From b94b578fac8f94d42fd6fb691438d2dbe5248309 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
Date: Wed, 31 May 2017 14:21:02 +0200
Subject: [PATCH 149/152] VALIDATORS: Detect inherit_from in normal domain
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch adds new sssd specific validator. In the future we
can add more checks in it, but currently it only checks if
the option inherit_from is used on normal domain and reports
error if it is.
Resolves:
https://pagure.io/SSSD/sssd/issue/3356
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
src/config/cfg_rules.ini | 3 ++
src/tests/cmocka/test_config_check.c | 22 +++++++++++++++
src/util/sss_ini.c | 53 +++++++++++++++++++++++++++++++++++-
3 files changed, 77 insertions(+), 1 deletion(-)
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 2c8c0cb98ed039c374c827775798f61369c1521e..744446478e5d5489cd86d8e15ce8e178cf5e3a91 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -711,3 +711,6 @@ option = ad_server
option = ad_backup_server
option = ad_site
option = use_fully_qualified_names
+
+[rule/sssd_checks]
+validator = sssd_checks
diff --git a/src/tests/cmocka/test_config_check.c b/src/tests/cmocka/test_config_check.c
index 8fc0b01f3ef3fe03152efd979a3e96c21ba567cc..bab3226c004fb9495471af7c7d3f6861552d8a86 100644
--- a/src/tests/cmocka/test_config_check.c
+++ b/src/tests/cmocka/test_config_check.c
@@ -217,6 +217,27 @@ void config_check_test_good_sections(void **state)
config_check_test_common(cfg_str, 0, expected_errors);
}
+void config_check_test_inherit_from_in_normal_dom(void **state)
+{
+ char cfg_str[] = "[domain/A.test]\n"
+ "inherit_from = domain\n";
+ const char *expected_errors[] = {
+ "[rule/sssd_checks]: Attribute 'inherit_from' is not allowed in "
+ "section 'domain/A.test'. Check for typos.",
+ };
+
+ config_check_test_common(cfg_str, 1, expected_errors);
+}
+
+void config_check_test_inherit_from_in_app_dom(void **state)
+{
+ char cfg_str[] = "[application/A.test]\n"
+ "inherit_from = domain\n";
+ const char *expected_errors[] = { NULL };
+
+ config_check_test_common(cfg_str, 0, expected_errors);
+}
+
int main(int argc, const char *argv[])
{
poptContext pc;
@@ -235,6 +256,7 @@ int main(int argc, const char *argv[])
cmocka_unit_test(config_check_test_bad_pac_option_name),
cmocka_unit_test(config_check_test_bad_ifp_option_name),
cmocka_unit_test(config_check_test_good_sections),
+ cmocka_unit_test(config_check_test_inherit_from_in_normal_dom),
};
/* Set debug level to invalid value so we can decide if -d 0 was used. */
diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c
index e56006c05555d6e0c5e726e83771abce5a72b139..175a4cfaba7ea964aee174e928d5e3c1e81de638 100644
--- a/src/util/sss_ini.c
+++ b/src/util/sss_ini.c
@@ -561,12 +561,63 @@ error:
}
#ifdef HAVE_LIBINI_CONFIG_V1_3
+/* Here we can put custom SSSD specific checks that can not be implemented
+ * using libini validators */
+static int custom_sssd_checks(const char *rule_name,
+ struct ini_cfgobj *rules_obj,
+ struct ini_cfgobj *config_obj,
+ struct ini_errobj *errobj,
+ void **data)
+{
+ char **cfg_sections = NULL;
+ int num_cfg_sections;
+ struct value_obj *vo = NULL;
+ char dom_prefix[] = "domain/";
+ int ret;
+
+ /* Get all sections in configuration */
+ cfg_sections = ini_get_section_list(config_obj, &num_cfg_sections, &ret);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ /* Check if a normal domain section (not application domains) has option
+ * inherit_from and report error if it does */
+ for (int i = 0; i < num_cfg_sections; i++) {
+ if (strncmp(dom_prefix, cfg_sections[i], strlen(dom_prefix)) == 0) {
+ ret = ini_get_config_valueobj(cfg_sections[i],
+ "inherit_from",
+ config_obj,
+ INI_GET_NEXT_VALUE,
+ &vo);
+ if (vo != NULL) {
+ ret = ini_errobj_add_msg(errobj,
+ "Attribute 'inherit_from' is not "
+ "allowed in section '%s'. Check for "
+ "typos.",
+ cfg_sections[i]);
+ if (ret != EOK) {
+ goto done;
+ }
+ }
+ }
+ }
+
+ ret = EOK;
+done:
+ ini_free_section_list(cfg_sections);
+ return EOK;
+}
+
static int sss_ini_call_validators_errobj(struct sss_ini_initdata *data,
const char *rules_path,
struct ini_errobj *errobj)
{
int ret;
struct ini_cfgobj *rules_cfgobj = NULL;
+ struct ini_validator custom_sssd = { "sssd_checks", custom_sssd_checks,
+ NULL };
+ struct ini_validator *sss_validators[] = { &custom_sssd, NULL };
ret = ini_rules_read_from_file(rules_path, &rules_cfgobj);
if (ret != EOK) {
@@ -575,7 +626,7 @@ static int sss_ini_call_validators_errobj(struct sss_ini_initdata *data,
goto done;
}
- ret = ini_rules_check(rules_cfgobj, data->sssd_config, NULL, errobj);
+ ret = ini_rules_check(rules_cfgobj, data->sssd_config, sss_validators, errobj);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"ini_rules_check failed %d [%s]\n", ret, strerror(ret));
--
2.9.4