From c860682bca53bbafe34b6c22ba151faf18ad2ace Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 2 Mar 2017 13:52:54 +0100 Subject: [PATCH 163/163] UTIL: Store UPN suffixes when creating a new subdomain We used to store UPN suffixes pointer into the domain structure only if the domain changed, not when a new domain was created. As an effect, the enterprise principals flag was not enabled unless a domain changed, preventing logins with enterprise principals. Reviewed-by: Sumit Bose (cherry picked from commit 8718ff9ccd29f6431bfa8630bfa3576b2692c9ee) --- src/db/sysdb_private.h | 1 + src/db/sysdb_subdomains.c | 11 ++++++++++- src/tests/cmocka/test_fqnames.c | 2 +- src/tests/cmocka/test_nss_srv.c | 2 +- src/tests/sysdb-tests.c | 8 ++++---- 5 files changed, 17 insertions(+), 7 deletions(-) diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h index b6bf3706e6b9e49d8dd4984f3334b317d17ed9bf..bfd24799950ab3b31d57df11b8f91c0b2572f13a 100644 --- a/src/db/sysdb_private.h +++ b/src/db/sysdb_private.h @@ -190,6 +190,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, bool mpg, bool enumerate, const char *forest, + const char **upn_suffixes, uint32_t trust_direction); /* Helper functions to deal with the timestamp cache should not be used diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index 780140484f6f023bc6e8c12266e3b81ff016ec10..4f326405f955abd462f892e6013a8c24764afd55 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -32,6 +32,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, bool mpg, bool enumerate, const char *forest, + const char **upn_suffixes, uint32_t trust_direction) { struct sss_domain_info *dom; @@ -108,6 +109,14 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, } } + if (upn_suffixes != NULL) { + dom->upn_suffixes = dup_string_list(dom, upn_suffixes); + if (dom->upn_suffixes == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy UPN upn_suffixes.\n"); + goto fail; + } + } + dom->enumerate = enumerate; dom->fqnames = true; dom->mpg = mpg; @@ -442,7 +451,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain) if (dom == NULL) { dom = new_subdomain(domain, domain, name, realm, flat, id, mpg, enumerate, forest, - trust_direction); + upn_suffixes, trust_direction); if (dom == NULL) { ret = ENOMEM; goto done; diff --git a/src/tests/cmocka/test_fqnames.c b/src/tests/cmocka/test_fqnames.c index f4cdd80ef94584fe4eb1f0578bf388da3ead824c..19788248a39774bb4509363145ac4ce0815b7d28 100644 --- a/src/tests/cmocka/test_fqnames.c +++ b/src/tests/cmocka/test_fqnames.c @@ -309,7 +309,7 @@ static int parse_name_test_setup(void **state) * discovered */ test_ctx->subdom = new_subdomain(dom, dom, SUBDOMNAME, NULL, SUBFLATNAME, - NULL, false, false, NULL, 0); + NULL, false, false, NULL, NULL, 0); assert_non_null(test_ctx->subdom); check_leaks_push(test_ctx); diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c index 41425e76f3b76fafa917f33fcfef0946f2f71c7d..5eee82d78f4e4ab4dcdc0dcdfb24c2e7d017acf5 100644 --- a/src/tests/cmocka/test_nss_srv.c +++ b/src/tests/cmocka/test_nss_srv.c @@ -3084,7 +3084,7 @@ static int nss_subdom_test_setup(void **state) subdomain = new_subdomain(nss_test_ctx, nss_test_ctx->tctx->dom, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, 0); + false, false, NULL, NULL, 0); assert_non_null(subdomain); ret = sysdb_subdomain_store(nss_test_ctx->tctx->sysdb, diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index d1450015cb0f0b073045e7b6031423e3f5494d78..6fd1988668124dc2dc922b41d3f7387c6d00c486 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -1395,7 +1395,7 @@ START_TEST (test_sysdb_get_user_attr_subdomain) /* Create subdomain */ subdomain = new_subdomain(test_ctx, test_ctx->domain, "test.sub", "TEST.SUB", "test", "S-3", - false, false, NULL, 0); + false, false, NULL, NULL, 0); fail_if(subdomain == NULL, "Failed to create new subdomain."); ret = sss_names_init_from_args(test_ctx, @@ -5468,7 +5468,7 @@ START_TEST(test_sysdb_subdomain_store_user) subdomain = new_subdomain(test_ctx, test_ctx->domain, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, 0); + false, false, NULL, NULL, 0); fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], @@ -5547,7 +5547,7 @@ START_TEST(test_sysdb_subdomain_user_ops) subdomain = new_subdomain(test_ctx, test_ctx->domain, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, 0); + false, false, NULL, NULL, 0); fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], @@ -5620,7 +5620,7 @@ START_TEST(test_sysdb_subdomain_group_ops) subdomain = new_subdomain(test_ctx, test_ctx->domain, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, 0); + false, false, NULL, NULL, 0); fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], -- 2.9.3