[ipfire-3.x.git] / sssd / patches / 0012-sysdb-add-parent_dom-to-sysdb_get_direct_parents.patch

From 0cf03315bc74555aa70a6fec854d6d66826eb608 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 18 Oct 2016 14:59:19 +0200
Subject: [PATCH 12/39] sysdb: add parent_dom to sysdb_get_direct_parents()

Currently sysdb_get_direct_parents() only return direct parents from the
same domain as the child object. In setups with sub-domains this might
not be sufficient. A new option parent_dom is added which allows to
specify a domain the direct parents should be lookup up in. If it is
NULL the whole cache is searched.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 3dd4c3eca80e9223a65f3318821bd0fb5b45aedd)
(cherry picked from commit 9a243dcdbf5a908d23c1a64f3fb33914eefef9e8)
---
 src/db/sysdb.h                             | 21 +++++++++++++++++++++
 src/db/sysdb_search.c                      |  7 ++++++-
 src/providers/ldap/sdap_async_initgroups.c | 11 +++++++----
 3 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 7de3acdf3..f5d3ddb84 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -1137,8 +1137,29 @@ errno_t sysdb_remove_attrs(struct sss_domain_info *domain,
                            enum sysdb_member_type type,
                            char **remove_attrs);
 
+/**
+ * @brief Return direct parents of an object in the cache
+ *
+ * @param[in]  mem_ctx         Memory context the result should be allocated
+ *                             on
+ * @param[in]  dom             domain the object is in
+ * @param[in]  parent_dom      domain which should be searched for direct
+ *                             parents if NULL all domains in the given cache
+ *                             are searched
+ * @param[in]  mtype           Type of the object, SYSDB_MEMBER_USER or
+ *                             SYSDB_MEMBER_GROUP
+ * @param[in]  name            Name of the object
+ * @param[out] _direct_parents List of names of the direct parent groups
+ *
+ *
+ * @return
+ *  - EOK:    success
+ *  - EINVAL: wrong mtype
+ *  - ENOMEM: Memory allocation failed
+ */
 errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
                                  struct sss_domain_info *dom,
+                                 struct sss_domain_info *parent_dom,
                                  enum sysdb_member_type mtype,
                                  const char *name,
                                  char ***_direct_parents);
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index cfee5784d..4d63c3838 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -1981,6 +1981,7 @@ done:
 
 errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
                                  struct sss_domain_info *dom,
+                                 struct sss_domain_info *parent_dom,
                                  enum sysdb_member_type mtype,
                                  const char *name,
                                  char ***_direct_parents)
@@ -2029,7 +2030,11 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
-    basedn = sysdb_group_base_dn(tmp_ctx, dom);
+    if (parent_dom == NULL) {
+        basedn = sysdb_base_dn(dom->sysdb, tmp_ctx);
+    } else {
+        basedn = sysdb_group_base_dn(tmp_ctx, parent_dom);
+    }
     if (!basedn) {
         ret = ENOMEM;
         goto done;
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index df39de3cc..7a2eef43d 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -1301,7 +1301,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
         }
     }
 
-    ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER,
+    ret = sysdb_get_direct_parents(tmp_ctx, state->dom, state->dom,
+                                   SYSDB_MEMBER_USER,
                                    state->username, &sysdb_parent_name_list);
     if (ret) {
         DEBUG(SSSDBG_CRIT_FAILURE,
@@ -1388,7 +1389,7 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
-    ret = sysdb_get_direct_parents(tmp_ctx, dom, SYSDB_MEMBER_GROUP,
+    ret = sysdb_get_direct_parents(tmp_ctx, dom, dom, SYSDB_MEMBER_GROUP,
                                    group_name, &sysdb_parents_names_list);
     if (ret) {
         DEBUG(SSSDBG_CRIT_FAILURE,
@@ -2070,7 +2071,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data)
         goto done;
     }
 
-    ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, SYSDB_MEMBER_GROUP,
+    ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, mstate->dom,
+                                   SYSDB_MEMBER_GROUP,
                                    group_name, &sysdb_parents_names_list);
     if (ret) {
         DEBUG(SSSDBG_CRIT_FAILURE,
@@ -2130,7 +2132,8 @@ errno_t save_rfc2307bis_user_memberships(
     }
     in_transaction = true;
 
-    ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER,
+    ret = sysdb_get_direct_parents(tmp_ctx, state->dom, state->dom,
+                                   SYSDB_MEMBER_USER,
                                    state->name, &sysdb_parent_name_list);
     if (ret) {
         DEBUG(SSSDBG_CRIT_FAILURE,
-- 
2.11.0
Commit	Line	Data
92ae11e3 SS	1	From 0cf03315bc74555aa70a6fec854d6d66826eb608 Mon Sep 17 00:00:00 2001
	2	From: Sumit Bose <sbose@redhat.com>
	3	Date: Tue, 18 Oct 2016 14:59:19 +0200
	4	Subject: [PATCH 12/39] sysdb: add parent_dom to sysdb_get_direct_parents()
	5
	6	Currently sysdb_get_direct_parents() only return direct parents from the
	7	same domain as the child object. In setups with sub-domains this might
	8	not be sufficient. A new option parent_dom is added which allows to
	9	specify a domain the direct parents should be lookup up in. If it is
	10	NULL the whole cache is searched.
	11
	12	Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
	13	(cherry picked from commit 3dd4c3eca80e9223a65f3318821bd0fb5b45aedd)
	14	(cherry picked from commit 9a243dcdbf5a908d23c1a64f3fb33914eefef9e8)
	15	---
	16	src/db/sysdb.h \| 21 +++++++++++++++++++++
	17	src/db/sysdb_search.c \| 7 ++++++-
	18	src/providers/ldap/sdap_async_initgroups.c \| 11 +++++++----
	19	3 files changed, 34 insertions(+), 5 deletions(-)
	20
	21	diff --git a/src/db/sysdb.h b/src/db/sysdb.h
	22	index 7de3acdf3..f5d3ddb84 100644
	23	--- a/src/db/sysdb.h
	24	+++ b/src/db/sysdb.h
	25	@@ -1137,8 +1137,29 @@ errno_t sysdb_remove_attrs(struct sss_domain_info *domain,
	26	enum sysdb_member_type type,
	27	char **remove_attrs);
	28
	29	+/**
	30	+ * @brief Return direct parents of an object in the cache
	31	+ *
	32	+ * @param[in] mem_ctx Memory context the result should be allocated
	33	+ * on
	34	+ * @param[in] dom domain the object is in
	35	+ * @param[in] parent_dom domain which should be searched for direct
	36	+ * parents if NULL all domains in the given cache
	37	+ * are searched
	38	+ * @param[in] mtype Type of the object, SYSDB_MEMBER_USER or
	39	+ * SYSDB_MEMBER_GROUP
	40	+ * @param[in] name Name of the object
	41	+ * @param[out] _direct_parents List of names of the direct parent groups
	42	+ *
	43	+ *
	44	+ * @return
	45	+ * - EOK: success
	46	+ * - EINVAL: wrong mtype
	47	+ * - ENOMEM: Memory allocation failed
	48	+ */
	49	errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
	50	struct sss_domain_info *dom,
	51	+ struct sss_domain_info *parent_dom,
	52	enum sysdb_member_type mtype,
	53	const char *name,
	54	char ***_direct_parents);
	55	diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
	56	index cfee5784d..4d63c3838 100644
	57	--- a/src/db/sysdb_search.c
	58	+++ b/src/db/sysdb_search.c
	59	@@ -1981,6 +1981,7 @@ done:
	60
	61	errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
	62	struct sss_domain_info *dom,
	63	+ struct sss_domain_info *parent_dom,
	64	enum sysdb_member_type mtype,
65	const char *name,
66	char ***_direct_parents)
67	@@ -2029,7 +2030,11 @@ errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
68	goto done;
69	}
70
71	- basedn = sysdb_group_base_dn(tmp_ctx, dom);
72	+ if (parent_dom == NULL) {
73	+ basedn = sysdb_base_dn(dom->sysdb, tmp_ctx);
74	+ } else {
75	+ basedn = sysdb_group_base_dn(tmp_ctx, parent_dom);
76	+ }
77	if (!basedn) {
78	ret = ENOMEM;
79	goto done;
80	diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
81	index df39de3cc..7a2eef43d 100644
82	--- a/src/providers/ldap/sdap_async_initgroups.c
83	+++ b/src/providers/ldap/sdap_async_initgroups.c
84	@@ -1301,7 +1301,8 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
85	}
86	}
87
88	- ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER,
89	+ ret = sysdb_get_direct_parents(tmp_ctx, state->dom, state->dom,
90	+ SYSDB_MEMBER_USER,
91	state->username, &sysdb_parent_name_list);
92	if (ret) {
93	DEBUG(SSSDBG_CRIT_FAILURE,
94	@@ -1388,7 +1389,7 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx,
95	goto done;
96	}
97
98	- ret = sysdb_get_direct_parents(tmp_ctx, dom, SYSDB_MEMBER_GROUP,
99	+ ret = sysdb_get_direct_parents(tmp_ctx, dom, dom, SYSDB_MEMBER_GROUP,
100	group_name, &sysdb_parents_names_list);
101	if (ret) {
102	DEBUG(SSSDBG_CRIT_FAILURE,
103	@@ -2070,7 +2071,8 @@ rfc2307bis_group_memberships_build(hash_entry_t item, void user_data)
104	goto done;
105	}
106
107	- ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, SYSDB_MEMBER_GROUP,
108	+ ret = sysdb_get_direct_parents(tmp_ctx, mstate->dom, mstate->dom,
109	+ SYSDB_MEMBER_GROUP,
110	group_name, &sysdb_parents_names_list);
111	if (ret) {
112	DEBUG(SSSDBG_CRIT_FAILURE,
113	@@ -2130,7 +2132,8 @@ errno_t save_rfc2307bis_user_memberships(
114	}
115	in_transaction = true;
116
117	- ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER,
118	+ ret = sysdb_get_direct_parents(tmp_ctx, state->dom, state->dom,
119	+ SYSDB_MEMBER_USER,
120	state->name, &sysdb_parent_name_list);
121	if (ret) {
122	DEBUG(SSSDBG_CRIT_FAILURE,
123	--
124	2.11.0
125