From f3be4b46d39c1a0106b60d561bbdeee4c80961aa Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 1 Jul 2016 12:54:39 +0200
Subject: [PATCH 24/27] sysdb: make subdomain calls aware of upn_suffixes

sysdb_subdomain_store() and sysdb_update_subdomains() can now update
upn_suffixes as well.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 20348a30feb4be619b3b691c24c9be8131507c46)
---
 src/confdb/confdb.h                           |  2 +-
 src/db/sysdb.h                                |  3 +-
 src/db/sysdb_subdomains.c                     | 56 +++++++++++++++++++++++++--
 src/providers/ad/ad_subdomains.c              |  2 +-
 src/providers/ipa/ipa_subdomains.c            |  9 ++++-
 src/tests/cmocka/test_ipa_subdomains_server.c |  4 +-
 src/tests/cmocka/test_nss_srv.c               |  2 +-
 src/tests/cmocka/test_sysdb_subdomains.c      | 28 +++++++-------
 src/tests/sysdb-tests.c                       |  6 +--
 9 files changed, 85 insertions(+), 27 deletions(-)

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 0265ccac5ee2e7b8baa05bf6b09df39ea5b4059a..72adbd80ea534eb0becd3e517c00b0c26d00444c 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -315,7 +315,7 @@ struct sss_domain_info {
      */
     char *forest;
     struct sss_domain_info *forest_root;
-    char **upn_suffixes;
+    const char **upn_suffixes;
 };
 
 /**
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index a8dcaa4a9ac5715150487f7efc9c35b778fa0163..407ce3c18a7077e8fe45c3c9c7576ae626105122 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -466,7 +466,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
                               const char *name, const char *realm,
                               const char *flat_name, const char *domain_id,
                               bool mpg, bool enumerate, const char *forest,
-                              uint32_t trust_direction);
+                              uint32_t trust_direction,
+                              struct ldb_message_element *upn_suffixes);
 
 errno_t sysdb_update_subdomains(struct sss_domain_info *domain);
 
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index c0a190f36d886325a5be1e5d1145b6aef6860ffc..02206e470e8e035cc05848137df6a1eb04806869 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -237,6 +237,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
                            SYSDB_SUBDOMAIN_ENUM,
                            SYSDB_SUBDOMAIN_FOREST,
                            SYSDB_SUBDOMAIN_TRUST_DIRECTION,
+                           SYSDB_UPN_SUFFIXES,
                            NULL};
     struct sss_domain_info *dom;
     struct ldb_dn *basedn;
@@ -248,6 +249,8 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
     bool mpg;
     bool enumerate;
     uint32_t trust_direction;
+    struct ldb_message_element *tmp_el;
+    const char **upn_suffixes;
 
     tmp_ctx = talloc_new(NULL);
     if (tmp_ctx == NULL) {
@@ -308,6 +311,17 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
         forest = ldb_msg_find_attr_as_string(res->msgs[i],
                                              SYSDB_SUBDOMAIN_FOREST, NULL);
 
+        upn_suffixes = NULL;
+        tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES);
+        if (tmp_el != NULL) {
+            upn_suffixes = sss_ldb_el_to_string_list(tmp_ctx, tmp_el);
+            if (upn_suffixes == NULL) {
+                DEBUG(SSSDBG_OP_FAILURE, "sss_ldb_el_to_string_list failed.\n");
+                ret = ENOMEM;
+                goto done;
+            }
+        }
+
         trust_direction = ldb_msg_find_attr_as_int(res->msgs[i],
                                              SYSDB_SUBDOMAIN_TRUST_DIRECTION,
                                              0);
@@ -382,6 +396,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
                     }
                 }
 
+                talloc_zfree(dom->upn_suffixes);
+                dom->upn_suffixes = talloc_steal(dom, upn_suffixes);
+
                 if (!dom->has_views && dom->view_name == NULL) {
                     /* maybe views are not initialized, copy from parent */
                     dom->has_views = dom->parent->has_views;
@@ -448,7 +465,7 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
     errno_t ret;
     TALLOC_CTX *tmp_ctx;
     const char *tmp_str;
-    struct ldb_message_element **tmp_el;
+    struct ldb_message_element *tmp_el;
     struct ldb_dn *basedn;
     struct ldb_result *res;
     const char *attrs[] = {"cn",
@@ -806,7 +823,8 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
                               const char *name, const char *realm,
                               const char *flat_name, const char *domain_id,
                               bool mpg, bool enumerate, const char *forest,
-                              uint32_t trust_direction)
+                              uint32_t trust_direction,
+                              struct ldb_message_element *upn_suffixes)
 {
     TALLOC_CTX *tmp_ctx;
     struct ldb_message *msg;
@@ -820,8 +838,10 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
                            SYSDB_SUBDOMAIN_ENUM,
                            SYSDB_SUBDOMAIN_FOREST,
                            SYSDB_SUBDOMAIN_TRUST_DIRECTION,
+                           SYSDB_UPN_SUFFIXES,
                            NULL};
     const char *tmp_str;
+    struct ldb_message_element *tmp_el;
     bool tmp_bool;
     bool store = false;
     int realm_flags = 0;
@@ -831,6 +851,7 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
     int enum_flags = 0;
     int forest_flags = 0;
     int td_flags = 0;
+    int upn_flags = 0;
     uint32_t tmp_td;
     int ret;
 
@@ -864,6 +885,7 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
         enum_flags = LDB_FLAG_MOD_ADD;
         if (forest) forest_flags = LDB_FLAG_MOD_ADD;
         if (trust_direction) td_flags = LDB_FLAG_MOD_ADD;
+        if (upn_suffixes) upn_flags = LDB_FLAG_MOD_ADD;
     } else if (res->count != 1) {
         ret = EINVAL;
         goto done;
@@ -915,11 +937,21 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
         if (tmp_td != trust_direction) {
             td_flags = LDB_FLAG_MOD_REPLACE;
         }
+
+        if (upn_suffixes) {
+            tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES);
+            /* Luckily ldb_msg_element_compare() only compares the values and
+             * not the name. */
+            if (tmp_el == NULL
+                    || ldb_msg_element_compare(upn_suffixes, tmp_el) != 0) {
+                upn_flags = LDB_FLAG_MOD_REPLACE;
+            }
+        }
     }
 
     if (!store && realm_flags == 0 && flat_flags == 0 && id_flags == 0
             && mpg_flags == 0 && enum_flags == 0 && forest_flags == 0
-            && td_flags == 0) {
+            && td_flags == 0 && upn_flags == 0) {
         ret = EOK;
         goto done;
     }
@@ -1048,6 +1080,24 @@ errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
         }
     }
 
+    if (upn_flags) {
+        tmp_el = talloc_zero(tmp_ctx, struct ldb_message_element);
+        if (tmp_el == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
+            ret = ENOMEM;
+            goto done;
+        }
+
+        tmp_el->name = SYSDB_UPN_SUFFIXES;
+        tmp_el->num_values = upn_suffixes->num_values;
+        tmp_el->values = upn_suffixes->values;
+        ret = ldb_msg_add(msg, tmp_el, upn_flags);
+        if (ret != LDB_SUCCESS) {
+            ret = sysdb_error_to_errno(ret);
+            goto done;
+        }
+    }
+
     ret = ldb_modify(sysdb->ldb, msg);
     if (ret != LDB_SUCCESS) {
         DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add subdomain attributes to "
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 0a8d1f53cb005507abe4ac55d0fa1ccc9e32b173..928c4fe93cc6afa5c3f69c14503896db820a4c0a 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -252,7 +252,7 @@ ad_subdom_store(struct sdap_idmap_ctx *idmap_ctx,
     mpg = sdap_idmap_domain_has_algorithmic_mapping(idmap_ctx, name, sid_str);
 
     ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str,
-                                mpg, enumerate, domain->forest, 0);
+                                mpg, enumerate, domain->forest, 0, NULL);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, "sysdb_subdomain_store failed.\n");
         goto done;
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 62b8f65e5d29a4850f90ea7c19abd297becc96f5..925b1d8b133eb56724ee4f9133a2487090982a8b 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -375,6 +375,7 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent,
     bool mpg;
     bool enumerate;
     uint32_t direction;
+    struct ldb_message_element *alternative_domain_suffixes = NULL;
 
     tmp_ctx = talloc_new(parent);
     if (tmp_ctx == NULL) {
@@ -405,6 +406,12 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent,
         goto done;
     }
 
+    ret = sysdb_attrs_get_el_ext(attrs, IPA_ADDITIONAL_SUFFIXES, false,
+                                 &alternative_domain_suffixes);
+    if (ret != EOK && ret != ENOENT) {
+        goto done;
+    }
+
     mpg = sdap_idmap_domain_has_algorithmic_mapping(sdap_idmap_ctx, name, id);
 
     ret = ipa_subdom_get_forest(tmp_ctx, sysdb_ctx_get_ldb(parent->sysdb),
@@ -431,7 +438,7 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent,
           "Trust direction of %s is %s\n", name, ipa_trust_dir2str(direction));
     ret = sysdb_subdomain_store(parent->sysdb, name, realm, flat,
                                 id, mpg, enumerate, forest,
-                                direction);
+                                direction, alternative_domain_suffixes);
     if (ret) {
         DEBUG(SSSDBG_OP_FAILURE, "sysdb_subdomain_store failed.\n");
         goto done;
diff --git a/src/tests/cmocka/test_ipa_subdomains_server.c b/src/tests/cmocka/test_ipa_subdomains_server.c
index 0fddc951894dee45658497851473b9bddbba0ef7..123cf11c01ef4687eecad31a9d73120a87c643e1 100644
--- a/src/tests/cmocka/test_ipa_subdomains_server.c
+++ b/src/tests/cmocka/test_ipa_subdomains_server.c
@@ -253,14 +253,14 @@ static void add_test_subdomains(struct trust_test_ctx *test_ctx,
                                 SUBDOM_NAME, SUBDOM_REALM,
                                 NULL, SUBDOM_SID,
                                 true, false, SUBDOM_REALM,
-                                direction);
+                                direction, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
                                 CHILD_NAME, CHILD_REALM,
                                 CHILD_FLAT, CHILD_SID,
                                 true, false, SUBDOM_REALM,
-                                direction);
+                                direction, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_update_subdomains(test_ctx->tctx->dom);
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 4137e9151be561a57a8f2e674f385ecb37119255..82a304feed864b09168d0f3e06a4e1bb120df7e4 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -3089,7 +3089,7 @@ static int nss_subdom_test_setup(void **state)
 
     ret = sysdb_subdomain_store(nss_test_ctx->tctx->sysdb,
                                 testdom[0], testdom[1], testdom[2], testdom[3],
-                                false, false, NULL, 0);
+                                false, false, NULL, 0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_update_subdomains(nss_test_ctx->tctx->dom);
diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c
index 6d1ec884284487a12bcbfad77c00cd6c30f67707..c9db56841e841472c81d00a79f475dbbd975ccb0 100644
--- a/src/tests/cmocka/test_sysdb_subdomains.c
+++ b/src/tests/cmocka/test_sysdb_subdomains.c
@@ -103,7 +103,7 @@ static void test_sysdb_subdomain_create(void **state)
 
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
                                 dom1[0], dom1[1], dom1[2], dom1[3],
-                                false, false, NULL, 0);
+                                false, false, NULL, 0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_update_subdomains(test_ctx->tctx->dom);
@@ -115,7 +115,7 @@ static void test_sysdb_subdomain_create(void **state)
 
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
                                 dom2[0], dom2[1], dom2[2], dom2[3],
-                                false, false, NULL, 1);
+                                false, false, NULL, 1, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_update_subdomains(test_ctx->tctx->dom);
@@ -128,12 +128,12 @@ static void test_sysdb_subdomain_create(void **state)
     /* Reverse the trust directions */
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
                                 dom1[0], dom1[1], dom1[2], dom1[3],
-                                false, false, NULL, 1);
+                                false, false, NULL, 1, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
                                 dom2[0], dom2[1], dom2[2], dom2[3],
-                                false, false, NULL, 0);
+                                false, false, NULL, 0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_update_subdomains(test_ctx->tctx->dom);
@@ -215,27 +215,27 @@ static void test_sysdb_link_forest_root_ipa(void **state)
 
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
                                 dom1[0], dom1[1], dom1[2], dom1[3],
-                                false, false, dom1[4], 0);
+                                false, false, dom1[4], 0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
                                 child_dom1[0], child_dom1[1],
                                 child_dom1[2], child_dom1[3],
                                 false, false, child_dom1[4],
-                                0);
+                                0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
                                 dom2[0], dom2[1], dom2[2], dom2[3],
                                 false, false, dom2[4],
-                                0);
+                                0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
                                 child_dom2[0], child_dom2[1],
                                 child_dom2[2], child_dom2[3],
                                 false, false, child_dom2[4],
-                                0);
+                                0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_update_subdomains(test_ctx->tctx->dom);
@@ -308,14 +308,14 @@ static void test_sysdb_link_forest_root_ad(void **state)
                                 child_dom[0], child_dom[1],
                                 child_dom[2], child_dom[3],
                                 false, false, child_dom[4],
-                                0);
+                                0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
                                 sub_dom[0], sub_dom[1],
                                 sub_dom[2], sub_dom[3],
                                 false, false, sub_dom[4],
-                                0);
+                                0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_update_subdomains(test_ctx->tctx->dom);
@@ -385,14 +385,14 @@ static void test_sysdb_link_forest_member_ad(void **state)
                                 sub_dom[0], sub_dom[1],
                                 sub_dom[2], sub_dom[3],
                                 false, false, sub_dom[4],
-                                0);
+                                0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_subdomain_store(test_ctx->tctx->sysdb,
                                 forest_root[0], forest_root[1],
                                 forest_root[2], forest_root[3],
                                 false, false, forest_root[4],
-                                0);
+                                0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_master_domain_update(test_ctx->tctx->dom);
@@ -469,7 +469,7 @@ static void test_sysdb_link_ad_multidom(void **state)
                                 child_dom[0], child_dom[1],
                                 child_dom[2], child_dom[3],
                                 false, false, child_dom[4],
-                                0);
+                                0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_master_domain_update(main_dom1);
@@ -489,7 +489,7 @@ static void test_sysdb_link_ad_multidom(void **state)
     ret = sysdb_subdomain_store(main_dom2->sysdb,
                                 dom2_forest_root[0], dom2_forest_root[1],
                                 dom2_forest_root[2], dom2_forest_root[3],
-                                false, false, dom2_forest_root[4], 0);
+                                false, false, dom2_forest_root[4], 0, NULL);
     assert_int_equal(ret, EOK);
 
     ret = sysdb_master_domain_update(main_dom2);
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index bac8a8788b4fde0d6039121efead6fc20fa046f9..d1450015cb0f0b073045e7b6031423e3f5494d78 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -5472,7 +5472,7 @@ START_TEST(test_sysdb_subdomain_store_user)
     fail_unless(subdomain != NULL, "Failed to create new subdomin.");
     ret = sysdb_subdomain_store(test_ctx->sysdb,
                                 testdom[0], testdom[1], testdom[2], testdom[3],
-                                false, false, NULL, 0);
+                                false, false, NULL, 0, NULL);
     fail_if(ret != EOK, "Could not set up the test (test subdom)");
 
     ret = sysdb_update_subdomains(test_ctx->domain);
@@ -5551,7 +5551,7 @@ START_TEST(test_sysdb_subdomain_user_ops)
     fail_unless(subdomain != NULL, "Failed to create new subdomin.");
     ret = sysdb_subdomain_store(test_ctx->sysdb,
                                 testdom[0], testdom[1], testdom[2], testdom[3],
-                                false, false, NULL, 0);
+                                false, false, NULL, 0, NULL);
     fail_if(ret != EOK, "Could not set up the test (test subdom)");
 
     ret = sysdb_update_subdomains(test_ctx->domain);
@@ -5624,7 +5624,7 @@ START_TEST(test_sysdb_subdomain_group_ops)
     fail_unless(subdomain != NULL, "Failed to create new subdomin.");
     ret = sysdb_subdomain_store(test_ctx->sysdb,
                                 testdom[0], testdom[1], testdom[2], testdom[3],
-                                false, false, NULL, 0);
+                                false, false, NULL, 0, NULL);
     fail_if(ret != EOK, "Could not set up the test (test subdom)");
 
     ret = sysdb_update_subdomains(test_ctx->domain);
-- 
2.4.11