From 887b53d8833ab91835cb3afbdadcbf9d091dafcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=BDidek?= Date: Thu, 23 Mar 2017 13:14:56 +0100 Subject: [PATCH 41/54] SUBDOMAINS: Allow use_fully_qualified_names for subdomains MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow option use_fully_qualified_names in subdomain section. This option was recently added to subdomain_inherit. Resolves: https://pagure.io/SSSD/sssd/issue/3337 Reviewed-by: Fabiano FidĂȘncio --- src/db/sysdb.h | 3 +- src/db/sysdb_private.h | 3 +- src/db/sysdb_subdomains.c | 63 +++++++++++++++++++++++++-- src/man/sssd.conf.5.xml | 3 +- src/providers/ad/ad_subdomains.c | 3 +- src/providers/ipa/ipa_subdomains.c | 10 +++-- src/responder/common/responder_get_domains.c | 9 ++-- src/tests/cmocka/test_fqnames.c | 2 +- src/tests/cmocka/test_ipa_subdomains_server.c | 2 +- src/tests/cmocka/test_nss_srv.c | 6 ++- src/tests/cmocka/test_sysdb_subdomains.c | 25 ++++++----- src/tests/sysdb-tests.c | 14 +++--- src/tools/common/sss_tools.c | 2 +- src/tools/sss_cache.c | 2 +- 14 files changed, 107 insertions(+), 40 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 0cbb2c5c02355e9e9a4e73b075f92d16e4855045..6762b51bee02911fb97d5d393fad2495504ee5ad 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -494,7 +494,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb, uint32_t trust_direction, struct ldb_message_element *upn_suffixes); -errno_t sysdb_update_subdomains(struct sss_domain_info *domain); +errno_t sysdb_update_subdomains(struct sss_domain_info *domain, + struct confdb_ctx *confdb); errno_t sysdb_master_domain_update(struct sss_domain_info *domain); diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h index bfd24799950ab3b31d57df11b8f91c0b2572f13a..dfddd2dda9e593bd02d52dee7d06f520a11bbdf6 100644 --- a/src/db/sysdb_private.h +++ b/src/db/sysdb_private.h @@ -191,7 +191,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, bool enumerate, const char *forest, const char **upn_suffixes, - uint32_t trust_direction); + uint32_t trust_direction, + struct confdb_ctx *confdb); /* Helper functions to deal with the timestamp cache should not be used * outside the sysdb itself. The timestamp cache should be completely diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index 01f49763b712769f4f74df47961526e5b1514cd4..916dbba153d8c08837425f6fd29a20f5a6aa9fc9 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -23,6 +23,10 @@ #include "util/util.h" #include "db/sysdb_private.h" +static errno_t +check_subdom_config_file(struct confdb_ctx *confdb, + struct sss_domain_info *subdomain); + struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, struct sss_domain_info *parent, const char *name, @@ -33,10 +37,12 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, bool enumerate, const char *forest, const char **upn_suffixes, - uint32_t trust_direction) + uint32_t trust_direction, + struct confdb_ctx *confdb) { struct sss_domain_info *dom; bool inherit_option; + errno_t ret; DEBUG(SSSDBG_TRACE_FUNC, "Creating [%s] as subdomain of [%s]!\n", name, parent->name); @@ -160,6 +166,17 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, } dom->sysdb = parent->sysdb; + if (confdb != NULL) { + /* If confdb was provided, also check for sssd.conf */ + ret = check_subdom_config_file(confdb, dom); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to read subdomain configuration [%d]: %s", + ret, sss_strerror(ret)); + goto fail; + } + } + return dom; fail: @@ -167,6 +184,45 @@ fail: return NULL; } +static errno_t +check_subdom_config_file(struct confdb_ctx *confdb, + struct sss_domain_info *subdomain) +{ + char *sd_conf_path; + TALLOC_CTX *tmp_ctx; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + sd_conf_path = subdomain_create_conf_path(tmp_ctx, subdomain); + if (sd_conf_path == NULL) { + ret = ENOMEM; + goto done; + } + + /* use_fully_qualified_names */ + ret = confdb_get_bool(confdb, sd_conf_path, CONFDB_DOMAIN_FQ, + true, &subdomain->fqnames); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to get %s option for the subdomain: %s\n", + CONFDB_DOMAIN_FQ, subdomain->name); + goto done; + } + + DEBUG(SSSDBG_CONF_SETTINGS, "%s/%s has value %s\n", + sd_conf_path, CONFDB_DOMAIN_FQ, + subdomain->fqnames ? "TRUE" : "FALSE"); + + ret = EOK; +done: + talloc_free(tmp_ctx); + return ret; +} + static bool is_forest_root(struct sss_domain_info *d) { if (d->forest == NULL) { @@ -232,7 +288,8 @@ static void link_forest_roots(struct sss_domain_info *domain) } } -errno_t sysdb_update_subdomains(struct sss_domain_info *domain) +errno_t sysdb_update_subdomains(struct sss_domain_info *domain, + struct confdb_ctx *confdb) { int i; errno_t ret; @@ -451,7 +508,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain) if (dom == NULL) { dom = new_subdomain(domain, domain, name, realm, flat, id, mpg, enumerate, forest, - upn_suffixes, trust_direction); + upn_suffixes, trust_direction, confdb); if (dom == NULL) { ret = ENOMEM; goto done; diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 284402bc00d37c6c33bf195d2bd719300f265851..1c27742cf0c1b6ffad23ab5b044bf4a168ed8f69 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -2780,7 +2780,8 @@ subdomain_inherit = ldap_purge_cache_timeout ldap_service_search_base, ad_server, ad_backup_server, - ad_site. + ad_site, + use_fully_qualified_names For more details about these options see their individual description in the manual page. diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index eecae9c9ca82ad67874c13a3c7b7c617d6232d5c..bc659b2cb0a02723437d24d0021ec3592381e84c 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -656,7 +656,8 @@ static errno_t ad_subdom_reinit(struct ad_subdomains_ctx *subdoms_ctx) /* Just continue */ } - ret = sysdb_update_subdomains(subdoms_ctx->be_ctx->domain); + ret = sysdb_update_subdomains(subdoms_ctx->be_ctx->domain, + subdoms_ctx->be_ctx->cdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed.\n"); return ret; diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 7537550606ef09c0b87a80932c75aa4f93c0efab..a07b88fe2f499353293ba90345552413c9792f4b 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -126,7 +126,7 @@ ipa_subdom_reinit(struct ipa_subdomains_ctx *ctx) return ret; } - ret = sysdb_update_subdomains(ctx->be_ctx->domain); + ret = sysdb_update_subdomains(ctx->be_ctx->domain, ctx->be_ctx->cdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed.\n"); return ret; @@ -780,7 +780,8 @@ done: static errno_t ipa_apply_view(struct sss_domain_info *domain, struct ipa_id_ctx *ipa_id_ctx, const char *view_name, - bool read_at_init) + bool read_at_init, + struct confdb_ctx *confdb) { const char *current = ipa_id_ctx->view_name; struct sysdb_ctx *sysdb = domain->sysdb; @@ -876,7 +877,7 @@ static errno_t ipa_apply_view(struct sss_domain_info *domain, goto done; } - ret = sysdb_update_subdomains(domain); + ret = sysdb_update_subdomains(domain, confdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed " "[%d]: %s\n", ret, sss_strerror(ret)); @@ -1654,7 +1655,8 @@ static void ipa_subdomains_view_name_done(struct tevent_req *subreq) ret = ipa_apply_view(state->sd_ctx->be_ctx->domain, state->sd_ctx->ipa_id_ctx, view_name, - state->sd_ctx->view_read_at_init); + state->sd_ctx->view_read_at_init, + state->sd_ctx->be_ctx->cdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set view [%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c index 0f39d107dad6c458785b1b8d708e60d7c34e3901..0f9c01214631200f9687635f6302fa5c07e8a1fe 100644 --- a/src/responder/common/responder_get_domains.c +++ b/src/responder/common/responder_get_domains.c @@ -126,7 +126,8 @@ get_next_domain_recv(TALLOC_CTX *mem_ctx, } /* ====== Iterate over all domains, searching for their subdomains ======= */ -static errno_t process_subdomains(struct sss_domain_info *dom); +static errno_t process_subdomains(struct sss_domain_info *dom, + struct confdb_ctx *confdb); static void set_time_of_last_request(struct resp_ctx *rctx); static errno_t check_last_request(struct resp_ctx *rctx, const char *hint); @@ -234,7 +235,7 @@ sss_dp_get_domains_process(struct tevent_req *subreq) goto fail; } - ret = process_subdomains(state->dom); + ret = process_subdomains(state->dom, state->rctx->cdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "process_subdomains failed, " "trying next domain.\n"); @@ -270,7 +271,7 @@ fail: } static errno_t -process_subdomains(struct sss_domain_info *domain) +process_subdomains(struct sss_domain_info *domain, struct confdb_ctx *confdb) { int ret; @@ -288,7 +289,7 @@ process_subdomains(struct sss_domain_info *domain) /* Retrieve all subdomains of this domain from sysdb * and create their struct sss_domain_info representations */ - ret = sysdb_update_subdomains(domain); + ret = sysdb_update_subdomains(domain, confdb); if (ret != EOK) { DEBUG(SSSDBG_FUNC_DATA, "sysdb_update_subdomains failed.\n"); goto done; diff --git a/src/tests/cmocka/test_fqnames.c b/src/tests/cmocka/test_fqnames.c index 19788248a39774bb4509363145ac4ce0815b7d28..0ed42a597b7787635c4971b4f1c3d9976949ccd2 100644 --- a/src/tests/cmocka/test_fqnames.c +++ b/src/tests/cmocka/test_fqnames.c @@ -309,7 +309,7 @@ static int parse_name_test_setup(void **state) * discovered */ test_ctx->subdom = new_subdomain(dom, dom, SUBDOMNAME, NULL, SUBFLATNAME, - NULL, false, false, NULL, NULL, 0); + NULL, false, false, NULL, NULL, 0, NULL); assert_non_null(test_ctx->subdom); check_leaks_push(test_ctx); diff --git a/src/tests/cmocka/test_ipa_subdomains_server.c b/src/tests/cmocka/test_ipa_subdomains_server.c index 123cf11c01ef4687eecad31a9d73120a87c643e1..ca48425aca69e58358f5fd37e4b8238bfa9efe15 100644 --- a/src/tests/cmocka/test_ipa_subdomains_server.c +++ b/src/tests/cmocka/test_ipa_subdomains_server.c @@ -263,7 +263,7 @@ static void add_test_subdomains(struct trust_test_ctx *test_ctx, direction, NULL); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(test_ctx->tctx->dom); + ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb); assert_int_equal(ret, EOK); } diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c index 50714715cc80338640f2a77ecbe17bd5e0d6e911..3d7e0382197401cb2264671712152fe0709296b6 100644 --- a/src/tests/cmocka/test_nss_srv.c +++ b/src/tests/cmocka/test_nss_srv.c @@ -3206,7 +3206,8 @@ static int nss_subdom_test_setup(void **state) subdomain = new_subdomain(nss_test_ctx, nss_test_ctx->tctx->dom, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, NULL, 0); + false, false, NULL, NULL, 0, + nss_test_ctx->tctx->confdb); assert_non_null(subdomain); ret = sysdb_subdomain_store(nss_test_ctx->tctx->sysdb, @@ -3214,7 +3215,8 @@ static int nss_subdom_test_setup(void **state) false, false, NULL, 0, NULL); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(nss_test_ctx->tctx->dom); + ret = sysdb_update_subdomains(nss_test_ctx->tctx->dom, + nss_test_ctx->tctx->confdb); assert_int_equal(ret, EOK); nss_test_ctx->subdom = subdomain; diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c index 49f44998a06740d1df70ac354ee741824acd8f50..84bcdc17b39dbc8822097c2006f157a09ea5e466 100644 --- a/src/tests/cmocka/test_sysdb_subdomains.c +++ b/src/tests/cmocka/test_sysdb_subdomains.c @@ -103,7 +103,7 @@ static void test_sysdb_subdomain_create(void **state) false, false, NULL, 0, NULL); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(test_ctx->tctx->dom); + ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb); assert_int_equal(ret, EOK); assert_non_null(test_ctx->tctx->dom->subdomains); @@ -115,7 +115,7 @@ static void test_sysdb_subdomain_create(void **state) false, false, NULL, 1, NULL); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(test_ctx->tctx->dom); + ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb); assert_int_equal(ret, EOK); assert_non_null(test_ctx->tctx->dom->subdomains->next); @@ -133,7 +133,7 @@ static void test_sysdb_subdomain_create(void **state) false, false, NULL, 0, NULL); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(test_ctx->tctx->dom); + ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb); assert_int_equal(ret, EOK); assert_int_equal(test_ctx->tctx->dom->subdomains->trust_direction, 1); @@ -145,7 +145,7 @@ static void test_sysdb_subdomain_create(void **state) ret = sysdb_subdomain_delete(test_ctx->tctx->sysdb, dom1[0]); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(test_ctx->tctx->dom); + ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb); assert_int_equal(ret, EOK); assert_int_equal(sss_domain_get_state(test_ctx->tctx->dom->subdomains), @@ -235,11 +235,11 @@ static void test_sysdb_link_forest_root_ipa(void **state) 0, NULL); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(test_ctx->tctx->dom); + ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb); assert_int_equal(ret, EOK); /* Also update dom2 */ - ret = sysdb_update_subdomains(test_ctx->tctx->dom->next); + ret = sysdb_update_subdomains(test_ctx->tctx->dom->next, test_ctx->tctx->confdb); assert_int_equal(ret, EOK); sub = find_domain_by_name(test_ctx->tctx->dom, dom1[0], true); @@ -315,11 +315,11 @@ static void test_sysdb_link_forest_root_ad(void **state) 0, NULL); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(test_ctx->tctx->dom); + ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb); assert_int_equal(ret, EOK); /* Also update dom2 */ - ret = sysdb_update_subdomains(test_ctx->tctx->dom->next); + ret = sysdb_update_subdomains(test_ctx->tctx->dom->next, test_ctx->tctx->confdb); assert_int_equal(ret, EOK); assert_non_null(test_ctx->tctx->dom->forest_root); @@ -395,14 +395,15 @@ static void test_sysdb_link_forest_member_ad(void **state) ret = sysdb_master_domain_update(test_ctx->tctx->dom); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(test_ctx->tctx->dom); + ret = sysdb_update_subdomains(test_ctx->tctx->dom, test_ctx->tctx->confdb); assert_int_equal(ret, EOK); /* Also update dom2 */ ret = sysdb_master_domain_update(test_ctx->tctx->dom->next); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(test_ctx->tctx->dom->next); + ret = sysdb_update_subdomains(test_ctx->tctx->dom->next, + test_ctx->tctx->confdb); assert_int_equal(ret, EOK); /* Checks */ @@ -472,7 +473,7 @@ static void test_sysdb_link_ad_multidom(void **state) ret = sysdb_master_domain_update(main_dom1); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(main_dom1); + ret = sysdb_update_subdomains(main_dom1, NULL); assert_int_equal(ret, EOK); ret = sysdb_master_domain_add_info(main_dom2, @@ -492,7 +493,7 @@ static void test_sysdb_link_ad_multidom(void **state) ret = sysdb_master_domain_update(main_dom2); assert_int_equal(ret, EOK); - ret = sysdb_update_subdomains(main_dom2); + ret = sysdb_update_subdomains(main_dom2, NULL); assert_int_equal(ret, EOK); main_dom1 = find_domain_by_name(test_ctx->tctx->dom, TEST_DOM1_NAME, true); diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index 5bdd631fbfa1b4463fb169e5f07b65fb2c784096..1767dc3c734c6b2e5f74564debd603e2442f491b 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -1395,7 +1395,7 @@ START_TEST (test_sysdb_get_user_attr_subdomain) /* Create subdomain */ subdomain = new_subdomain(test_ctx, test_ctx->domain, "test.sub", "TEST.SUB", "test", "S-3", - false, false, NULL, NULL, 0); + false, false, NULL, NULL, 0, NULL); fail_if(subdomain == NULL, "Failed to create new subdomain."); ret = sss_names_init_from_args(test_ctx, @@ -5821,14 +5821,14 @@ START_TEST(test_sysdb_subdomain_store_user) subdomain = new_subdomain(test_ctx, test_ctx->domain, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, NULL, 0); + false, false, NULL, NULL, 0, NULL); fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], false, false, NULL, 0, NULL); fail_if(ret != EOK, "Could not set up the test (test subdom)"); - ret = sysdb_update_subdomains(test_ctx->domain); + ret = sysdb_update_subdomains(test_ctx->domain, NULL); fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", ret, strerror(ret)); @@ -5900,14 +5900,14 @@ START_TEST(test_sysdb_subdomain_user_ops) subdomain = new_subdomain(test_ctx, test_ctx->domain, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, NULL, 0); + false, false, NULL, NULL, 0, NULL); fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], false, false, NULL, 0, NULL); fail_if(ret != EOK, "Could not set up the test (test subdom)"); - ret = sysdb_update_subdomains(test_ctx->domain); + ret = sysdb_update_subdomains(test_ctx->domain, NULL); fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", ret, strerror(ret)); @@ -5973,14 +5973,14 @@ START_TEST(test_sysdb_subdomain_group_ops) subdomain = new_subdomain(test_ctx, test_ctx->domain, testdom[0], testdom[1], testdom[2], testdom[3], - false, false, NULL, NULL, 0); + false, false, NULL, NULL, 0, NULL); fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], false, false, NULL, 0, NULL); fail_if(ret != EOK, "Could not set up the test (test subdom)"); - ret = sysdb_update_subdomains(test_ctx->domain); + ret = sysdb_update_subdomains(test_ctx->domain, NULL); fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", ret, strerror(ret)); diff --git a/src/tools/common/sss_tools.c b/src/tools/common/sss_tools.c index 0f4f46894130daf722641f25a4cdfaae220252cc..97a3caab3bec88c5727eea2f08b200f1d3b23f0c 100644 --- a/src/tools/common/sss_tools.c +++ b/src/tools/common/sss_tools.c @@ -154,7 +154,7 @@ static errno_t sss_tool_domains_init(TALLOC_CTX *mem_ctx, } /* Update list of subdomains for this domain */ - ret = sysdb_update_subdomains(dom); + ret = sysdb_update_subdomains(dom, confdb); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Failed to update subdomains for domain %s.\n", diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c index 59e49a8aa92e3a08ec80e0597304f1a4af0a02be..8a40b38c07f7e76cde5b98e5916816581fea7973 100644 --- a/src/tools/sss_cache.c +++ b/src/tools/sss_cache.c @@ -158,7 +158,7 @@ int main(int argc, const char *argv[]) dinfo = get_next_domain(dinfo, SSS_GND_DESCEND)) { if (!IS_SUBDOMAIN(dinfo)) { /* Update list of subdomains for this domain */ - ret = sysdb_update_subdomains(dinfo); + ret = sysdb_update_subdomains(dinfo, tctx->confdb); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Failed to update subdomains for domain %s.\n", dinfo->name); -- 2.9.3