From f60c77df9b7162f46d8639f940d5df31f64f5815 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 9 Apr 2018 12:36:45 +0200 Subject: [PATCH] LDAP: Augment the sdap_opts structure with a data provider pointer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In order to be able to use the Data Provider methods from the SDAP code to e.g. invalidate memcache when needed, add a new field to the sdap_options structure with the data_provider structure pointer. Fill the pointer value for all LDAP-based providers. Related: https://pagure.io/SSSD/sssd/issue/2653 Reviewed-by: Fabiano FidĂȘncio (cherry picked from commit d2633d922eeed68f92be4248b9172b928c189920) --- src/providers/ad/ad_common.c | 18 +++++++++++++----- src/providers/ad/ad_common.h | 4 ++++ src/providers/ad/ad_init.c | 5 ++++- src/providers/ad/ad_subdomains.c | 8 ++++++-- src/providers/ipa/ipa_common.c | 2 ++ src/providers/ipa/ipa_common.h | 1 + src/providers/ipa/ipa_init.c | 5 ++++- src/providers/ipa/ipa_subdomains_server.c | 2 ++ src/providers/ldap/ldap_common.h | 1 + src/providers/ldap/ldap_init.c | 3 ++- src/providers/ldap/ldap_options.c | 2 ++ src/providers/ldap/sdap.h | 1 + src/tests/cmocka/common_mock_sdap.c | 2 +- src/tests/cmocka/test_ad_common.c | 3 +++ 14 files changed, 46 insertions(+), 11 deletions(-) diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 2a1647173..d92c68e6f 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -35,7 +35,8 @@ static errno_t ad_set_sdap_options(struct ad_options *ad_opts, struct sdap_options *id_opts); static struct sdap_options * -ad_create_default_sdap_options(TALLOC_CTX *mem_ctx) +ad_create_default_sdap_options(TALLOC_CTX *mem_ctx, + struct data_provider *dp) { struct sdap_options *id_opts; errno_t ret; @@ -44,6 +45,7 @@ ad_create_default_sdap_options(TALLOC_CTX *mem_ctx) if (!id_opts) { return NULL; } + id_opts->dp = dp; ret = dp_copy_defaults(id_opts, ad_def_ldap_opts, @@ -112,6 +114,7 @@ static errno_t ad_create_sdap_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, struct sdap_options **_id_opts) { struct sdap_options *id_opts; @@ -119,7 +122,7 @@ ad_create_sdap_options(TALLOC_CTX *mem_ctx, if (cdb == NULL || conf_path == NULL) { /* Fallback to defaults if there is no confdb */ - id_opts = ad_create_default_sdap_options(mem_ctx); + id_opts = ad_create_default_sdap_options(mem_ctx, dp); if (id_opts == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize default sdap options\n"); @@ -220,6 +223,7 @@ struct ad_options * ad_create_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, struct sss_domain_info *subdom) { struct ad_options *ad_options; @@ -252,6 +256,7 @@ ad_create_options(TALLOC_CTX *mem_ctx, ret = ad_create_sdap_options(ad_options, cdb, conf_path, + dp, &ad_options->id); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD LDAP options\n"); @@ -304,6 +309,7 @@ struct ad_options * ad_create_2way_trust_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, const char *realm, struct sss_domain_info *subdom, const char *hostname, @@ -315,7 +321,7 @@ ad_create_2way_trust_options(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, "2way trust is defined to domain '%s'\n", subdom->name); - ad_options = ad_create_options(mem_ctx, cdb, conf_path, subdom); + ad_options = ad_create_options(mem_ctx, cdb, conf_path, dp, subdom); if (ad_options == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "ad_create_options failed\n"); return NULL; @@ -343,6 +349,7 @@ struct ad_options * ad_create_1way_trust_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *subdom_conf_path, + struct data_provider *dp, struct sss_domain_info *subdom, const char *hostname, const char *keytab, @@ -355,7 +362,7 @@ ad_create_1way_trust_options(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, "1way trust is defined to domain '%s'\n", subdom->name); - ad_options = ad_create_options(mem_ctx, cdb, subdom_conf_path, subdom); + ad_options = ad_create_options(mem_ctx, cdb, subdom_conf_path, dp, subdom); if (ad_options == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "ad_create_options failed\n"); return NULL; @@ -1056,12 +1063,13 @@ errno_t ad_get_id_options(struct ad_options *ad_opts, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, struct sdap_options **_opts) { struct sdap_options *id_opts; errno_t ret; - ret = ad_create_sdap_options(ad_opts, cdb, conf_path, &id_opts); + ret = ad_create_sdap_options(ad_opts, cdb, conf_path, dp, &id_opts); if (ret != EOK) { return ENOMEM; } diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index 931aafc6c..6eb2ba7e9 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -112,11 +112,13 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, struct ad_options *ad_create_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, struct sss_domain_info *subdom); struct ad_options *ad_create_2way_trust_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, const char *realm, struct sss_domain_info *subdom, const char *hostname, @@ -125,6 +127,7 @@ struct ad_options *ad_create_2way_trust_options(TALLOC_CTX *mem_ctx, struct ad_options *ad_create_1way_trust_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, struct sss_domain_info *subdom, const char *hostname, const char *keytab, @@ -147,6 +150,7 @@ errno_t ad_get_id_options(struct ad_options *ad_opts, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, struct sdap_options **_opts); errno_t ad_get_autofs_options(struct ad_options *ad_opts, diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index 8c485a7c2..b19624782 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -453,7 +453,10 @@ errno_t sssm_ad_init(TALLOC_CTX *mem_ctx, init_ctx->options->id_ctx = init_ctx->id_ctx; - ret = ad_get_id_options(init_ctx->options, be_ctx->cdb, be_ctx->conf_path, + ret = ad_get_id_options(init_ctx->options, + be_ctx->cdb, + be_ctx->conf_path, + be_ctx->provider, &init_ctx->id_ctx->sdap_id_ctx->opts); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to init AD id options\n"); diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index bd94ba8ea..74b9f0751 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -265,8 +265,12 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, return ENOMEM; } - ad_options = ad_create_2way_trust_options(id_ctx, be_ctx->cdb, - subdom_conf_path, realm, subdom, + ad_options = ad_create_2way_trust_options(id_ctx, + be_ctx->cdb, + subdom_conf_path, + be_ctx->provider, + realm, + subdom, hostname, keytab); talloc_free(subdom_conf_path); if (ad_options == NULL) { diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 2b81d7f3f..87ed96767 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -171,6 +171,7 @@ static errno_t ipa_parse_search_base(TALLOC_CTX *mem_ctx, int ipa_get_id_options(struct ipa_options *ipa_opts, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, struct sdap_options **_opts) { TALLOC_CTX *tmpctx; @@ -190,6 +191,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, ret = ENOMEM; goto done; } + ipa_opts->id->dp = dp; ret = sdap_domain_add(ipa_opts->id, ipa_opts->id_ctx->sdap_id_ctx->be->domain, diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 3a1259ccd..725e0e937 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -235,6 +235,7 @@ int ipa_get_options(TALLOC_CTX *memctx, int ipa_get_id_options(struct ipa_options *ipa_opts, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, struct sdap_options **_opts); int ipa_get_auth_options(struct ipa_options *ipa_opts, diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index cd2227896..931145985 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -161,7 +161,10 @@ static errno_t ipa_init_id_ctx(TALLOC_CTX *mem_ctx, ipa_id_ctx->sdap_id_ctx = sdap_id_ctx; ipa_options->id_ctx = ipa_id_ctx; - ret = ipa_get_id_options(ipa_options, be_ctx->cdb, be_ctx->conf_path, + ret = ipa_get_id_options(ipa_options, + be_ctx->cdb, + be_ctx->conf_path, + be_ctx->provider, &sdap_id_ctx->opts); if (ret != EOK) { goto done; diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c index d670a156b..1e53e7a95 100644 --- a/src/providers/ipa/ipa_subdomains_server.c +++ b/src/providers/ipa/ipa_subdomains_server.c @@ -148,6 +148,7 @@ ipa_create_1way_trust_ctx(struct ipa_id_ctx *id_ctx, ad_options = ad_create_1way_trust_options(id_ctx, be_ctx->cdb, subdom_conf_path, + be_ctx->provider, subdom, id_ctx->server_mode->hostname, keytab, @@ -186,6 +187,7 @@ static struct ad_options *ipa_ad_options_new(struct be_ctx *be_ctx, ad_options = ad_create_2way_trust_options(id_ctx, be_ctx->cdb, subdom_conf_path, + be_ctx->provider, id_ctx->server_mode->realm, subdom, id_ctx->server_mode->hostname, diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 44dbc3fb0..548f0f985 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -193,6 +193,7 @@ int ldap_get_options(TALLOC_CTX *memctx, struct sss_domain_info *dom, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, struct sdap_options **_opts); int ldap_get_sudo_options(struct confdb_ctx *cdb, diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index 83075b5d3..44b3e9ab3 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -458,7 +458,8 @@ errno_t sssm_ldap_init(TALLOC_CTX *mem_ctx, /* Always initialize options since it is needed everywhere. */ ret = ldap_get_options(init_ctx, be_ctx->domain, be_ctx->cdb, - be_ctx->conf_path, &init_ctx->options); + be_ctx->conf_path, be_ctx->provider, + &init_ctx->options); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to initialize LDAP options " "[%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/providers/ldap/ldap_options.c b/src/providers/ldap/ldap_options.c index ccc1a2c5b..0b79715d2 100644 --- a/src/providers/ldap/ldap_options.c +++ b/src/providers/ldap/ldap_options.c @@ -27,6 +27,7 @@ int ldap_get_options(TALLOC_CTX *memctx, struct sss_domain_info *dom, struct confdb_ctx *cdb, const char *conf_path, + struct data_provider *dp, struct sdap_options **_opts) { struct sdap_attr_map *default_attr_map; @@ -57,6 +58,7 @@ int ldap_get_options(TALLOC_CTX *memctx, opts = talloc_zero(memctx, struct sdap_options); if (!opts) return ENOMEM; + opts->dp = dp; ret = sdap_domain_add(opts, dom, NULL); if (ret != EOK) { diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index ecf9c4d2e..e892c4071 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -465,6 +465,7 @@ struct sdap_certmap_ctx; struct sdap_options { struct dp_option *basic; + struct data_provider *dp; struct sdap_attr_map *gen_map; struct sdap_attr_map *user_map; size_t user_map_cnt; diff --git a/src/tests/cmocka/common_mock_sdap.c b/src/tests/cmocka/common_mock_sdap.c index cef321613..fa4787c4b 100644 --- a/src/tests/cmocka/common_mock_sdap.c +++ b/src/tests/cmocka/common_mock_sdap.c @@ -48,7 +48,7 @@ struct sdap_options *mock_sdap_options_ldap(TALLOC_CTX *mem_ctx, struct sdap_options *opts = NULL; errno_t ret; - ret = ldap_get_options(mem_ctx, domain, confdb_ctx, conf_path, &opts); + ret = ldap_get_options(mem_ctx, domain, confdb_ctx, conf_path, NULL, &opts); if (ret != EOK) { return NULL; } diff --git a/src/tests/cmocka/test_ad_common.c b/src/tests/cmocka/test_ad_common.c index 94f351e19..39ebbc633 100644 --- a/src/tests/cmocka/test_ad_common.c +++ b/src/tests/cmocka/test_ad_common.c @@ -449,6 +449,7 @@ static void test_ad_create_1way_trust_options(void **state) test_ctx->ad_ctx, NULL, NULL, + NULL, test_ctx->subdom, ONEWAY_HOST_NAME, ONEWAY_KEYTAB_PATH, @@ -515,6 +516,7 @@ static void test_ad_create_2way_trust_options(void **state) test_ctx->ad_ctx, NULL, NULL, + NULL, REALMNAME, test_ctx->subdom, HOST_NAME, @@ -585,6 +587,7 @@ test_ldap_conn_setup(void **state) ad_ctx, NULL, NULL, + NULL, REALMNAME, test_ctx->subdom, HOST_NAME, -- 2.14.3