From 875a41bcd24d1deb2bd190eaaaf7a366de128cee Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Tue, 18 Aug 2015 15:15:44 +0000

Subject: [PATCH 74/87] UTIL: Convert domain->disabled into tri-state with

 domain states

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Required for:

https://fedorahosted.org/sssd/ticket/2637

This is a first step towards making it possible for domain to be around,

but not contacted by Data Provider.

Also explicitly create domains as active, previously we only relied on

talloc_zero marking dom->disabled as false.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

---

 src/confdb/confdb.c                      |  2 ++

 src/confdb/confdb.h                      | 19 ++++++++++++++++++-

 src/db/sysdb_subdomains.c                |  7 +++++--

 src/providers/ad/ad_subdomains.c         |  2 +-

 src/providers/ipa/ipa_subdomains.c       |  2 +-

 src/responder/common/responder_common.c  |  5 +++--

 src/tests/cmocka/test_sysdb_subdomains.c |  6 +++++-

 src/tests/cmocka/test_utils.c            |  6 +++---

 src/util/domain_info_utils.c             | 20 +++++++++++++++++---

 src/util/util.h                          |  3 +++

 src/util/util_errors.c                   |  1 +

 src/util/util_errors.h                   |  1 +

 12 files changed, 60 insertions(+), 14 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c

index 3a8a1c01b92e62302ac4f787ccd085be9d8f05c3..c097aad7745eda4fff051c7da027776f95db0f03 100644

--- a/src/confdb/confdb.c

+++ b/src/confdb/confdb.c

@@ -1342,6 +1342,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,

     domain->has_views = false;

     domain->view_name = NULL;

+    domain->state = DOM_ACTIVE;

+

     *_domain = domain;

     ret = EOK;

 done:

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h

index 9aa264899e789f2491b9873daf44bb55aff1c95d..e8c1caa67852a8f3d9d74fc61dbe6f8b4169daf7 100644

--- a/src/confdb/confdb.h

+++ b/src/confdb/confdb.h

@@ -215,6 +215,23 @@

 struct confdb_ctx;

 struct config_file_ctx;

+/** sssd domain state */

+enum sss_domain_state {

+    /** Domain is usable by both responders and providers. This

+     * is the default state after creating a new domain

+     */

+    DOM_ACTIVE,

+    /** Domain was removed, should not be used be neither responders

+     * not providers.

+     */

+    DOM_DISABLED,

+    /** Domain cannot be contacted. Providers return an offline error code

+     * when receiving request for inactive domain, but responders should

+     * return cached data

+     */

+    DOM_INACTIVE,

+};

+

 /**

  * Data structure storing all of the basic features

  * of a domain.

@@ -277,7 +294,7 @@ struct sss_domain_info {

     struct sss_domain_info *prev;

     struct sss_domain_info *next;

-    bool disabled;

+    enum sss_domain_state state;

     char **sd_inherit;

     /* Do not use the forest pointer directly in new code, but rather the

diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c

index 142520c1836d74ef7bc5c5269487b8971f261b88..546dc1c8d7e5e30ce9e0b56b097894d24d8c94a7 100644

--- a/src/db/sysdb_subdomains.c

+++ b/src/db/sysdb_subdomains.c

@@ -111,6 +111,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,

     dom->enumerate = enumerate;

     dom->fqnames = true;

     dom->mpg = mpg;

+    dom->state = DOM_ACTIVE;

+

     /* If the parent domain filters out group members, the subdomain should

      * as well if configured */

     inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS,

@@ -268,7 +270,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)

     /* disable all domains,

      * let the search result refresh any that are still valid */

     for (dom = domain->subdomains; dom; dom = get_next_domain(dom, false)) {

-        dom->disabled = true;

+        sss_domain_set_state(dom, DOM_DISABLED);

     }

     if (res->count == 0) {

@@ -312,7 +314,8 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)

         /* explicitly use dom->next as we need to check 'disabled' domains */

         for (dom = domain->subdomains; dom; dom = dom->next) {

             if (strcasecmp(dom->name, name) == 0) {

-                dom->disabled = false;

+                sss_domain_set_state(dom, DOM_ACTIVE);

+

                 /* in theory these may change, but it should never happen */

                 if (strcasecmp(dom->realm, realm) != 0) {

                     DEBUG(SSSDBG_TRACE_INTERNAL,

diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c

index 9b42f03a0067ab5844432a0f19dd2930dcc200c9..d1d468043410c80e6bf7f0f48a13bd9e962552af 100644

--- a/src/providers/ad/ad_subdomains.c

+++ b/src/providers/ad/ad_subdomains.c

@@ -376,7 +376,7 @@ static errno_t ad_subdomains_refresh(struct ad_subdomains_ctx *ctx,

         if (c >= count) {

             /* ok this subdomain does not exist anymore, let's clean up */

-            dom->disabled = true;

+            sss_domain_set_state(dom, DOM_DISABLED);

             ret = sysdb_subdomain_delete(dom->sysdb, dom->name);

             if (ret != EOK) {

                 goto done;

diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c

index b2e2fec353f7b168d28a880cb0f1b6181abb1ccb..089736b47d8f384a8024682dd203d324292df9ce 100644

--- a/src/providers/ipa/ipa_subdomains.c

+++ b/src/providers/ipa/ipa_subdomains.c

@@ -528,7 +528,7 @@ static errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx,

         if (c >= count) {

             /* ok this subdomain does not exist anymore, let's clean up */

-            dom->disabled = true;

+            sss_domain_set_state(dom, DOM_DISABLED);

             ret = sysdb_subdomain_delete(dom->sysdb, dom->name);

             if (ret != EOK) {

                 goto done;

diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c

index 36e7f15948632e9c637886dee259b494e46ceecb..2097004cb0fc24d8b356f9d924243f948227ef58 100644

--- a/src/responder/common/responder_common.c

+++ b/src/responder/common/responder_common.c

@@ -923,7 +923,7 @@ responder_get_domain(struct resp_ctx *rctx, const char *name)

     struct sss_domain_info *ret_dom = NULL;

     for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) {

-        if (dom->disabled) {

+        if (sss_domain_get_state(dom) == DOM_DISABLED) {

             continue;

         }

@@ -958,7 +958,8 @@ errno_t responder_get_domain_by_id(struct resp_ctx *rctx, const char *id,

     id_len = strlen(id);

     for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) {

-        if (dom->disabled || dom->domain_id == NULL) {

+        if (sss_domain_get_state(dom) == DOM_DISABLED ||

+                dom->domain_id == NULL) {

             continue;

         }

diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c

index 82e77815ec848afcdedc90e35e440f7532b5c0b2..8d1a26a5918eaa9dec975c360f69840400e4bd2c 100644

--- a/src/tests/cmocka/test_sysdb_subdomains.c

+++ b/src/tests/cmocka/test_sysdb_subdomains.c

@@ -151,7 +151,11 @@ static void test_sysdb_subdomain_create(void **state)

     ret = sysdb_update_subdomains(test_ctx->tctx->dom);

     assert_int_equal(ret, EOK);

-    assert_true(test_ctx->tctx->dom->subdomains->disabled);

+    assert_int_equal(sss_domain_get_state(test_ctx->tctx->dom->subdomains),

+                     DOM_DISABLED);

+    assert_int_equal(

+            sss_domain_get_state(test_ctx->tctx->dom->subdomains->next),

+            DOM_DISABLED);

 }

 static void test_sysdb_master_domain_ops(void **state)

diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c

index c7ebe0997ec00197e8852bedbcf26ef1f6394fc3..0f72434ca77fbfe1bd88a75fd932719dbfc59444 100644

--- a/src/tests/cmocka/test_utils.c

+++ b/src/tests/cmocka/test_utils.c

@@ -259,7 +259,7 @@ void test_find_domain_by_name_disabled(void **state)

         dom = dom->next;

     }

     assert_non_null(dom);

-    dom->disabled = true;

+    sss_domain_set_state(dom, DOM_DISABLED);

     for (c = 0; c < test_ctx->dom_count; c++) {

         name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c);

@@ -426,7 +426,7 @@ void test_find_domain_by_sid_disabled(void **state)

         dom = dom->next;

     }

     assert_non_null(dom);

-    dom->disabled = true;

+    sss_domain_set_state(dom, DOM_DISABLED);

     for (c = 0; c < test_ctx->dom_count; c++) {

         name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c);

@@ -578,7 +578,7 @@ static void test_get_next_domain_disabled(void **state)

     struct sss_domain_info *dom = NULL;

     for (dom = test_ctx->dom_list; dom; dom = get_next_domain(dom, true)) {

-        dom->disabled = true;

+        sss_domain_set_state(dom, DOM_DISABLED);

     }

     dom = get_next_domain(test_ctx->dom_list, true);

diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c

index 4eabcff7a0e0af342ec3833d24da26ede0cb5148..ffbb9475b27a45c07e2e0936464c6e68ed682052 100644

--- a/src/util/domain_info_utils.c

+++ b/src/util/domain_info_utils.c

@@ -50,7 +50,10 @@ struct sss_domain_info *get_next_domain(struct sss_domain_info *domain,

         } else {

             dom = NULL;

         }

-        if (dom && !dom->disabled) break;

+

+        if (dom && sss_domain_get_state(dom) != DOM_DISABLED) {

+            break;

+        }

     }

     return dom;

@@ -91,7 +94,7 @@ struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain,

         return NULL;

     }

-    while (dom && dom->disabled) {

+    while (dom && sss_domain_get_state(dom) == DOM_DISABLED) {

         dom = get_next_domain(dom, true);

     }

     while (dom) {

@@ -119,7 +122,7 @@ struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain,

     sid_len = strlen(sid);

-    while (dom && dom->disabled) {

+    while (dom && sss_domain_get_state(dom) == DOM_DISABLED) {

         dom = get_next_domain(dom, true);

     }

@@ -730,3 +733,14 @@ done:

     return ret;

 }

+

+enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom)

+{

+    return dom->state;

+}

+

+void sss_domain_set_state(struct sss_domain_info *dom,

+                          enum sss_domain_state state)

+{

+    dom->state = state;

+}

diff --git a/src/util/util.h b/src/util/util.h

index c998e91f92b0a86e0f4308ff0c07ff802588b5cf..4655e90a89b0ff3c457b80c943aefc4d6cf8e21f 100644

--- a/src/util/util.h

+++ b/src/util/util.h

@@ -565,6 +565,9 @@ struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain,

                                             bool match_any);

 struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain,

                                            const char *sid);

+enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom);

+void sss_domain_set_state(struct sss_domain_info *dom,

+                          enum sss_domain_state state);

 struct sss_domain_info*

 sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain,

diff --git a/src/util/util_errors.c b/src/util/util_errors.c

index 735f6dcfc7af33edcc886fd106cb3655bcc9566a..0e288e3908bf03b4906bb449bd0f3445d22a303e 100644

--- a/src/util/util_errors.c

+++ b/src/util/util_errors.c

@@ -79,6 +79,7 @@ struct err_string error_to_str[] = {

     { "Retrieving keytab failed" }, /* ERR_IPA_GETKEYTAB_FAILED */

     { "Trusted forest root unknown" }, /* ERR_TRUST_FOREST_UNKNOWN */

     { "p11_child failed" }, /* ERR_P11_CHILD */

+    { "Subdomain is inactive" }, /* ERR_SUBDOM_INACTIVE */

     { "ERR_LAST" } /* ERR_LAST */

 };

diff --git a/src/util/util_errors.h b/src/util/util_errors.h

index fbfbdef334be1fb8a525b78ab6336d616b31a189..da926db00121f569048ec515e95f0547ae6c4e35 100644

--- a/src/util/util_errors.h

+++ b/src/util/util_errors.h

@@ -101,6 +101,7 @@ enum sssd_errors {

     ERR_IPA_GETKEYTAB_FAILED,

     ERR_TRUST_FOREST_UNKNOWN,

     ERR_P11_CHILD,

+    ERR_SUBDOM_INACTIVE,

     ERR_LAST            /* ALWAYS LAST */

 };

-- 

2.4.3