2dd8451396
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
381 lines
17 KiB
Diff
381 lines
17 KiB
Diff
From f60c77df9b7162f46d8639f940d5df31f64f5815 Mon Sep 17 00:00:00 2001
|
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
Date: Mon, 9 Apr 2018 12:36:45 +0200
|
|
Subject: [PATCH] LDAP: Augment the sdap_opts structure with a data provider
|
|
pointer
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
In order to be able to use the Data Provider methods from the SDAP code
|
|
to e.g. invalidate memcache when needed, add a new field to the
|
|
sdap_options structure with the data_provider structure pointer.
|
|
|
|
Fill the pointer value for all LDAP-based providers.
|
|
|
|
Related:
|
|
https://pagure.io/SSSD/sssd/issue/2653
|
|
|
|
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
(cherry picked from commit d2633d922eeed68f92be4248b9172b928c189920)
|
|
---
|
|
src/providers/ad/ad_common.c | 18 +++++++++++++-----
|
|
src/providers/ad/ad_common.h | 4 ++++
|
|
src/providers/ad/ad_init.c | 5 ++++-
|
|
src/providers/ad/ad_subdomains.c | 8 ++++++--
|
|
src/providers/ipa/ipa_common.c | 2 ++
|
|
src/providers/ipa/ipa_common.h | 1 +
|
|
src/providers/ipa/ipa_init.c | 5 ++++-
|
|
src/providers/ipa/ipa_subdomains_server.c | 2 ++
|
|
src/providers/ldap/ldap_common.h | 1 +
|
|
src/providers/ldap/ldap_init.c | 3 ++-
|
|
src/providers/ldap/ldap_options.c | 2 ++
|
|
src/providers/ldap/sdap.h | 1 +
|
|
src/tests/cmocka/common_mock_sdap.c | 2 +-
|
|
src/tests/cmocka/test_ad_common.c | 3 +++
|
|
14 files changed, 46 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
|
|
index 2a1647173..d92c68e6f 100644
|
|
--- a/src/providers/ad/ad_common.c
|
|
+++ b/src/providers/ad/ad_common.c
|
|
@@ -35,7 +35,8 @@ static errno_t ad_set_sdap_options(struct ad_options *ad_opts,
|
|
struct sdap_options *id_opts);
|
|
|
|
static struct sdap_options *
|
|
-ad_create_default_sdap_options(TALLOC_CTX *mem_ctx)
|
|
+ad_create_default_sdap_options(TALLOC_CTX *mem_ctx,
|
|
+ struct data_provider *dp)
|
|
{
|
|
struct sdap_options *id_opts;
|
|
errno_t ret;
|
|
@@ -44,6 +45,7 @@ ad_create_default_sdap_options(TALLOC_CTX *mem_ctx)
|
|
if (!id_opts) {
|
|
return NULL;
|
|
}
|
|
+ id_opts->dp = dp;
|
|
|
|
ret = dp_copy_defaults(id_opts,
|
|
ad_def_ldap_opts,
|
|
@@ -112,6 +114,7 @@ static errno_t
|
|
ad_create_sdap_options(TALLOC_CTX *mem_ctx,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
struct sdap_options **_id_opts)
|
|
{
|
|
struct sdap_options *id_opts;
|
|
@@ -119,7 +122,7 @@ ad_create_sdap_options(TALLOC_CTX *mem_ctx,
|
|
|
|
if (cdb == NULL || conf_path == NULL) {
|
|
/* Fallback to defaults if there is no confdb */
|
|
- id_opts = ad_create_default_sdap_options(mem_ctx);
|
|
+ id_opts = ad_create_default_sdap_options(mem_ctx, dp);
|
|
if (id_opts == NULL) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
"Failed to initialize default sdap options\n");
|
|
@@ -220,6 +223,7 @@ struct ad_options *
|
|
ad_create_options(TALLOC_CTX *mem_ctx,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
struct sss_domain_info *subdom)
|
|
{
|
|
struct ad_options *ad_options;
|
|
@@ -252,6 +256,7 @@ ad_create_options(TALLOC_CTX *mem_ctx,
|
|
ret = ad_create_sdap_options(ad_options,
|
|
cdb,
|
|
conf_path,
|
|
+ dp,
|
|
&ad_options->id);
|
|
if (ret != EOK) {
|
|
DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD LDAP options\n");
|
|
@@ -304,6 +309,7 @@ struct ad_options *
|
|
ad_create_2way_trust_options(TALLOC_CTX *mem_ctx,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
const char *realm,
|
|
struct sss_domain_info *subdom,
|
|
const char *hostname,
|
|
@@ -315,7 +321,7 @@ ad_create_2way_trust_options(TALLOC_CTX *mem_ctx,
|
|
DEBUG(SSSDBG_TRACE_FUNC, "2way trust is defined to domain '%s'\n",
|
|
subdom->name);
|
|
|
|
- ad_options = ad_create_options(mem_ctx, cdb, conf_path, subdom);
|
|
+ ad_options = ad_create_options(mem_ctx, cdb, conf_path, dp, subdom);
|
|
if (ad_options == NULL) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "ad_create_options failed\n");
|
|
return NULL;
|
|
@@ -343,6 +349,7 @@ struct ad_options *
|
|
ad_create_1way_trust_options(TALLOC_CTX *mem_ctx,
|
|
struct confdb_ctx *cdb,
|
|
const char *subdom_conf_path,
|
|
+ struct data_provider *dp,
|
|
struct sss_domain_info *subdom,
|
|
const char *hostname,
|
|
const char *keytab,
|
|
@@ -355,7 +362,7 @@ ad_create_1way_trust_options(TALLOC_CTX *mem_ctx,
|
|
DEBUG(SSSDBG_TRACE_FUNC, "1way trust is defined to domain '%s'\n",
|
|
subdom->name);
|
|
|
|
- ad_options = ad_create_options(mem_ctx, cdb, subdom_conf_path, subdom);
|
|
+ ad_options = ad_create_options(mem_ctx, cdb, subdom_conf_path, dp, subdom);
|
|
if (ad_options == NULL) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "ad_create_options failed\n");
|
|
return NULL;
|
|
@@ -1056,12 +1063,13 @@ errno_t
|
|
ad_get_id_options(struct ad_options *ad_opts,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
struct sdap_options **_opts)
|
|
{
|
|
struct sdap_options *id_opts;
|
|
errno_t ret;
|
|
|
|
- ret = ad_create_sdap_options(ad_opts, cdb, conf_path, &id_opts);
|
|
+ ret = ad_create_sdap_options(ad_opts, cdb, conf_path, dp, &id_opts);
|
|
if (ret != EOK) {
|
|
return ENOMEM;
|
|
}
|
|
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
|
|
index 931aafc6c..6eb2ba7e9 100644
|
|
--- a/src/providers/ad/ad_common.h
|
|
+++ b/src/providers/ad/ad_common.h
|
|
@@ -112,11 +112,13 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
|
|
struct ad_options *ad_create_options(TALLOC_CTX *mem_ctx,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
struct sss_domain_info *subdom);
|
|
|
|
struct ad_options *ad_create_2way_trust_options(TALLOC_CTX *mem_ctx,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
const char *realm,
|
|
struct sss_domain_info *subdom,
|
|
const char *hostname,
|
|
@@ -125,6 +127,7 @@ struct ad_options *ad_create_2way_trust_options(TALLOC_CTX *mem_ctx,
|
|
struct ad_options *ad_create_1way_trust_options(TALLOC_CTX *mem_ctx,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
struct sss_domain_info *subdom,
|
|
const char *hostname,
|
|
const char *keytab,
|
|
@@ -147,6 +150,7 @@ errno_t
|
|
ad_get_id_options(struct ad_options *ad_opts,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
struct sdap_options **_opts);
|
|
errno_t
|
|
ad_get_autofs_options(struct ad_options *ad_opts,
|
|
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
|
|
index 8c485a7c2..b19624782 100644
|
|
--- a/src/providers/ad/ad_init.c
|
|
+++ b/src/providers/ad/ad_init.c
|
|
@@ -453,7 +453,10 @@ errno_t sssm_ad_init(TALLOC_CTX *mem_ctx,
|
|
|
|
init_ctx->options->id_ctx = init_ctx->id_ctx;
|
|
|
|
- ret = ad_get_id_options(init_ctx->options, be_ctx->cdb, be_ctx->conf_path,
|
|
+ ret = ad_get_id_options(init_ctx->options,
|
|
+ be_ctx->cdb,
|
|
+ be_ctx->conf_path,
|
|
+ be_ctx->provider,
|
|
&init_ctx->id_ctx->sdap_id_ctx->opts);
|
|
if (ret != EOK) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to init AD id options\n");
|
|
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
|
|
index bd94ba8ea..74b9f0751 100644
|
|
--- a/src/providers/ad/ad_subdomains.c
|
|
+++ b/src/providers/ad/ad_subdomains.c
|
|
@@ -265,8 +265,12 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
|
|
return ENOMEM;
|
|
}
|
|
|
|
- ad_options = ad_create_2way_trust_options(id_ctx, be_ctx->cdb,
|
|
- subdom_conf_path, realm, subdom,
|
|
+ ad_options = ad_create_2way_trust_options(id_ctx,
|
|
+ be_ctx->cdb,
|
|
+ subdom_conf_path,
|
|
+ be_ctx->provider,
|
|
+ realm,
|
|
+ subdom,
|
|
hostname, keytab);
|
|
talloc_free(subdom_conf_path);
|
|
if (ad_options == NULL) {
|
|
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
|
|
index 2b81d7f3f..87ed96767 100644
|
|
--- a/src/providers/ipa/ipa_common.c
|
|
+++ b/src/providers/ipa/ipa_common.c
|
|
@@ -171,6 +171,7 @@ static errno_t ipa_parse_search_base(TALLOC_CTX *mem_ctx,
|
|
int ipa_get_id_options(struct ipa_options *ipa_opts,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
struct sdap_options **_opts)
|
|
{
|
|
TALLOC_CTX *tmpctx;
|
|
@@ -190,6 +191,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
|
|
ret = ENOMEM;
|
|
goto done;
|
|
}
|
|
+ ipa_opts->id->dp = dp;
|
|
|
|
ret = sdap_domain_add(ipa_opts->id,
|
|
ipa_opts->id_ctx->sdap_id_ctx->be->domain,
|
|
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
|
|
index 3a1259ccd..725e0e937 100644
|
|
--- a/src/providers/ipa/ipa_common.h
|
|
+++ b/src/providers/ipa/ipa_common.h
|
|
@@ -235,6 +235,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
|
|
int ipa_get_id_options(struct ipa_options *ipa_opts,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
struct sdap_options **_opts);
|
|
|
|
int ipa_get_auth_options(struct ipa_options *ipa_opts,
|
|
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
|
|
index cd2227896..931145985 100644
|
|
--- a/src/providers/ipa/ipa_init.c
|
|
+++ b/src/providers/ipa/ipa_init.c
|
|
@@ -161,7 +161,10 @@ static errno_t ipa_init_id_ctx(TALLOC_CTX *mem_ctx,
|
|
ipa_id_ctx->sdap_id_ctx = sdap_id_ctx;
|
|
ipa_options->id_ctx = ipa_id_ctx;
|
|
|
|
- ret = ipa_get_id_options(ipa_options, be_ctx->cdb, be_ctx->conf_path,
|
|
+ ret = ipa_get_id_options(ipa_options,
|
|
+ be_ctx->cdb,
|
|
+ be_ctx->conf_path,
|
|
+ be_ctx->provider,
|
|
&sdap_id_ctx->opts);
|
|
if (ret != EOK) {
|
|
goto done;
|
|
diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c
|
|
index d670a156b..1e53e7a95 100644
|
|
--- a/src/providers/ipa/ipa_subdomains_server.c
|
|
+++ b/src/providers/ipa/ipa_subdomains_server.c
|
|
@@ -148,6 +148,7 @@ ipa_create_1way_trust_ctx(struct ipa_id_ctx *id_ctx,
|
|
ad_options = ad_create_1way_trust_options(id_ctx,
|
|
be_ctx->cdb,
|
|
subdom_conf_path,
|
|
+ be_ctx->provider,
|
|
subdom,
|
|
id_ctx->server_mode->hostname,
|
|
keytab,
|
|
@@ -186,6 +187,7 @@ static struct ad_options *ipa_ad_options_new(struct be_ctx *be_ctx,
|
|
ad_options = ad_create_2way_trust_options(id_ctx,
|
|
be_ctx->cdb,
|
|
subdom_conf_path,
|
|
+ be_ctx->provider,
|
|
id_ctx->server_mode->realm,
|
|
subdom,
|
|
id_ctx->server_mode->hostname,
|
|
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
|
|
index 44dbc3fb0..548f0f985 100644
|
|
--- a/src/providers/ldap/ldap_common.h
|
|
+++ b/src/providers/ldap/ldap_common.h
|
|
@@ -193,6 +193,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
|
|
struct sss_domain_info *dom,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
struct sdap_options **_opts);
|
|
|
|
int ldap_get_sudo_options(struct confdb_ctx *cdb,
|
|
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
|
|
index 83075b5d3..44b3e9ab3 100644
|
|
--- a/src/providers/ldap/ldap_init.c
|
|
+++ b/src/providers/ldap/ldap_init.c
|
|
@@ -458,7 +458,8 @@ errno_t sssm_ldap_init(TALLOC_CTX *mem_ctx,
|
|
|
|
/* Always initialize options since it is needed everywhere. */
|
|
ret = ldap_get_options(init_ctx, be_ctx->domain, be_ctx->cdb,
|
|
- be_ctx->conf_path, &init_ctx->options);
|
|
+ be_ctx->conf_path, be_ctx->provider,
|
|
+ &init_ctx->options);
|
|
if (ret != EOK) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to initialize LDAP options "
|
|
"[%d]: %s\n", ret, sss_strerror(ret));
|
|
diff --git a/src/providers/ldap/ldap_options.c b/src/providers/ldap/ldap_options.c
|
|
index ccc1a2c5b..0b79715d2 100644
|
|
--- a/src/providers/ldap/ldap_options.c
|
|
+++ b/src/providers/ldap/ldap_options.c
|
|
@@ -27,6 +27,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
|
|
struct sss_domain_info *dom,
|
|
struct confdb_ctx *cdb,
|
|
const char *conf_path,
|
|
+ struct data_provider *dp,
|
|
struct sdap_options **_opts)
|
|
{
|
|
struct sdap_attr_map *default_attr_map;
|
|
@@ -57,6 +58,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
|
|
|
|
opts = talloc_zero(memctx, struct sdap_options);
|
|
if (!opts) return ENOMEM;
|
|
+ opts->dp = dp;
|
|
|
|
ret = sdap_domain_add(opts, dom, NULL);
|
|
if (ret != EOK) {
|
|
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
|
|
index ecf9c4d2e..e892c4071 100644
|
|
--- a/src/providers/ldap/sdap.h
|
|
+++ b/src/providers/ldap/sdap.h
|
|
@@ -465,6 +465,7 @@ struct sdap_certmap_ctx;
|
|
|
|
struct sdap_options {
|
|
struct dp_option *basic;
|
|
+ struct data_provider *dp;
|
|
struct sdap_attr_map *gen_map;
|
|
struct sdap_attr_map *user_map;
|
|
size_t user_map_cnt;
|
|
diff --git a/src/tests/cmocka/common_mock_sdap.c b/src/tests/cmocka/common_mock_sdap.c
|
|
index cef321613..fa4787c4b 100644
|
|
--- a/src/tests/cmocka/common_mock_sdap.c
|
|
+++ b/src/tests/cmocka/common_mock_sdap.c
|
|
@@ -48,7 +48,7 @@ struct sdap_options *mock_sdap_options_ldap(TALLOC_CTX *mem_ctx,
|
|
struct sdap_options *opts = NULL;
|
|
errno_t ret;
|
|
|
|
- ret = ldap_get_options(mem_ctx, domain, confdb_ctx, conf_path, &opts);
|
|
+ ret = ldap_get_options(mem_ctx, domain, confdb_ctx, conf_path, NULL, &opts);
|
|
if (ret != EOK) {
|
|
return NULL;
|
|
}
|
|
diff --git a/src/tests/cmocka/test_ad_common.c b/src/tests/cmocka/test_ad_common.c
|
|
index 94f351e19..39ebbc633 100644
|
|
--- a/src/tests/cmocka/test_ad_common.c
|
|
+++ b/src/tests/cmocka/test_ad_common.c
|
|
@@ -449,6 +449,7 @@ static void test_ad_create_1way_trust_options(void **state)
|
|
test_ctx->ad_ctx,
|
|
NULL,
|
|
NULL,
|
|
+ NULL,
|
|
test_ctx->subdom,
|
|
ONEWAY_HOST_NAME,
|
|
ONEWAY_KEYTAB_PATH,
|
|
@@ -515,6 +516,7 @@ static void test_ad_create_2way_trust_options(void **state)
|
|
test_ctx->ad_ctx,
|
|
NULL,
|
|
NULL,
|
|
+ NULL,
|
|
REALMNAME,
|
|
test_ctx->subdom,
|
|
HOST_NAME,
|
|
@@ -585,6 +587,7 @@ test_ldap_conn_setup(void **state)
|
|
ad_ctx,
|
|
NULL,
|
|
NULL,
|
|
+ NULL,
|
|
REALMNAME,
|
|
test_ctx->subdom,
|
|
HOST_NAME,
|
|
--
|
|
2.14.3
|
|
|