_utils.c
@@ -259,7 +259,7 @@ void test_find_domain_by_name_disabled(void **state)
         dom = dom->next;
     }
     assert_non_null(dom);
-    dom->disabled = true;
+    sss_domain_set_state(dom, DOM_DISABLED);
 
     for (c = 0; c < test_ctx->dom_count; c++) {
         name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c);
@@ -426,7 +426,7 @@ void test_find_domain_by_sid_disabled(void **state)
         dom = dom->next;
     }
     assert_non_null(dom);
-    dom->disabled = true;
+    sss_domain_set_state(dom, DOM_DISABLED);
 
     for (c = 0; c < test_ctx->dom_count; c++) {
         name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c);
@@ -578,7 +578,7 @@ static void test_get_next_domain_disabled(void **state)
     struct sss_domain_info *dom = NULL;
 
     for (dom = test_ctx->dom_list; dom; dom = get_next_domain(dom, true)) {
-        dom->disabled = true;
+        sss_domain_set_state(dom, DOM_DISABLED);
     }
 
     dom = get_next_domain(test_ctx->dom_list, true);
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index 4eabcff7a0e0af342ec3833d24da26ede0cb5148..ffbb9475b27a45c07e2e0936464c6e68ed682052 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -50,7 +50,10 @@ struct sss_domain_info *get_next_domain(struct sss_domain_info *domain,
         } else {
             dom = NULL;
         }
-        if (dom && !dom->disabled) break;
+
+        if (dom && sss_domain_get_state(dom) != DOM_DISABLED) {
+            break;
+        }
     }
 
     return dom;
@@ -91,7 +94,7 @@ struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain,
         return NULL;
     }
 
-    while (dom && dom->disabled) {
+    while (dom && sss_domain_get_state(dom) == DOM_DISABLED) {
         dom = get_next_domain(dom, true);
     }
     while (dom) {
@@ -119,7 +122,7 @@ struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain,
 
     sid_len = strlen(sid);
 
-    while (dom && dom->disabled) {
+    while (dom && sss_domain_get_state(dom) == DOM_DISABLED) {
         dom = get_next_domain(dom, true);
     }
 
@@ -730,3 +733,14 @@ done:
 
     return ret;
 }
+
+enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom)
+{
+    return dom->state;
+}
+
+void sss_domain_set_state(struct sss_domain_info *dom,
+                          enum sss_domain_state state)
+{
+    dom->state = state;
+}
diff --git a/src/util/util.h b/src/util/util.h
index c998e91f92b0a86e0f4308ff0c07ff802588b5cf..4655e90a89b0ff3c457b80c943aefc4d6cf8e21f 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -565,6 +565,9 @@ struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain,
                                             bool match_any);
 struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain,
                                            const char *sid);
+enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom);
+void sss_domain_set_state(struct sss_domain_info *dom,
+                          enum sss_domain_state state);
 
 struct sss_domain_info*
 sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain,
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
index 735f6dcfc7af33edcc886fd106cb3655bcc9566a..0e288e3908bf03b4906bb449bd0f3445d22a303e 100644
--- a/src/util/util_errors.c
+++ b/src/util/util_errors.c
@@ -79,6 +79,7 @@ struct err_string error_to_str[] = {
     { "Retrieving keytab failed" }, /* ERR_IPA_GETKEYTAB_FAILED */
     { "Trusted forest root unknown" }, /* ERR_TRUST_FOREST_UNKNOWN */
     { "p11_child failed" }, /* ERR_P11_CHILD */
+    { "Subdomain is inactive" }, /* ERR_SUBDOM_INACTIVE */
     { "ERR_LAST" } /* ERR_LAST */
 };
 
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
index fbfbdef334be1fb8a525b78ab6336d616b31a189..da926db00121f569048ec515e95f0547ae6c4e35 100644
--- a/src/util/util_errors.h
+++ b/src/util/util_errors.h
@@ -101,6 +101,7 @@ enum sssd_errors {
     ERR_IPA_GETKEYTAB_FAILED,
     ERR_TRUST_FOREST_UNKNOWN,
     ERR_P11_CHILD,
+    ERR_SUBDOM_INACTIVE,
     ERR_LAST            /* ALWAYS LAST */
 };
 
-- 
2.4.3

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation