From 875a41bcd24d1deb2bd190eaaaf7a366de128cee Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 18 Aug 2015 15:15:44 +0000 Subject: [PATCH 74/87] UTIL: Convert domain->disabled into tri-state with domain states MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina --- src/confdb/confdb.c | 2 ++ src/confdb/confdb.h | 19 ++++++++++++++++++- src/db/sysdb_subdomains.c | 7 +++++-- src/providers/ad/ad_subdomains.c | 2 +- src/providers/ipa/ipa_subdomains.c | 2 +- src/responder/common/responder_common.c | 5 +++-- src/tests/cmocka/test_sysdb_subdomains.c | 6 +++++- src/tests/cmocka/test_utils.c | 6 +++--- src/util/domain_info_utils.c | 20 +++++++++++++++++--- src/util/util.h | 3 +++ src/util/util_errors.c | 1 + src/util/util_errors.h | 1 + 12 files changed, 60 insertions(+), 14 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 3a8a1c01b92e62302ac4f787ccd085be9d8f05c3..c097aad7745eda4fff051c7da027776f95db0f03 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1342,6 +1342,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, domain->has_views = false; domain->view_name = NULL; + domain->state = DOM_ACTIVE; + *_domain = domain; ret = EOK; done: diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 9aa264899e789f2491b9873daf44bb55aff1c95d..e8c1caa67852a8f3d9d74fc61dbe6f8b4169daf7 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -215,6 +215,23 @@ struct confdb_ctx; struct config_file_ctx; +/** sssd domain state */ +enum sss_domain_state { + /** Domain is usable by both responders and providers. This + * is the default state after creating a new domain + */ + DOM_ACTIVE, + /** Domain was removed, should not be used be neither responders + * not providers. + */ + DOM_DISABLED, + /** Domain cannot be contacted. Providers return an offline error code + * when receiving request for inactive domain, but responders should + * return cached data + */ + DOM_INACTIVE, +}; + /** * Data structure storing all of the basic features * of a domain. @@ -277,7 +294,7 @@ struct sss_domain_info { struct sss_domain_info *prev; struct sss_domain_info *next; - bool disabled; + enum sss_domain_state state; char **sd_inherit; /* Do not use the forest pointer directly in new code, but rather the diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index 142520c1836d74ef7bc5c5269487b8971f261b88..546dc1c8d7e5e30ce9e0b56b097894d24d8c94a7 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -111,6 +111,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, dom->enumerate = enumerate; dom->fqnames = true; dom->mpg = mpg; + dom->state = DOM_ACTIVE; + /* If the parent domain filters out group members, the subdomain should * as well if configured */ inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS, @@ -268,7 +270,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain) /* disable all domains, * let the search result refresh any that are still valid */ for (dom = domain->subdomains; dom; dom = get_next_domain(dom, false)) { - dom->disabled = true; + sss_domain_set_state(dom, DOM_DISABLED); } if (res->count == 0) { @@ -312,7 +314,8 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain) /* explicitly use dom->next as we need to check 'disabled' domains */ for (dom = domain->subdomains; dom; dom = dom->next) { if (strcasecmp(dom->name, name) == 0) { - dom->disabled = false; + sss_domain_set_state(dom, DOM_ACTIVE); + /* in theory these may change, but it should never happen */ if (strcasecmp(dom->realm, realm) != 0) { DEBUG(SSSDBG_TRACE_INTERNAL, diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 9b42f03a0067ab5844432a0f19dd2930dcc200c9..d1d468043410c80e6bf7f0f48a13bd9e962552af 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -376,7 +376,7 @@ static errno_t ad_subdomains_refresh(struct ad_subdomains_ctx *ctx, if (c >= count) { /* ok this subdomain does not exist anymore, let's clean up */ - dom->disabled = true; + sss_domain_set_state(dom, DOM_DISABLED); ret = sysdb_subdomain_delete(dom->sysdb, dom->name); if (ret != EOK) { goto done; diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index b2e2fec353f7b168d28a880cb0f1b6181abb1ccb..089736b47d8f384a8024682dd203d324292df9ce 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -528,7 +528,7 @@ static errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx, if (c >= count) { /* ok this subdomain does not exist anymore, let's clean up */ - dom->disabled = true; + sss_domain_set_state(dom, DOM_DISABLED); ret = sysdb_subdomain_delete(dom->sysdb, dom->name); if (ret != EOK) { goto done; diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 36e7f15948632e9c637886dee259b494e46ceecb..2097004cb0fc24d8b356f9d924243f948227ef58 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -923,7 +923,7 @@ responder_get_domain(struct resp_ctx *rctx, const char *name) struct sss_domain_info *ret_dom = NULL; for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) { - if (dom->disabled) { + if (sss_domain_get_state(dom) == DOM_DISABLED) { continue; } @@ -958,7 +958,8 @@ errno_t responder_get_domain_by_id(struct resp_ctx *rctx, const char *id, id_len = strlen(id); for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) { - if (dom->disabled || dom->domain_id == NULL) { + if (sss_domain_get_state(dom) == DOM_DISABLED || + dom->domain_id == NULL) { continue; } diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c index 82e77815ec848afcdedc90e35e440f7532b5c0b2..8d1a26a5918eaa9dec975c360f69840400e4bd2c 100644 --- a/src/tests/cmocka/test_sysdb_subdomains.c +++ b/src/tests/cmocka/test_sysdb_subdomains.c @@ -151,7 +151,11 @@ static void test_sysdb_subdomain_create(void **state) ret = sysdb_update_subdomains(test_ctx->tctx->dom); assert_int_equal(ret, EOK); - assert_true(test_ctx->tctx->dom->subdomains->disabled); + assert_int_equal(sss_domain_get_state(test_ctx->tctx->dom->subdomains), + DOM_DISABLED); + assert_int_equal( + sss_domain_get_state(test_ctx->tctx->dom->subdomains->next), + DOM_DISABLED); } static void test_sysdb_master_domain_ops(void **state) diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c index c7ebe0997ec00197e8852bedbcf26ef1f6394fc3..0f72434ca77fbfe1bd88a75fd932719dbfc59444 100644 --- a/src/tests/cmocka/test_utils.c +++ b/src/tests/cmocka/test_utils.c @@ -259,7 +259,7 @@ void test_find_domain_by_name_disabled(void **state) dom = dom->next; } assert_non_null(dom); - dom->disabled = true; + sss_domain_set_state(dom, DOM_DISABLED); for (c = 0; c < test_ctx->dom_count; c++) { name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c); @@ -426,7 +426,7 @@ void test_find_domain_by_sid_disabled(void **state) dom = dom->next; } assert_non_null(dom); - dom->disabled = true; + sss_domain_set_state(dom, DOM_DISABLED); for (c = 0; c < test_ctx->dom_count; c++) { name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c); @@ -578,7 +578,7 @@ static void test_get_next_domain_disabled(void **state) struct sss_domain_info *dom = NULL; for (dom = test_ctx->dom_list; dom; dom = get_next_domain(dom, true)) { - dom->disabled = true; + sss_domain_set_state(dom, DOM_DISABLED); } dom = get_next_domain(test_ctx->dom_list, true); diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index 4eabcff7a0e0af342ec3833d24da26ede0cb5148..ffbb9475b27a45c07e2e0936464c6e68ed682052 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -50,7 +50,10 @@ struct sss_domain_info *get_next_domain(struct sss_domain_info *domain, } else { dom = NULL; } - if (dom && !dom->disabled) break; + + if (dom && sss_domain_get_state(dom) != DOM_DISABLED) { + break; + } } return dom; @@ -91,7 +94,7 @@ struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain, return NULL; } - while (dom && dom->disabled) { + while (dom && sss_domain_get_state(dom) == DOM_DISABLED) { dom = get_next_domain(dom, true); } while (dom) { @@ -119,7 +122,7 @@ struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain, sid_len = strlen(sid); - while (dom && dom->disabled) { + while (dom && sss_domain_get_state(dom) == DOM_DISABLED) { dom = get_next_domain(dom, true); } @@ -730,3 +733,14 @@ done: return ret; } + +enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom) +{ + return dom->state; +} + +void sss_domain_set_state(struct sss_domain_info *dom, + enum sss_domain_state state) +{ + dom->state = state; +} diff --git a/src/util/util.h b/src/util/util.h index c998e91f92b0a86e0f4308ff0c07ff802588b5cf..4655e90a89b0ff3c457b80c943aefc4d6cf8e21f 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -565,6 +565,9 @@ struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain, bool match_any); struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain, const char *sid); +enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom); +void sss_domain_set_state(struct sss_domain_info *dom, + enum sss_domain_state state); struct sss_domain_info* sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain, diff --git a/src/util/util_errors.c b/src/util/util_errors.c index 735f6dcfc7af33edcc886fd106cb3655bcc9566a..0e288e3908bf03b4906bb449bd0f3445d22a303e 100644 --- a/src/util/util_errors.c +++ b/src/util/util_errors.c @@ -79,6 +79,7 @@ struct err_string error_to_str[] = { { "Retrieving keytab failed" }, /* ERR_IPA_GETKEYTAB_FAILED */ { "Trusted forest root unknown" }, /* ERR_TRUST_FOREST_UNKNOWN */ { "p11_child failed" }, /* ERR_P11_CHILD */ + { "Subdomain is inactive" }, /* ERR_SUBDOM_INACTIVE */ { "ERR_LAST" } /* ERR_LAST */ }; diff --git a/src/util/util_errors.h b/src/util/util_errors.h index fbfbdef334be1fb8a525b78ab6336d616b31a189..da926db00121f569048ec515e95f0547ae6c4e35 100644 --- a/src/util/util_errors.h +++ b/src/util/util_errors.h @@ -101,6 +101,7 @@ enum sssd_errors { ERR_IPA_GETKEYTAB_FAILED, ERR_TRUST_FOREST_UNKNOWN, ERR_P11_CHILD, + ERR_SUBDOM_INACTIVE, ERR_LAST /* ALWAYS LAST */ }; -- 2.4.3