rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0093-utils-extend-some-find_domain_-calls-to-search-disab.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   5fca4124cf194844d9d92365a84b34dfee0a32ca
  2.   SOURCES
  3.   0093-utils-extend-some-find_domain_-calls-to-search-disab.patch
Blob History Raw
5fca41 
From 2ea937af47c529ca827bcdd307a47e2b96690d38 Mon Sep 17 00:00:00 2001
5fca41 
From: Sumit Bose <sbose@redhat.com>
5fca41 
Date: Thu, 12 Sep 2019 14:49:30 +0200
5fca41 
Subject: [PATCH 93/97] utils: extend some find_domain_* calls to search
5fca41 
 disabled domain
5fca41 
MIME-Version: 1.0
5fca41 
Content-Type: text/plain; charset=UTF-8
5fca41 
Content-Transfer-Encoding: 8bit
5fca41
5fca41 
This extension is needed to support disabled domains since it is
5fca41 
now important to know if a domain is really unknown or only disabled.
5fca41 
While an unknown domain might typically lead to an error, a caller might
5fca41 
just ignore requests for disabled domains or objects from disabled
5fca41 
domains.
5fca41
5fca41 
Related to https://pagure.io/SSSD/sssd/issue/4078
5fca41
5fca41 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
5fca41 
---
5fca41 
 src/providers/ipa/ipa_id.c                 |  3 +-
5fca41 
 src/responder/sudo/sudosrv_get_sudorules.c |  3 +-
5fca41 
 src/tests/cmocka/test_utils.c              | 90 ++++++++++++++++++++++
5fca41 
 src/util/domain_info_utils.c               | 31 +++++---
5fca41 
 src/util/util.h                            |  7 +-
5fca41 
 5 files changed, 122 insertions(+), 12 deletions(-)
5fca41
5fca41 
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
5fca41 
index 9abee34cb..f34692aa2 100644
5fca41 
--- a/src/providers/ipa/ipa_id.c
5fca41 
+++ b/src/providers/ipa/ipa_id.c
5fca41 
@@ -138,7 +138,8 @@ static errno_t ipa_resolve_user_list_get_user_step(struct tevent_req *req)
5fca41
5fca41 
     state->user_domain = find_domain_by_object_name_ex(
5fca41 
                                         state->ipa_ctx->sdap_id_ctx->be->domain,
5fca41 
-                                        ar->filter_value, true);
5fca41 
+                                        ar->filter_value, true,
5fca41 
+                                        SSS_GND_DESCEND);
5fca41 
     /* Use provided domain as fallback because no known domain was found in the
5fca41 
      * user name. */
5fca41 
     if (state->user_domain == NULL) {
5fca41 
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
5fca41 
index d928a5ead..c9c11bfde 100644
5fca41 
--- a/src/responder/sudo/sudosrv_get_sudorules.c
5fca41 
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
5fca41 
@@ -147,7 +147,8 @@ static errno_t sudosrv_format_runas(struct resp_ctx *rctx,
5fca41 
             continue;
5fca41 
         }
5fca41
5fca41 
-        dom = find_domain_by_object_name_ex(rctx->domains, value, true);
5fca41 
+        dom = find_domain_by_object_name_ex(rctx->domains, value, true,
5fca41 
+                                            SSS_GND_DESCEND);
5fca41 
         if (dom == NULL) {
5fca41 
             continue;
5fca41 
         }
5fca41 
diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c
5fca41 
index 1a8699a2a..d49eb9fbc 100644
5fca41 
--- a/src/tests/cmocka/test_utils.c
5fca41 
+++ b/src/tests/cmocka/test_utils.c
5fca41 
@@ -400,6 +400,92 @@ void test_find_domain_by_name_disabled(void **state)
5fca41 
     }
5fca41 
 }
5fca41
5fca41 
+void test_find_domain_by_name_ex_disabled(void **state)
5fca41 
+{
5fca41 
+    struct dom_list_test_ctx *test_ctx = talloc_get_type(*state,
5fca41 
+                                                      struct dom_list_test_ctx);
5fca41 
+    struct sss_domain_info *dom;
5fca41 
+    struct sss_domain_info *disabled_dom;
5fca41 
+    size_t c;
5fca41 
+    size_t mis;
5fca41 
+
5fca41 
+    mis = test_ctx->dom_count/2;
5fca41 
+    assert_true((mis >= 1 && mis < test_ctx->dom_count));
5fca41 
+
5fca41 
+    dom = test_ctx->dom_list;
5fca41 
+    for (c = 0; c < mis; c++) {
5fca41 
+        assert_non_null(dom);
5fca41 
+        dom = dom->next;
5fca41 
+    }
5fca41 
+    assert_non_null(dom);
5fca41 
+    sss_domain_set_state(dom, DOM_DISABLED);
5fca41 
+    disabled_dom = dom;
5fca41 
+
5fca41 
+    dom = find_domain_by_name(test_ctx->dom_list, disabled_dom->name, true);
5fca41 
+    assert_null(dom);
5fca41 
+
5fca41 
+    dom = find_domain_by_name_ex(test_ctx->dom_list, disabled_dom->name, true,
5fca41 
+                                 SSS_GND_DESCEND);
5fca41 
+    assert_null(dom);
5fca41 
+
5fca41 
+    dom = find_domain_by_name_ex(test_ctx->dom_list, disabled_dom->name, true,
5fca41 
+                                 SSS_GND_DESCEND | SSS_GND_INCLUDE_DISABLED);
5fca41 
+    assert_non_null(dom);
5fca41 
+    assert_ptr_equal(disabled_dom, dom);
5fca41 
+
5fca41 
+    dom = find_domain_by_name_ex(test_ctx->dom_list, disabled_dom->name, true,
5fca41 
+                                 SSS_GND_ALL_DOMAINS);
5fca41 
+    assert_non_null(dom);
5fca41 
+    assert_ptr_equal(disabled_dom, dom);
5fca41 
+}
5fca41 
+
5fca41 
+void test_find_domain_by_object_name_ex(void **state)
5fca41 
+{
5fca41 
+    struct dom_list_test_ctx *test_ctx = talloc_get_type(*state,
5fca41 
+                                                      struct dom_list_test_ctx);
5fca41 
+    struct sss_domain_info *dom;
5fca41 
+    struct sss_domain_info *disabled_dom;
5fca41 
+    size_t c;
5fca41 
+    size_t mis;
5fca41 
+    char *obj_name;
5fca41 
+
5fca41 
+    mis = test_ctx->dom_count/2;
5fca41 
+    assert_true((mis >= 1 && mis < test_ctx->dom_count));
5fca41 
+
5fca41 
+    dom = test_ctx->dom_list;
5fca41 
+    for (c = 0; c < mis; c++) {
5fca41 
+        assert_non_null(dom);
5fca41 
+        dom = dom->next;
5fca41 
+    }
5fca41 
+    assert_non_null(dom);
5fca41 
+    sss_domain_set_state(dom, DOM_DISABLED);
5fca41 
+    disabled_dom = dom;
5fca41 
+
5fca41 
+    obj_name = talloc_asprintf(global_talloc_context, "myname@%s",
5fca41 
+                               disabled_dom->name);
5fca41 
+    assert_non_null(obj_name);
5fca41 
+
5fca41 
+
5fca41 
+    dom = find_domain_by_object_name(test_ctx->dom_list, obj_name);
5fca41 
+    assert_null(dom);
5fca41 
+
5fca41 
+    dom = find_domain_by_object_name_ex(test_ctx->dom_list, obj_name, true,
5fca41 
+                                        SSS_GND_DESCEND);
5fca41 
+    assert_null(dom);
5fca41 
+
5fca41 
+    dom = find_domain_by_object_name_ex(test_ctx->dom_list, obj_name, true,
5fca41 
+                                    SSS_GND_DESCEND | SSS_GND_INCLUDE_DISABLED);
5fca41 
+    assert_non_null(dom);
5fca41 
+    assert_ptr_equal(disabled_dom, dom);
5fca41 
+
5fca41 
+    dom = find_domain_by_object_name_ex(test_ctx->dom_list, obj_name, true,
5fca41 
+                                        SSS_GND_ALL_DOMAINS);
5fca41 
+    assert_non_null(dom);
5fca41 
+    assert_ptr_equal(disabled_dom, dom);
5fca41 
+
5fca41 
+    talloc_free(obj_name);
5fca41 
+}
5fca41 
+
5fca41 
 void test_find_domain_by_sid_null(void **state)
5fca41 
 {
5fca41 
     struct dom_list_test_ctx *test_ctx = talloc_get_type(*state,
5fca41 
@@ -1877,6 +1963,10 @@ int main(int argc, const char *argv[])
5fca41 
                                         setup_dom_list, teardown_dom_list),
5fca41 
         cmocka_unit_test_setup_teardown(test_find_domain_by_name_disabled,
5fca41 
                                         setup_dom_list, teardown_dom_list),
5fca41 
+        cmocka_unit_test_setup_teardown(test_find_domain_by_name_ex_disabled,
5fca41 
+                                        setup_dom_list, teardown_dom_list),
5fca41 
+        cmocka_unit_test_setup_teardown(test_find_domain_by_object_name_ex,
5fca41 
+                                        setup_dom_list, teardown_dom_list),
5fca41
5fca41 
         cmocka_unit_test_setup_teardown(test_sss_names_init,
5fca41 
                                         confdb_test_setup,
5fca41 
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
5fca41 
index 4b1c9df39..c56a0611e 100644
5fca41 
--- a/src/util/domain_info_utils.c
5fca41 
+++ b/src/util/domain_info_utils.c
5fca41 
@@ -93,9 +93,10 @@ bool subdomain_enumerates(struct sss_domain_info *parent,
5fca41 
     return false;
5fca41 
 }
5fca41
5fca41 
-struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain,
5fca41 
-                                            const char *name,
5fca41 
-                                            bool match_any)
5fca41 
+struct sss_domain_info *find_domain_by_name_ex(struct sss_domain_info *domain,
5fca41 
+                                                const char *name,
5fca41 
+                                                bool match_any,
5fca41 
+                                                uint32_t gnd_flags)
5fca41 
 {
5fca41 
     struct sss_domain_info *dom = domain;
5fca41
5fca41 
@@ -103,21 +104,31 @@ struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain,
5fca41 
         return NULL;
5fca41 
     }
5fca41
5fca41 
-    while (dom && sss_domain_get_state(dom) == DOM_DISABLED) {
5fca41 
-        dom = get_next_domain(dom, SSS_GND_DESCEND);
5fca41 
+    if (!(gnd_flags & SSS_GND_INCLUDE_DISABLED)) {
5fca41 
+        while (dom && sss_domain_get_state(dom) == DOM_DISABLED) {
5fca41 
+            dom = get_next_domain(dom, gnd_flags);
5fca41 
+        }
5fca41 
     }
5fca41 
+
5fca41 
     while (dom) {
5fca41 
         if (strcasecmp(dom->name, name) == 0 ||
5fca41 
             ((match_any == true) && (dom->flat_name != NULL) &&
5fca41 
              (strcasecmp(dom->flat_name, name) == 0))) {
5fca41 
             return dom;
5fca41 
         }
5fca41 
-        dom = get_next_domain(dom, SSS_GND_DESCEND);
5fca41 
+        dom = get_next_domain(dom, gnd_flags);
5fca41 
     }
5fca41
5fca41 
     return NULL;
5fca41 
 }
5fca41
5fca41 
+struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain,
5fca41 
+                                            const char *name,
5fca41 
+                                            bool match_any)
5fca41 
+{
5fca41 
+    return find_domain_by_name_ex(domain, name, match_any, SSS_GND_DESCEND);
5fca41 
+}
5fca41 
+
5fca41 
 struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain,
5fca41 
                                               const char *sid)
5fca41 
 {
5fca41 
@@ -175,7 +186,8 @@ sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain,
5fca41
5fca41 
 struct sss_domain_info *
5fca41 
 find_domain_by_object_name_ex(struct sss_domain_info *domain,
5fca41 
-                              const char *object_name, bool strict)
5fca41 
+                              const char *object_name, bool strict,
5fca41 
+                              uint32_t gnd_flags)
5fca41 
 {
5fca41 
     TALLOC_CTX *tmp_ctx;
5fca41 
     struct sss_domain_info *dom = NULL;
5fca41 
@@ -203,7 +215,7 @@ find_domain_by_object_name_ex(struct sss_domain_info *domain,
5fca41 
             dom = domain;
5fca41 
         }
5fca41 
     } else {
5fca41 
-        dom = find_domain_by_name(domain, domainname, true);
5fca41 
+        dom = find_domain_by_name_ex(domain, domainname, true, gnd_flags);
5fca41 
     }
5fca41
5fca41 
 done:
5fca41 
@@ -215,7 +227,8 @@ struct sss_domain_info *
5fca41 
 find_domain_by_object_name(struct sss_domain_info *domain,
5fca41 
                            const char *object_name)
5fca41 
 {
5fca41 
-    return find_domain_by_object_name_ex(domain, object_name, false);
5fca41 
+    return find_domain_by_object_name_ex(domain, object_name, false,
5fca41 
+                                         SSS_GND_DESCEND);
5fca41 
 }
5fca41
5fca41 
 errno_t sssd_domain_init(TALLOC_CTX *mem_ctx,
5fca41 
diff --git a/src/util/util.h b/src/util/util.h
5fca41 
index fce7e42c3..8a754dbfd 100644
5fca41 
--- a/src/util/util.h
5fca41 
+++ b/src/util/util.h
5fca41 
@@ -542,6 +542,10 @@ struct sss_domain_info *get_next_domain(struct sss_domain_info *domain,
5fca41 
 struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain,
5fca41 
                                             const char *name,
5fca41 
                                             bool match_any);
5fca41 
+struct sss_domain_info *find_domain_by_name_ex(struct sss_domain_info *domain,
5fca41 
+                                               const char *name,
5fca41 
+                                               bool match_any,
5fca41 
+                                               uint32_t gnd_flags);
5fca41 
 struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain,
5fca41 
                                            const char *sid);
5fca41 
 enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom);
5fca41 
@@ -560,7 +564,8 @@ find_domain_by_object_name(struct sss_domain_info *domain,
5fca41
5fca41 
 struct sss_domain_info *
5fca41 
 find_domain_by_object_name_ex(struct sss_domain_info *domain,
5fca41 
-                              const char *object_name, bool strict);
5fca41 
+                              const char *object_name, bool strict,
5fca41 
+                              uint32_t gnd_flags);
5fca41
5fca41 
 bool subdomain_enumerates(struct sss_domain_info *parent,
5fca41 
                           const char *sd_name);
5fca41 
--
5fca41 
2.20.1
5fca41

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation