URL: https://github.com/SSSD/sssd/pull/611 Author: fidencio Title: #611: Do not build the local provider by default Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/611/head:pr611 git checkout pr611
From 045215f1a3a692bb0f0d8bc1e4562436376002d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 18 Jul 2018 15:15:43 +0200 Subject: [PATCH 01/16] tests: adapt common_dom to files_provider MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also start to consider the "files" provider when cleaning up the files. This change will let us start to moving to "files" provider in our test suite. Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/tests/common_dom.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/tests/common_dom.c b/src/tests/common_dom.c index def28d510..1ae48eef2 100644 --- a/src/tests/common_dom.c +++ b/src/tests/common_dom.c @@ -340,7 +340,14 @@ void test_multidom_suite_cleanup(const char *tests_path, if (domains != NULL) { for (i = 0; domains[i] != NULL; i++) { - if (strcmp(domains[i], LOCAL_SYSDB_FILE) == 0) { + if (strcmp(domains[i], "FILES") == 0) { + /* files domain */ + ret = sysdb_get_db_file(tmp_ctx, "files", domains[i], tests_path, + &sysdb_path, &sysdb_ts_path); + if (ret != EOK) { + goto done; + } + } else if (strcmp(domains[i], LOCAL_SYSDB_FILE) == 0) { /* local domain */ ret = sysdb_get_db_file(tmp_ctx, "local", domains[i], tests_path, &sysdb_path, &sysdb_ts_path); From 74dec39bc6f1dffdafb246707592daf04212140e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Fri, 29 Jun 2018 13:51:54 +0200 Subject: [PATCH 02/16] tests: adapt test_sysdb_views to files provider MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's take advantage of the files provider and start to get rid of the local provider references in our code. Apart from the obvious change from "local" to "files" and from "LOCAL" to "FILES", we're also passing an on-the-fly created uid/gid to the sysdb_store_user() function in order to avoid calling sysdb_get_new_id(), which only should be used with the "local" provider. Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/tests/cmocka/test_sysdb_views.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/tests/cmocka/test_sysdb_views.c b/src/tests/cmocka/test_sysdb_views.c index a0f57c864..8ef69b271 100644 --- a/src/tests/cmocka/test_sysdb_views.c +++ b/src/tests/cmocka/test_sysdb_views.c @@ -86,27 +86,27 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db); assert_int_equal(ret, EOK); - val[0] = "LOCAL"; + val[0] = "FILES"; ret = confdb_add_param(test_ctx->confdb, true, "config/sssd", "domains", val); assert_int_equal(ret, EOK); - val[0] = "local"; + val[0] = "files"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "id_provider", val); + "config/domain/FILES", "id_provider", val); assert_int_equal(ret, EOK); val[0] = enumerate ? "TRUE" : "FALSE"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "enumerate", val); + "config/domain/FILES", "enumerate", val); assert_int_equal(ret, EOK); val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "cache_credentials", val); + "config/domain/FILES", "cache_credentials", val); assert_int_equal(ret, EOK); - ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local", + ret = sssd_domain_init(test_ctx, test_ctx->confdb, "files", TESTS_PATH, &test_ctx->domain); assert_int_equal(ret, EOK); @@ -565,8 +565,9 @@ static void enum_test_add_users(struct sysdb_test_ctx *test_ctx, fqname = sss_create_internal_fqname(test_ctx, usernames[i], test_ctx->domain->name); assert_non_null(fqname); + ret = sysdb_store_user(test_ctx->domain, fqname, - NULL, 0, 0, fqname, "/", "/bin/sh", + NULL, 1234 + i, 1234 + i, fqname, "/", "/bin/sh", NULL, NULL, NULL, 1, 1234 + i); assert_int_equal(ret, EOK); @@ -1118,12 +1119,12 @@ int main(int argc, const char *argv[]) DEBUG_CLI_INIT(debug_level); tests_set_cwd(); - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, "FILES"); test_dom_suite_setup(TESTS_PATH); rv = cmocka_run_group_tests(tests, NULL, NULL); if (rv == 0 && no_cleanup == 0) { - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, "FILES"); } return rv; } From f6da1d29a684dcdd5a0c37f5fd3b6939545aa347 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Fri, 29 Jun 2018 10:35:23 +0200 Subject: [PATCH 03/16] tests: adapt sysdb-tests to files_provider MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's take advantage of the files provider and start to get rid of the local provider references in our code. Apart from the obvious change from "local" to "files" and from "LOCAL" to "FILES", we're also passing a static uid/gid to the sysdb_add_user() function in order to avoid calling sysdb_get_new_id(), which only should be used with the "local" provider. Another change doneis to explicitly set mpg to true as it was enabled by default when using the "local" provider. Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/tests/sysdb-tests.c | 51 +++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index 7baf894d1..eee06cdda 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -44,7 +44,7 @@ #define TEST_ATTR_ADD_VALUE "test_attr_add_value" #define CUSTOM_TEST_CONTAINER "custom_test_container" #define CUSTOM_TEST_OBJECT "custom_test_object" -#define TEST_DOM_NAME "local" +#define TEST_DOM_NAME "files" #define ASQ_TEST_USER "testuser27010" #define ASQ_TEST_USER_UID 27010 @@ -113,7 +113,7 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) return ret; } - val[0] = "LOCAL"; + val[0] = "FILES"; ret = confdb_add_param(test_ctx->confdb, true, "config/sssd", "domains", val); if (ret != EOK) { @@ -122,9 +122,9 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) return ret; } - val[0] = "local"; + val[0] = "files"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "id_provider", val); + "config/domain/FILES", "id_provider", val); if (ret != EOK) { fail("Could not initialize provider"); talloc_free(test_ctx); @@ -133,18 +133,18 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) val[0] = enumerate ? "TRUE" : "FALSE"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "enumerate", val); + "config/domain/FILES", "enumerate", val); if (ret != EOK) { - fail("Could not initialize LOCAL domain"); + fail("Could not initialize FILES domain"); talloc_free(test_ctx); return ret; } val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "cache_credentials", val); + "config/domain/FILES", "cache_credentials", val); if (ret != EOK) { - fail("Could not initialize LOCAL domain"); + fail("Could not initialize FILES domain"); talloc_free(test_ctx); return ret; } @@ -497,7 +497,7 @@ static int test_search_all_users(struct test_data *data) int ret; base_dn = ldb_dn_new_fmt(data, data->ctx->sysdb->ldb, SYSDB_TMPL_USER_BASE, - "LOCAL"); + "FILES"); if (base_dn == NULL) { return ENOMEM; } @@ -514,7 +514,7 @@ static int test_delete_recursive(struct test_data *data) int ret; dn = ldb_dn_new_fmt(data, data->ctx->sysdb->ldb, SYSDB_DOM_BASE, - "LOCAL"); + "FILES"); if (!dn) { return ENOMEM; } @@ -700,7 +700,7 @@ START_TEST (test_sysdb_user_new_id) fail_if(ret != EOK); ret = sysdb_add_user(test_ctx->domain, fqname, - 0, 0, fqname, "/", "/bin/bash", + 1234, 1234, fqname, "/", "/bin/bash", NULL, attrs, 0, 0); fail_if(ret != EOK, "Could not store user %s", fqname); @@ -1095,6 +1095,7 @@ START_TEST(test_user_group_by_name) * ldap provider differently with auto_private_groups. */ test_ctx->domain->provider = discard_const_p(char, "ldap"); + test_ctx->domain->mpg = true; data = test_data_new_user(test_ctx, _i); fail_if(data == NULL); @@ -1336,6 +1337,8 @@ START_TEST (test_sysdb_enumgrent) return; } + test_ctx->domain->mpg = true; + ret = sysdb_enumgrent(test_ctx, test_ctx->domain, &res); @@ -1837,6 +1840,10 @@ START_TEST (test_sysdb_get_new_id) ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Cannot setup sysdb tests\n"); + /* sysdb_get_new_id() only works for local provider! + * For now, let's just set the provider to "local" till the moment where + * we'll be able to disable this test! */ + test_ctx->domain->provider = discard_const_p(char, "local"); ret = sysdb_get_new_id(test_ctx->domain, &id); fail_if(ret != EOK, "Cannot get new ID\n"); fail_if(id != test_ctx->domain->id_min); @@ -6634,20 +6641,20 @@ START_TEST(test_confdb_list_all_domain_names_single_dom) ck_assert(confdb != NULL); /* One domain */ - val[0] = "LOCAL"; + val[0] = "FILES"; ret = confdb_add_param(confdb, true, "config/sssd", "domains", val); ck_assert_int_eq(ret, EOK); - val[0] = "local"; + val[0] = "files"; ret = confdb_add_param(confdb, true, - "config/domain/LOCAL", "id_provider", val); + "config/domain/FILES", "id_provider", val); ck_assert_int_eq(ret, EOK); ret = confdb_list_all_domain_names(tmp_ctx, confdb, &names); ck_assert_int_eq(ret, EOK); ck_assert(names != NULL); - ck_assert_str_eq(names[0], "LOCAL"); + ck_assert_str_eq(names[0], "FILES"); ck_assert(names[1] == NULL); talloc_free(tmp_ctx); @@ -7072,14 +7079,14 @@ START_TEST(test_confdb_list_all_domain_names_multi_dom) ck_assert(confdb != NULL); /* Two domains */ - val[0] = "LOCAL"; + val[0] = "FILES"; ret = confdb_add_param(confdb, true, "config/sssd", "domains", val); ck_assert_int_eq(ret, EOK); - val[0] = "local"; + val[0] = "files"; ret = confdb_add_param(confdb, true, - "config/domain/LOCAL", "id_provider", val); + "config/domain/FILES", "id_provider", val); ck_assert_int_eq(ret, EOK); val[0] = "REMOTE"; @@ -7087,7 +7094,7 @@ START_TEST(test_confdb_list_all_domain_names_multi_dom) "config/sssd", "domains", val); ck_assert_int_eq(ret, EOK); - val[0] = "local"; + val[0] = "files"; ret = confdb_add_param(confdb, true, "config/domain/REMOTE", "id_provider", val); ck_assert_int_eq(ret, EOK); @@ -7095,7 +7102,7 @@ START_TEST(test_confdb_list_all_domain_names_multi_dom) ret = confdb_list_all_domain_names(tmp_ctx, confdb, &names); ck_assert_int_eq(ret, EOK); ck_assert(names != NULL); - ck_assert_str_eq(names[0], "LOCAL"); + ck_assert_str_eq(names[0], "FILES"); ck_assert_str_eq(names[1], "REMOTE"); ck_assert(names[2] == NULL); talloc_free(tmp_ctx); @@ -7668,7 +7675,7 @@ int main(int argc, const char *argv[]) { tests_set_cwd(); talloc_enable_null_tracking(); - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, "FILES"); sysdb_suite = create_sysdb_suite(); sr = srunner_create(sysdb_suite); @@ -7677,7 +7684,7 @@ int main(int argc, const char *argv[]) { failure_count = srunner_ntests_failed(sr); srunner_free(sr); if (failure_count == 0 && !no_cleanup) { - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, "FILES"); } return (failure_count==0 ? EXIT_SUCCESS : EXIT_FAILURE); } From 5087d5ae0c4098126cd20441c91a3d78a84ddcd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 18 Jul 2018 15:19:00 +0200 Subject: [PATCH 04/16] tests: adapt sysdb_ssh tests to files provider MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's take advantage of the files provider and start to get rid of the local provider references in our code. Apart from the obvious change from "local" to "files" and from "LOCAL" to "FILES", we also had to change the cleanup function as this test suite doesn't rely on test_multidom_suite_cleanup(). Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/tests/sysdb_ssh-tests.c | 67 +++++++++++++++++++++++++++++++------ 1 file changed, 56 insertions(+), 11 deletions(-) diff --git a/src/tests/sysdb_ssh-tests.c b/src/tests/sysdb_ssh-tests.c index c621e459d..8b3e024ee 100644 --- a/src/tests/sysdb_ssh-tests.c +++ b/src/tests/sysdb_ssh-tests.c @@ -93,7 +93,7 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) return ret; } - val[0] = "LOCAL"; + val[0] = "FILES"; ret = confdb_add_param(test_ctx->confdb, true, "config/sssd", "domains", val); if (ret != EOK) { @@ -102,9 +102,9 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) return ret; } - val[0] = "local"; + val[0] = "files"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "id_provider", val); + "config/domain/FILES", "id_provider", val); if (ret != EOK) { fail("Could not initialize provider"); talloc_free(test_ctx); @@ -113,23 +113,23 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "enumerate", val); + "config/domain/FILES", "enumerate", val); if (ret != EOK) { - fail("Could not initialize LOCAL domain"); + fail("Could not initialize FILES domain"); talloc_free(test_ctx); return ret; } val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "cache_credentials", val); + "config/domain/FILES", "cache_credentials", val); if (ret != EOK) { - fail("Could not initialize LOCAL domain"); + fail("Could not initialize FILES domain"); talloc_free(test_ctx); return ret; } - ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local", + ret = sssd_domain_init(test_ctx, test_ctx->confdb, "files", TESTS_PATH, &test_ctx->domain); if (ret != EOK) { fail("Could not initialize connection to the sysdb (%d)", ret); @@ -144,15 +144,60 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) static void clean_up(void) { + TALLOC_CTX *tmp_ctx; + char *path; int ret = 0; - ret += unlink(TESTS_PATH"/"TEST_CONF_FILE); - ret += unlink(TESTS_PATH"/sssd.ldb"); - ret += rmdir(TESTS_PATH); + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return; + } + + ret = unlink(TESTS_PATH"/"TEST_CONF_FILE); + if (ret != EOK && errno != ENOENT) { + fprintf(stderr, "Could not delete the test config ldb file (%d) (%s)\n", + errno, strerror(errno)); + goto done; + } + + path = talloc_asprintf(tmp_ctx, TESTS_PATH"/"CACHE_SYSDB_FILE, "FILES"); + if (path == NULL) { + ret = ENOMEM; + goto done; + } + + ret = unlink(path); + if (ret != EOK && errno != ENOENT) { + fprintf(stderr, "Could not delete the cache ldb file (%d) (%s)\n", + errno, strerror(errno)); + goto done; + } + + path = talloc_asprintf(tmp_ctx, TESTS_PATH"/"CACHE_TIMESTAMPS_FILE, "FILES"); + if (path == NULL) { + ret = ENOMEM; + goto done; + } + + ret = unlink(path); + if (ret != EOK && errno != ENOENT) { + fprintf(stderr, "Could not delete the timestamps ldb file (%d) (%s)\n", + errno, strerror(errno)); + goto done; + } + + ret = rmdir(TESTS_PATH); + if (ret != EOK && errno != ENOENT) { + fprintf(stderr, "Could not delete the test directory (%d) (%s)\n", + errno, strerror(errno)); + goto done; + } +done: if (ret != 0) { fprintf(stderr, "Unable to remove all test files from %s\n",TESTS_PATH); } + talloc_free(tmp_ctx); } struct test_data { From b78db302411f37a3ac22b0892afb103519af1e5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 18 Jul 2018 15:10:08 +0200 Subject: [PATCH 05/16] tests: adapt auth-tests to files provider MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's take advantage of the files provider and start to get rid of the local provider references in our code. Apart from the obvious change from "local" to "files" and from "LOCAL" to "FILES", we also had to change the cleanup function as this test suite doesn't rely on test_multidom_suite_cleanup(). Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/tests/auth-tests.c | 58 ++++++++++++++++++++++++++++++++---------- 1 file changed, 44 insertions(+), 14 deletions(-) diff --git a/src/tests/auth-tests.c b/src/tests/auth-tests.c index 1d2c7cd8e..67c664882 100644 --- a/src/tests/auth-tests.c +++ b/src/tests/auth-tests.c @@ -98,7 +98,7 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) return ret; } - val[0] = "LOCAL"; + val[0] = "FILES"; ret = confdb_add_param(test_ctx->confdb, true, "config/sssd", "domains", val); if (ret != EOK) { @@ -107,9 +107,9 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) return ret; } - val[0] = "local"; + val[0] = "files"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "id_provider", val); + "config/domain/FILES", "id_provider", val); if (ret != EOK) { fail("Could not initialize provider"); talloc_free(test_ctx); @@ -118,23 +118,23 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "enumerate", val); + "config/domain/FILES", "enumerate", val); if (ret != EOK) { - fail("Could not initialize LOCAL domain"); + fail("Could not initialize FILES domain"); talloc_free(test_ctx); return ret; } val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "cache_credentials", val); + "config/domain/FILES", "cache_credentials", val); if (ret != EOK) { - fail("Could not initialize LOCAL domain"); + fail("Could not initialize FILES domain"); talloc_free(test_ctx); return ret; } - ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local", + ret = sssd_domain_init(test_ctx, test_ctx->confdb, "files", TESTS_PATH, &test_ctx->domain); if (ret != EOK) { fail("Could not initialize connection to the sysdb (%d)", ret); @@ -261,30 +261,60 @@ Suite *auth_suite (void) static int clean_db_dir(void) { + TALLOC_CTX *tmp_ctx; + char *path; int ret; + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + ret = unlink(TESTS_PATH"/"TEST_CONF_FILE); if (ret != EOK && errno != ENOENT) { fprintf(stderr, "Could not delete the test config ldb file (%d) (%s)\n", errno, strerror(errno)); - return ret; + goto done; } - ret = unlink(TESTS_PATH"/"LOCAL_SYSDB_FILE); + path = talloc_asprintf(tmp_ctx, TESTS_PATH"/"CACHE_SYSDB_FILE, "FILES"); + if (path == NULL) { + ret = ENOMEM; + goto done; + } + + ret = unlink(path); if (ret != EOK && errno != ENOENT) { - fprintf(stderr, "Could not delete the test config ldb file (%d) (%s)\n", + fprintf(stderr, "Could not delete cache ldb file (%d) (%s)\n", errno, strerror(errno)); - return ret; + goto done; + } + + path = talloc_asprintf(tmp_ctx, TESTS_PATH"/"CACHE_TIMESTAMPS_FILE, "FILES"); + if (path == NULL) { + ret = ENOMEM; + goto done; + } + + ret = unlink(path); + if (ret != EOK && errno != ENOENT) { + fprintf(stderr, "Could not delete timestamps ldb file (%d) (%s)\n", + errno, strerror(errno)); + goto done; } ret = rmdir(TESTS_PATH); if (ret != EOK && errno != ENOENT) { fprintf(stderr, "Could not delete the test directory (%d) (%s)\n", errno, strerror(errno)); - return ret; + goto done; } - return EOK; + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; } int main(int argc, const char *argv[]) From 8db4f6b2437c3fef3eac02a56de99db75e101ddb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 18 Jul 2018 15:12:04 +0200 Subject: [PATCH 06/16] tests: adapt tests_fqnames to files provider MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's take advantage of the files provider and start to get rid of the local provider references in our code. Only a simple change from "local" to "files" was required. Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/tests/cmocka/test_fqnames.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/cmocka/test_fqnames.c b/src/tests/cmocka/test_fqnames.c index dda58f27f..b6f58a771 100644 --- a/src/tests/cmocka/test_fqnames.c +++ b/src/tests/cmocka/test_fqnames.c @@ -29,7 +29,7 @@ #define DOMNAME "domname" #define FLATNAME "flatname" #define SPECIALNAME "[]{}();:'|\",<.>/?!#$%^&*_+~`" -#define PROVIDER "local" +#define PROVIDER "files" #define CONNNAME "conn" #define DOMNAME2 "domname2" From dfccd62a269f5acb222e1404e6281edbb683a236 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 2 Aug 2018 15:34:16 +0200 Subject: [PATCH 07/16] sysdb: sanitize the dn on cleanup_dn_filter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When trying to get rid of the "local" provider references in ldap_id_cleanup tests by switching to "files" provider, it's been noticed that the linearized dn wasn't coming sanitized, which would make the test to fail. While I'm not sure here's the right place to have it fixed, this is the simplest proposal I could come up with. Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/db/sysdb_ops.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 4fa963f1d..d3c0c8eb4 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -419,6 +419,7 @@ static errno_t cleanup_dn_filter(TALLOC_CTX *mem_ctx, { TALLOC_CTX *tmp_ctx; char *dn_filter; + char *sanitized_linearized_dn = NULL; errno_t ret; if (ts_res->count == 0) { @@ -438,11 +439,20 @@ static errno_t cleanup_dn_filter(TALLOC_CTX *mem_ctx, } for (size_t i = 0; i < ts_res->count; i++) { + ret = sss_filter_sanitize(tmp_ctx, + ldb_dn_get_linearized(ts_res->msgs[i]->dn), + &sanitized_linearized_dn); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_filter_sanitize() failed: (%s) [%d]\n", + sss_strerror(ret), ret); + goto done; + } dn_filter = talloc_asprintf_append( dn_filter, "(%s=%s)", SYSDB_DN, - ldb_dn_get_linearized(ts_res->msgs[i]->dn)); + sanitized_linearized_dn); if (dn_filter == NULL) { ret = ENOMEM; goto done; From ec73a79ebbcbb4d70fa1629edabc64ba84e0da1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Mon, 6 Aug 2018 15:08:31 +0200 Subject: [PATCH 08/16] sysdb: pass subfilter and ts_subfilter to sysdb_search_*_by_timestamp() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The reason for specifically passing a ts_subfilter is because when using a provider that relies on a cache and on a timestamp cache, the search done each cache is different. The difference in the search is that on timestamp cache we add a (dateExpireTimestamp <= XXX), but it shouldn't be added to the cache search. This commit is needed in order to have the ldap_id_cleanup test running when switching from local provider (which has no timestamp cache) to the files provider (which exposed this issue). Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/db/sysdb.h | 2 ++ src/db/sysdb_ops.c | 10 +++--- src/providers/ldap/ldap_id_cleanup.c | 51 ++++++++++++++++++++-------- 3 files changed, 44 insertions(+), 19 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 6a9fd7239..d72af5a05 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -1181,6 +1181,7 @@ int sysdb_search_users(TALLOC_CTX *mem_ctx, int sysdb_search_users_by_timestamp(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *sub_filter, + const char *ts_sub_filter, const char **attrs, size_t *_msgs_count, struct ldb_message ***_msgs); @@ -1198,6 +1199,7 @@ int sysdb_search_groups(TALLOC_CTX *mem_ctx, int sysdb_search_groups_by_timestamp(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *sub_filter, + const char *ts_sub_filter, const char **attrs, size_t *_msgs_count, struct ldb_message ***_msgs); diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index d3c0c8eb4..5d750787d 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -3756,6 +3756,7 @@ int sysdb_search_users(TALLOC_CTX *mem_ctx, int sysdb_search_users_by_timestamp(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *sub_filter, + const char *ts_sub_filter, const char **attrs, size_t *_msgs_count, struct ldb_message ***_msgs) @@ -3773,10 +3774,10 @@ int sysdb_search_users_by_timestamp(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = sysdb_search_ts_users(tmp_ctx, domain, sub_filter, NULL, &ts_res); + ret = sysdb_search_ts_users(tmp_ctx, domain, ts_sub_filter, NULL, &ts_res); if (ret == ERR_NO_TS) { ret = sysdb_cache_search_users(tmp_ctx, domain, domain->sysdb->ldb, - sub_filter, attrs, &msgs_count, &msgs); + ts_sub_filter, attrs, &msgs_count, &msgs); if (ret != EOK) { goto done; } @@ -4036,6 +4037,7 @@ int sysdb_search_groups(TALLOC_CTX *mem_ctx, int sysdb_search_groups_by_timestamp(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *sub_filter, + const char *ts_sub_filter, const char **attrs, size_t *_msgs_count, struct ldb_message ***_msgs) @@ -4053,10 +4055,10 @@ int sysdb_search_groups_by_timestamp(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = sysdb_search_ts_groups(tmp_ctx, domain, sub_filter, NULL, &ts_res); + ret = sysdb_search_ts_groups(tmp_ctx, domain, ts_sub_filter, NULL, &ts_res); if (ret == ERR_NO_TS) { ret = sysdb_cache_search_groups(tmp_ctx, domain, domain->sysdb->ldb, - sub_filter, attrs, &msgs_count, &msgs); + ts_sub_filter, attrs, &msgs_count, &msgs); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c index 8c0f0c18b..e50fb0f22 100644 --- a/src/providers/ldap/ldap_id_cleanup.c +++ b/src/providers/ldap/ldap_id_cleanup.c @@ -179,6 +179,7 @@ static int cleanup_users(struct sdap_options *opts, const char *attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, SYSDB_MEMBEROF, NULL }; time_t now = time(NULL); char *subfilter = NULL; + char *ts_subfilter = NULL; int account_cache_expiration; hash_table_t *uid_table; struct ldb_message **msgs; @@ -198,29 +199,41 @@ static int cleanup_users(struct sdap_options *opts, if (account_cache_expiration > 0) { subfilter = talloc_asprintf(tmpctx, - "(&(!(%s=0))(%s<=%ld)(|(!(%s=*))(%s<=%ld)))", + "(&(!(%s=0))(|(!(%s=*))(%s<=%ld)))", SYSDB_CACHE_EXPIRE, - SYSDB_CACHE_EXPIRE, - (long) now, SYSDB_LAST_LOGIN, SYSDB_LAST_LOGIN, (long) (now - (account_cache_expiration * 86400))); + + ts_subfilter = talloc_asprintf(tmpctx, + "(&(!(%s=0))(%s<=%ld)(|(!(%s=*))(%s<=%ld)))", + SYSDB_CACHE_EXPIRE, + SYSDB_CACHE_EXPIRE, + (long) now, + SYSDB_LAST_LOGIN, + SYSDB_LAST_LOGIN, + (long) (now - (account_cache_expiration * 86400))); } else { subfilter = talloc_asprintf(tmpctx, - "(&(!(%s=0))(%s<=%ld)(!(%s=*)))", - SYSDB_CACHE_EXPIRE, + "(&(!(%s=0))(!(%s=*)))", SYSDB_CACHE_EXPIRE, - (long) now, SYSDB_LAST_LOGIN); + + ts_subfilter = talloc_asprintf(tmpctx, + "(&(!(%s=0))(%s<=%ld)(!(%s=*)))", + SYSDB_CACHE_EXPIRE, + SYSDB_CACHE_EXPIRE, + (long) now, + SYSDB_LAST_LOGIN); } - if (!subfilter) { + if (subfilter == NULL || ts_subfilter == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto done; } - ret = sysdb_search_users_by_timestamp(tmpctx, dom, subfilter, attrs, - &count, &msgs); + ret = sysdb_search_users_by_timestamp(tmpctx, dom, subfilter, ts_subfilter, + attrs, &count, &msgs); if (ret == ENOENT) { count = 0; } else if (ret != EOK) { @@ -370,6 +383,7 @@ static int cleanup_groups(TALLOC_CTX *memctx, const char *attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL }; time_t now = time(NULL); char *subfilter; + char *ts_subfilter; const char *dn; gid_t gid; struct ldb_message **msgs; @@ -386,17 +400,24 @@ static int cleanup_groups(TALLOC_CTX *memctx, return ENOMEM; } - subfilter = talloc_asprintf(tmpctx, "(&(!(%s=0))(%s<=%ld))", - SYSDB_CACHE_EXPIRE, - SYSDB_CACHE_EXPIRE, (long)now); - if (!subfilter) { + subfilter = talloc_asprintf(tmpctx, "(!(%s=0))", SYSDB_CACHE_EXPIRE); + if (subfilter == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); + ret = ENOMEM; + goto done; + } + + ts_subfilter = talloc_asprintf(tmpctx, "(&(!(%s=0))(%s<=%ld))", + SYSDB_CACHE_EXPIRE, + SYSDB_CACHE_EXPIRE, (long)now); + if (ts_subfilter == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); ret = ENOMEM; goto done; } - ret = sysdb_search_groups_by_timestamp(tmpctx, domain, subfilter, attrs, - &count, &msgs); + ret = sysdb_search_groups_by_timestamp(tmpctx, domain, subfilter, + ts_subfilter, attrs, &count, &msgs); if (ret == ENOENT) { count = 0; } else if (ret != EOK) { From 65af336e126386866239e733a7e75770a3417c97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Wed, 18 Jul 2018 16:11:46 +0200 Subject: [PATCH 09/16] tests: adapt test_ldap_id_cleanup to files provider MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's take advantage of the files provider and start to get rid of the local provider references in our code. The only changes requred were the obvious change from "local" to "files" and from "LOCAL" to "FILES". Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/tests/cmocka/test_ldap_id_cleanup.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/tests/cmocka/test_ldap_id_cleanup.c b/src/tests/cmocka/test_ldap_id_cleanup.c index dc8398f85..177022e20 100644 --- a/src/tests/cmocka/test_ldap_id_cleanup.c +++ b/src/tests/cmocka/test_ldap_id_cleanup.c @@ -78,27 +78,27 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db); assert_int_equal(ret, EOK); - val[0] = "LOCAL"; + val[0] = "FILES"; ret = confdb_add_param(test_ctx->confdb, true, "config/sssd", "domains", val); assert_int_equal(ret, EOK); - val[0] = "local"; + val[0] = "files"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "id_provider", val); + "config/domain/FILES", "id_provider", val); assert_int_equal(ret, EOK); val[0] = enumerate ? "TRUE" : "FALSE"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "enumerate", val); + "config/domain/FILES", "enumerate", val); assert_int_equal(ret, EOK); val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, - "config/domain/LOCAL", "cache_credentials", val); + "config/domain/FILES", "cache_credentials", val); assert_int_equal(ret, EOK); - ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local", + ret = sssd_domain_init(test_ctx, test_ctx->confdb, "files", TESTS_PATH, &test_ctx->domain); assert_int_equal(ret, EOK); @@ -331,12 +331,12 @@ int main(int argc, const char *argv[]) DEBUG_CLI_INIT(debug_level); tests_set_cwd(); - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, "FILES"); test_dom_suite_setup(TESTS_PATH); rv = cmocka_run_group_tests(tests, NULL, NULL); if (rv == 0 && no_cleanup == 0) { - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, "FILES"); } return rv; } From 9d31d0da99e56e348e0a1faeb12a8b7dac55d46e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 2 Aug 2018 15:51:31 +0200 Subject: [PATCH 10/16] tests: remove LOCAL_SYSDB_FILE reference from test_sysdb_certmap MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's take advantage of the files provider and start to get rid of the local provider references in our code. Let's just replace "LOCAL_SYSDB_FILE" for NULL as This test suite doesn't create local sysdb file. Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/tests/cmocka/test_sysdb_certmap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/cmocka/test_sysdb_certmap.c b/src/tests/cmocka/test_sysdb_certmap.c index e78ea8504..88c9737d8 100644 --- a/src/tests/cmocka/test_sysdb_certmap.c +++ b/src/tests/cmocka/test_sysdb_certmap.c @@ -250,12 +250,12 @@ int main(int argc, const char *argv[]) DEBUG_CLI_INIT(debug_level); tests_set_cwd(); - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, NULL); test_dom_suite_setup(TESTS_PATH); rv = cmocka_run_group_tests(tests, NULL, NULL); if (rv == 0 && no_cleanup == 0) { - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, NULL); } return rv; } From aba50a4d0b56b0b37dc3672b259f1dfaf771db0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 2 Aug 2018 15:52:11 +0200 Subject: [PATCH 11/16] tests: remove LOCAL_SYSDB_FILE reference from test_sysdb_domain_resolution_order_ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's take advantage of the files provider and start to get rid of the local provider references in our code. Let's just replace "LOCAL_SYSDB_FILE" for NULL as This test suite doesn't create local sysdb file. Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/tests/cmocka/test_sysdb_domain_resolution_order.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/cmocka/test_sysdb_domain_resolution_order.c b/src/tests/cmocka/test_sysdb_domain_resolution_order.c index c8b22a4f4..a4d276b82 100644 --- a/src/tests/cmocka/test_sysdb_domain_resolution_order.c +++ b/src/tests/cmocka/test_sysdb_domain_resolution_order.c @@ -179,12 +179,12 @@ int main(int argc, const char *argv[]) DEBUG_CLI_INIT(debug_level); tests_set_cwd(); - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, NULL); test_dom_suite_setup(TESTS_PATH); rv = cmocka_run_group_tests(tests, NULL, NULL); if (rv == 0 && no_cleanup == 0) { - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, NULL); } return rv; } From 1fa8aa92ef6ba05e2f84f93100e6b3d927845a22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 2 Aug 2018 15:52:40 +0200 Subject: [PATCH 12/16] tests: remove LOCAL_SYSDB_FILE reference from test_sysdb_subdomains MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's take advantage of the files provider and start to get rid of the local provider references in our code. Let's just replace "LOCAL_SYSDB_FILE" for NULL as This test suite doesn't create local sysdb file. Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/tests/cmocka/test_sysdb_subdomains.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c index 4f154b8ac..ead76bfff 100644 --- a/src/tests/cmocka/test_sysdb_subdomains.c +++ b/src/tests/cmocka/test_sysdb_subdomains.c @@ -594,12 +594,12 @@ int main(int argc, const char *argv[]) DEBUG_CLI_INIT(debug_level); tests_set_cwd(); - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, NULL); test_dom_suite_setup(TESTS_PATH); rv = cmocka_run_group_tests(tests, NULL, NULL); if (rv == 0 && no_cleanup == 0) { - test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, LOCAL_SYSDB_FILE); + test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, NULL); } return rv; } From d8a07d4fde0216be04f1f2f22e008b6ff75bc6a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Mon, 6 Aug 2018 16:48:45 +0200 Subject: [PATCH 13/16] tests: remove LOCAL_SYSDB_FILE reference from common_dom MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As all tests are now taking advantage of the "files" provider instead of the "local" one, let's just remove the last reference of LOCAL_SYSDB_FILE from our tests. Together with the reference, let's also remove the whole if-block as we're not relying on "local" provider anymore. Related: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/tests/common_dom.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/tests/common_dom.c b/src/tests/common_dom.c index 1ae48eef2..0fa723595 100644 --- a/src/tests/common_dom.c +++ b/src/tests/common_dom.c @@ -347,13 +347,6 @@ void test_multidom_suite_cleanup(const char *tests_path, if (ret != EOK) { goto done; } - } else if (strcmp(domains[i], LOCAL_SYSDB_FILE) == 0) { - /* local domain */ - ret = sysdb_get_db_file(tmp_ctx, "local", domains[i], tests_path, - &sysdb_path, &sysdb_ts_path); - if (ret != EOK) { - goto done; - } } else { /* The mocked database doesn't really care about its provider type, just * distinguishes between a local and non-local databases From c074a2d4ac897c950daac38f736d4d0cc61f5f38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Mon, 6 Aug 2018 16:48:45 +0200 Subject: [PATCH 14/16] local: build local provider conditionally MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's "get rid" of the local provider and only build it conditionally. The local provider is only used by our integration tests and those will be ran in the CI enabling the local provider. If someone, for some reason, still needs to use it, "--enable-local-provider" has been added as a configure option and the provider can be built using that (as done in our integration tests). Resolves: https://pagure.io/SSSD/sssd/issue/3304 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- Makefile.am | 16 ++++++---- contrib/sssd.spec.in | 11 +++++++ src/conf_macros.m4 | 12 ++++++++ src/confdb/confdb.c | 7 +++-- src/db/sysdb_init.c | 3 +- src/db/sysdb_ops.c | 17 ++++++++--- src/db/sysdb_upgrade.c | 3 +- src/man/Makefile.am | 11 +++++-- src/monitor/monitor.c | 10 +++++-- src/python/pysss.c | 39 +++++++++++++++---------- src/responder/common/responder.h | 4 +-- src/responder/common/responder_common.c | 3 +- src/tests/sysdb-tests.c | 7 +++-- src/util/util.c | 9 ++++++ src/util/util.h | 3 ++ 15 files changed, 115 insertions(+), 40 deletions(-) diff --git a/Makefile.am b/Makefile.am index 89011ea41..b218b35bf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -135,18 +135,23 @@ endif sbin_PROGRAMS = \ sssd \ + sss_cache \ + sss_override \ + sss_seed \ + sssctl \ + $(NULL) + +if BUILD_LOCAL_PROVIDER +sbin_PROGRAMS += \ sss_useradd \ sss_userdel \ + sss_usermod \ sss_groupadd \ sss_groupdel \ - sss_usermod \ sss_groupmod \ sss_groupshow \ - sss_cache \ - sss_override \ - sss_seed \ - sssctl \ $(NULL) +endif sssdlibexec_PROGRAMS = \ sssd_nss \ @@ -3910,6 +3915,7 @@ intgcheck-prepare: --enable-intgcheck-reqs \ --without-semanage \ --with-session-recording-shell=/bin/false \ + --enable-local-provider \ $(INTGCHECK_CONFIGURE_FLAGS) \ CFLAGS="-O2 -g $$CFLAGS -DKCM_PEER_UID=$$(id -u)"; \ $(MAKE) $(AM_MAKEFLAGS) ; \ diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 2000138b1..76b9ec980 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -145,6 +145,12 @@ %global with_idmap_version --with-smb-idmap-interface-version=5 %endif +%global with_local_provider 0 +%if (0%{?fedora} <= 28 || 0%{?rhel <= 7}) + %global with_local_provider 1 + %global enable_local_provider --enable-local-provider +%endif + Name: @PACKAGE_NAME@ Version: @PACKAGE_VERSION@ Release: 0@PRERELEASE_VERSION@%{?dist} @@ -809,6 +815,7 @@ autoreconf -ivf %{?with_secret_responder} \ %{?with_kcm_option} \ %{?with_idmap_version} \ + %{?enable_local_provider} \ %{?experimental} make %{?_smp_mflags} all @@ -1187,6 +1194,7 @@ done %files tools -f sssd_tools.lang %defattr(-,root,root,-) %license COPYING +%if (0%{with_local_provider} == 1) %{_sbindir}/sss_useradd %{_sbindir}/sss_userdel %{_sbindir}/sss_usermod @@ -1194,11 +1202,13 @@ done %{_sbindir}/sss_groupdel %{_sbindir}/sss_groupmod %{_sbindir}/sss_groupshow +%endif %{_sbindir}/sss_obfuscate %{_sbindir}/sss_override %{_sbindir}/sss_debuglevel %{_sbindir}/sss_seed %{_sbindir}/sssctl +%if (0%{with_local_provider} == 1) %{_mandir}/man8/sss_groupadd.8* %{_mandir}/man8/sss_groupdel.8* %{_mandir}/man8/sss_groupmod.8* @@ -1206,6 +1216,7 @@ done %{_mandir}/man8/sss_useradd.8* %{_mandir}/man8/sss_userdel.8* %{_mandir}/man8/sss_usermod.8* +%endif %{_mandir}/man8/sss_obfuscate.8* %{_mandir}/man8/sss_override.8* %{_mandir}/man8/sss_debuglevel.8* diff --git a/src/conf_macros.m4 b/src/conf_macros.m4 index fd85ce10a..a8171743a 100644 --- a/src/conf_macros.m4 +++ b/src/conf_macros.m4 @@ -941,3 +941,15 @@ AS_IF([test x$enable_files_domain = xyes], AC_DEFINE_UNQUOTED([ADD_FILES_DOMAIN], [1], [whether to build unconditionally enable files domain])) AM_CONDITIONAL([ADD_FILES_DOMAIN], [test x$enable_files_domain = xyes]) + +AC_ARG_ENABLE([local-provider], + [AS_HELP_STRING([--enable-local-provider], + [If this feature is enabled, then local-provider + will be built by default. + [default=no]])], + [enable_local_provider=$enableval], + [enable_local_provider=no]) +AS_IF([test x$enable_local_provider = xyes], + AC_DEFINE_UNQUOTED([BUILD_LOCAL_PROVIDER], [1], + [whether to build unconditionally enable local provider])) +AM_CONDITIONAL([BUILD_LOCAL_PROVIDER], [test x$enable_local_provider = xyes]) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 7017f1bcb..22068cacc 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -753,7 +753,8 @@ static uint32_t confdb_get_min_id(struct sss_domain_info *domain) { uint32_t defval = SSSD_MIN_ID; - if (domain && strcasecmp(domain->provider, "local") == 0) { + if (domain && local_provider_is_built() + && strcasecmp(domain->provider, "local") == 0) { defval = SSSD_LOCAL_MINID; } @@ -944,7 +945,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } - if (strcasecmp(domain->provider, "local") == 0) { + if (local_provider_is_built() + && strcasecmp(domain->provider, "local") == 0) { /* If this is the local provider, we need to ensure that * no other provider was specified for other types, since * the local provider cannot load them. @@ -1368,6 +1370,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } if (domain->case_sensitive == false && + local_provider_is_built() && strcasecmp(domain->provider, "local") == 0) { DEBUG(SSSDBG_FATAL_FAILURE, "Local ID provider does not support the case insensitive flag\n"); diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c index 89f8c6a5b..c0d9f4272 100644 --- a/src/db/sysdb_init.c +++ b/src/db/sysdb_init.c @@ -140,7 +140,8 @@ int sysdb_get_db_file(TALLOC_CTX *mem_ctx, char *ts_file = NULL; /* special case for the local domain */ - if (strcasecmp(provider, "local") == 0) { + if (local_provider_is_built() + && strcasecmp(provider, "local") == 0) { ldb_file = talloc_asprintf(mem_ctx, "%s/"LOCAL_SYSDB_FILE, base_path); } else { diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 5d750787d..df0fb83c5 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -504,7 +504,9 @@ static int sysdb_search_by_name(TALLOC_CTX *mem_ctx, break; case SYSDB_GROUP: def_attrs[1] = SYSDB_GIDNUM; - if (domain->mpg && strcasecmp(domain->provider, "local") != 0) { + if (domain->mpg && + (!local_provider_is_built() + || strcasecmp(domain->provider, "local") != 0)) { /* When searching a group by name in a MPG domain, we also * need to search the user space in order to be able to match * a user private group/ @@ -1540,7 +1542,8 @@ int sysdb_get_new_id(struct sss_domain_info *domain, return ENOMEM; } - if (strcasecmp(domain->provider, "local") != 0) { + if (!local_provider_is_built() + || strcasecmp(domain->provider, "local") != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Generating new ID is only supported in the local domain!\n"); return ENOTSUP; @@ -2035,7 +2038,8 @@ int sysdb_add_user(struct sss_domain_info *domain, goto done; } - if (strcasecmp(domain->provider, "local") != 0) { + if (!local_provider_is_built() + || strcasecmp(domain->provider, "local") != 0) { ret = sysdb_search_group_by_gid(tmp_ctx, domain, uid, NULL, &msg); if (ret != ENOENT) { if (ret == EOK) { @@ -2255,7 +2259,8 @@ int sysdb_add_group(struct sss_domain_info *domain, goto done; } - if (strcasecmp(domain->provider, "local") != 0) { + if (!local_provider_is_built() + || strcasecmp(domain->provider, "local") != 0) { ret = sysdb_search_user_by_uid(tmp_ctx, domain, gid, NULL, &msg); if (ret != ENOENT) { if (ret == EOK) { @@ -2774,6 +2779,8 @@ int sysdb_store_user(struct sss_domain_info *domain, if (ret) { DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); + } else { + DEBUG(SSSDBG_TRACE_FUNC, "User \"%s\" has been stored\n", name); } talloc_zfree(tmp_ctx); return ret; @@ -3003,6 +3010,8 @@ int sysdb_store_group(struct sss_domain_info *domain, if (ret) { DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); + } else { + DEBUG(SSSDBG_TRACE_FUNC, "Group \"%s\" has been stored\n", name); } talloc_zfree(tmp_ctx); return ret; diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c index 46df971e9..65c1ab2bd 100644 --- a/src/db/sysdb_upgrade.c +++ b/src/db/sysdb_upgrade.c @@ -405,7 +405,8 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains, int i; /* skip local */ - if (strcasecmp(dom->provider, "local") == 0) { + if (local_provider_is_built() + && strcasecmp(dom->provider, "local") == 0) { continue; } diff --git a/src/man/Makefile.am b/src/man/Makefile.am index 06e5253f4..b4c20d8cf 100644 --- a/src/man/Makefile.am +++ b/src/man/Makefile.am @@ -67,15 +67,20 @@ endif EXTRA_DIST = $(wildcard $(srcdir)/*.xml) $(wildcard $(srcdir)/include/*.xml) man_MANS = \ - sss_useradd.8 sss_userdel.8 sss_usermod.8 \ - sss_groupadd.8 sss_groupdel.8 sss_groupmod.8 \ sssd.8 sssd.conf.5 sssd-ldap.5 \ sssd-krb5.5 sssd-simple.5 sss-certmap.5 \ - sssd_krb5_locator_plugin.8 sss_groupshow.8 \ + sssd_krb5_locator_plugin.8 \ pam_sss.8 sss_obfuscate.8 sss_cache.8 sss_debuglevel.8 sss_seed.8 \ sss_override.8 idmap_sss.8 sssctl.8 sssd-session-recording.5 \ $(NULL) +if BUILD_LOCAL_PROVIDER +man_MANS += \ + sss_useradd.8 sss_userdel.8 sss_usermod.8 \ + sss_groupadd.8 sss_groupdel.8 sss_groupmod.8 \ + sss_groupshow.8 +endif + if BUILD_SAMBA man_MANS += sssd-ipa.5 sssd-ad.5 endif diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 6d9c0602c..335b2070b 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -640,7 +640,9 @@ static int service_signal(struct mt_svc *svc, struct sbus_connection *conn; struct tevent_req *req; - if (svc->provider && strcasecmp(svc->provider, "local") == 0) { + if (svc->provider + && (local_provider_is_built() + && strcasecmp(svc->provider, "local") == 0)) { /* The local provider requires no signaling */ return EOK; } @@ -758,7 +760,8 @@ static int check_local_domain_unique(struct sss_domain_info *domains) struct sss_domain_info *dom = domains; while (dom) { - if (strcasecmp(dom->provider, "local") == 0) { + if (local_provider_is_built() + && strcasecmp(dom->provider, "local") == 0) { count++; } @@ -1303,7 +1306,8 @@ static int add_new_provider(struct mt_ctx *ctx, } svc->restarts = restarts; - if (strcasecmp(svc->provider, "local") == 0) { + if (local_provider_is_built() + && strcasecmp(svc->provider, "local") == 0) { /* The LOCAL provider requires no back-end currently * We'll add it to the service list, but we don't need * to poll it. diff --git a/src/python/pysss.c b/src/python/pysss.c index cdabe9c85..3253d5768 100644 --- a/src/python/pysss.c +++ b/src/python/pysss.c @@ -33,6 +33,22 @@ #include "tools/sss_sync_ops.h" #include "util/crypto/sss_crypto.h" + +static void PyErr_SetSssErrorWithMessage(int ret, const char *message) +{ + PyObject *exc = Py_BuildValue(discard_const_p(char, "(is)"), + ret, message); + + PyErr_SetObject(PyExc_IOError, exc); + Py_XDECREF(exc); +} + +static void PyErr_SetSssError(int ret) +{ + PyErr_SetSssErrorWithMessage(ret, strerror(ret)); +} + +#ifdef BUILD_LOCAL_PROVIDER /* * function taken from samba sources tree as of Aug 20 2009, * file source4/lib/ldb/pyldb.c @@ -72,7 +88,7 @@ static char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list, /* ======================= sysdb python wrappers ==========================*/ /* - * The sss.password object + * The sss.local object */ typedef struct { PyObject_HEAD @@ -91,20 +107,6 @@ typedef struct { /* * Error reporting */ -static void PyErr_SetSssErrorWithMessage(int ret, const char *message) -{ - PyObject *exc = Py_BuildValue(discard_const_p(char, "(is)"), - ret, message); - - PyErr_SetObject(PyExc_IOError, exc); - Py_XDECREF(exc); -} - -static void PyErr_SetSssError(int ret) -{ - PyErr_SetSssErrorWithMessage(ret, strerror(ret)); -} - /* * Common init of all methods */ @@ -945,6 +947,7 @@ static PyTypeObject pysss_local_type = { .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, .tp_doc = sss_py_const_p(char, "SSS DB manipulation"), }; +#endif /* ==================== obfuscation python wrappers ========================*/ @@ -1119,7 +1122,9 @@ static PyTypeObject pysss_password_type = { * Module methods */ static PyMethodDef module_methods[] = { +#ifdef BUILD_LOCAL_PROVIDER {"getgrouplist", py_sss_getgrouplist, METH_VARARGS, py_sss_getgrouplist__doc__}, +#endif {NULL, NULL, 0, NULL} /* Sentinel */ }; @@ -1148,8 +1153,10 @@ initpysss(void) { PyObject *m; +#ifdef BUILD_LOCAL_PROVIDER if (PyType_Ready(&pysss_local_type) < 0) MODINITERROR; +#endif if (PyType_Ready(&pysss_password_type) < 0) MODINITERROR; @@ -1161,8 +1168,10 @@ initpysss(void) if (m == NULL) MODINITERROR; +#ifdef BUILD_LOCAL_PROVIDER Py_INCREF(&pysss_local_type); PyModule_AddObject(m, discard_const_p(char, "local"), (PyObject *)&pysss_local_type); +#endif Py_INCREF(&pysss_password_type); PyModule_AddObject(m, discard_const_p(char, "password"), (PyObject *)&pysss_password_type); diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 73ab16488..06945345f 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -55,12 +55,12 @@ extern hash_table_t *dp_requests; */ #define NEED_CHECK_PROVIDER(provider) \ (provider != NULL && \ - (strcmp(provider, "local") != 0 && \ + ((!local_provider_is_built() || strcmp(provider, "local") != 0) && \ strcmp(provider, "files") != 0)) #define NEED_CHECK_AUTH_PROVIDER(provider) \ (provider != NULL && \ - strcmp(provider, "local") != 0) + (!local_provider_is_built() || strcmp(provider, "local") != 0)) /* needed until nsssrv.h is updated */ struct cli_request { diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 25830acad..9081901a6 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -1405,7 +1405,8 @@ int sss_process_init(TALLOC_CTX *mem_ctx, } /* skip local domain, it doesn't have a backend */ - if (strcasecmp(dom->provider, "local") == 0) { + if (local_provider_is_built() + && strcasecmp(dom->provider, "local") == 0) { continue; } diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index eee06cdda..933a07e1f 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -1830,6 +1830,7 @@ START_TEST (test_sysdb_remove_nonexistent_group) } END_TEST +#ifdef BUILD_LOCAL_PROVIDER START_TEST (test_sysdb_get_new_id) { struct sysdb_test_ctx *test_ctx; @@ -1840,15 +1841,13 @@ START_TEST (test_sysdb_get_new_id) ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Cannot setup sysdb tests\n"); - /* sysdb_get_new_id() only works for local provider! - * For now, let's just set the provider to "local" till the moment where - * we'll be able to disable this test! */ test_ctx->domain->provider = discard_const_p(char, "local"); ret = sysdb_get_new_id(test_ctx->domain, &id); fail_if(ret != EOK, "Cannot get new ID\n"); fail_if(id != test_ctx->domain->id_min); } END_TEST +#endif START_TEST (test_sysdb_store_custom) { @@ -7197,8 +7196,10 @@ Suite *create_sysdb_suite(void) TCase *tc_sysdb = tcase_create("SYSDB Tests"); +#ifdef BUILD_LOCAL_PROVIDER /* test getting next id works */ tcase_add_test(tc_sysdb, test_sysdb_get_new_id); +#endif /* Add a user with an automatic ID */ tcase_add_test(tc_sysdb, test_sysdb_user_new_id); diff --git a/src/util/util.c b/src/util/util.c index e3efa7fef..53dd9a13a 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -1196,3 +1196,12 @@ bool is_dbus_activated(void) return false; #endif } + +bool local_provider_is_built(void) +{ +#ifdef BUILD_LOCAL_PROVIDER + return true; +#else + return false; +#endif +} diff --git a/src/util/util.h b/src/util/util.h index bc89ecbc2..867acf26f 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -399,6 +399,9 @@ bool is_socket_activated(void); /* Returns true if the responder has been dbus-activated */ bool is_dbus_activated(void); +/* Returns true if SSSD was built with local provider support */ +bool local_provider_is_built(void); + /** * @brief Add two list of strings * From 857ffc7f9edf431fa70cfe7918d350265905168c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Mon, 6 Aug 2018 17:36:57 +0200 Subject: [PATCH 15/16] pysss: fix typo in comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit "local" -> "password" Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/python/pysss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/python/pysss.c b/src/python/pysss.c index 3253d5768..e00cca692 100644 --- a/src/python/pysss.c +++ b/src/python/pysss.c @@ -952,7 +952,7 @@ static PyTypeObject pysss_local_type = { /* ==================== obfuscation python wrappers ========================*/ /* - * The sss.local object + * The sss.password object */ typedef struct { PyObject_HEAD From e224db7ab0fb6540091eed3bdadbeb937878004a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Mon, 6 Aug 2018 19:02:53 +0200 Subject: [PATCH 16/16] pysss: remove pysss.local MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The pysss.local interface has been de-emphasized in favour of the files domain. As there's no current consumer of this API, let's just remove it. Resolves: https://pagure.io/SSSD/sssd/issue/3493 Signed-off-by: Fabiano Fidêncio <fiden...@redhat.com> --- src/python/pysss.c | 912 --------------------------------------------- 1 file changed, 912 deletions(-) diff --git a/src/python/pysss.c b/src/python/pysss.c index e00cca692..e92653a9e 100644 --- a/src/python/pysss.c +++ b/src/python/pysss.c @@ -48,907 +48,6 @@ static void PyErr_SetSssError(int ret) PyErr_SetSssErrorWithMessage(ret, strerror(ret)); } -#ifdef BUILD_LOCAL_PROVIDER -/* - * function taken from samba sources tree as of Aug 20 2009, - * file source4/lib/ldb/pyldb.c - */ -static char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list, - const char *paramname) -{ - char **ret; - int i; - - ret = talloc_array(mem_ctx, char *, PyList_Size(list)+1); - for (i = 0; i < PyList_Size(list); i++) { - const char *itemstr; - Py_ssize_t itemlen; - PyObject *item = PyList_GetItem(list, i); -#ifdef IS_PY3K - if (!PyUnicode_Check(item)) { -#else - if (!PyString_Check(item)) { -#endif - PyErr_Format(PyExc_TypeError, "%s should be strings", paramname); - return NULL; - } -#ifdef IS_PY3K - itemstr = PyUnicode_AsUTF8AndSize(item, &itemlen); -#else - itemstr = PyString_AsString(item); - itemlen = strlen(itemstr); -#endif - ret[i] = talloc_strndup(ret, itemstr, itemlen); - } - - ret[i] = NULL; - return ret; -} - -/* ======================= sysdb python wrappers ==========================*/ - -/* - * The sss.local object - */ -typedef struct { - PyObject_HEAD - - TALLOC_CTX *mem_ctx; - struct tevent_context *ev; - struct sysdb_ctx *sysdb; - struct confdb_ctx *confdb; - - struct sss_domain_info *local; - - int lock; - int unlock; -} PySssLocalObject; - -/* - * Error reporting - */ -/* - * Common init of all methods - */ -static struct tools_ctx *init_ctx(PySssLocalObject *self) -{ - struct ops_ctx *octx = NULL; - struct tools_ctx *tctx = NULL; - - tctx = talloc_zero(self->mem_ctx, struct tools_ctx); - if (tctx == NULL) { - return NULL; - } - - tctx->confdb = self->confdb; - tctx->sysdb = self->sysdb; - tctx->local = self->local; - /* tctx->nctx is NULL here, which is OK since we don't parse domains - * in the python bindings (yet?) */ - - octx = talloc_zero(tctx, struct ops_ctx); - if (octx == NULL) { - PyErr_NoMemory(); - return NULL; - } - octx->domain = self->local; - - tctx->octx = octx; - return tctx; -} - -/* - * Add a user - */ -PyDoc_STRVAR(py_sss_useradd__doc__, - "Add a user named ``username``.\n\n" - ":param username: name of the user\n\n" - ":param kwargs: Keyword arguments that customize the operation\n\n" - "* useradd can be customized further with keyword arguments:\n" - " * ``uid``: The UID of the user\n" - " * ``gid``: The GID of the user\n" - " * ``gecos``: The comment string\n" - " * ``homedir``: Home directory\n" - " * ``shell``: Login shell\n" - " * ``skel``: Specify an alternative skeleton directory\n" - " * ``create_home``: (bool) Force creation of home directory on or off\n" - " * ``groups``: List of groups the user is member of\n"); - - -static PyObject *py_sss_useradd(PySssLocalObject *self, - PyObject *args, - PyObject *kwds) -{ - struct tools_ctx *tctx = NULL; - unsigned long uid = 0; - unsigned long gid = 0; - const char *gecos = NULL; - const char *home = NULL; - const char *shell = NULL; - const char *skel = NULL; - char *username = NULL; - int ret; - const char * const kwlist[] = { "username", "uid", "gid", "gecos", - "homedir", "shell", "skel", - "create_home", "groups", NULL }; - PyObject *py_groups = Py_None; - PyObject *py_create_home = Py_None; - int create_home = 0; - bool in_transaction = false; - - /* parse arguments */ - if (!PyArg_ParseTupleAndKeywords(args, kwds, - discard_const_p(char, "s|kkssssO!O!"), - discard_const_p(char *, kwlist), - &username, - &uid, - &gid, - &gecos, - &home, - &shell, - &skel, - &PyBool_Type, - &py_create_home, - &PyList_Type, - &py_groups)) { - goto fail; - } - - tctx = init_ctx(self); - if (!tctx) { - PyErr_NoMemory(); - return NULL; - } - - if (py_groups != Py_None) { - tctx->octx->addgroups = PyList_AsStringList(tctx, py_groups, "groups"); - if (!tctx->octx->addgroups) { - PyErr_NoMemory(); - return NULL; - } - } - - /* user-wise the parameter is only bool - do or don't, - * however we must have a third state - undecided, pick default */ - if (py_create_home == Py_True) { - create_home = DO_CREATE_HOME; - } else if (py_create_home == Py_False) { - create_home = DO_NOT_CREATE_HOME; - } - - tctx->octx->name = username; - tctx->octx->uid = uid; - - /* fill in defaults */ - ret = useradd_defaults(tctx, - self->confdb, - tctx->octx, gecos, - home, shell, - create_home, - skel); - if (ret != EOK) { - PyErr_SetSssError(ret); - goto fail; - } - - /* Add the user within a transaction */ - tctx->error = sysdb_transaction_start(tctx->sysdb); - if (tctx->error != EOK) { - PyErr_SetSssError(tctx->error); - goto fail; - } - in_transaction = true; - - /* useradd */ - tctx->error = useradd(tctx, tctx->octx); - if (tctx->error) { - PyErr_SetSssError(tctx->error); - goto fail; - } - - tctx->error = sysdb_transaction_commit(tctx->sysdb); - if (tctx->error) { - PyErr_SetSssError(tctx->error); - goto fail; - } - in_transaction = false; - - /* Create user's home directory and/or mail spool */ - if (tctx->octx->create_homedir) { - /* We need to know the UID and GID of the user, if - * sysdb did assign it automatically, do a lookup */ - if (tctx->octx->uid == 0 || tctx->octx->gid == 0) { - ret = sysdb_getpwnam_sync(tctx, - tctx->octx->name, - tctx->octx); - if (ret != EOK) { - PyErr_SetSssError(ret); - goto fail; - } - } - - ret = create_homedir(tctx->octx->skeldir, - tctx->octx->home, - tctx->octx->uid, - tctx->octx->gid, - tctx->octx->umask); - if (ret != EOK) { - PyErr_SetSssError(ret); - goto fail; - } - - /* failure here should not be fatal */ - create_mail_spool(tctx, - tctx->octx->name, - tctx->octx->maildir, - tctx->octx->uid, - tctx->octx->gid); - } - - talloc_zfree(tctx); - Py_RETURN_NONE; - -fail: - if (in_transaction) { - /* We do not handle return value of sysdb_transaction_cancel() - * because we don't want to overwrite previous error code. - */ - sysdb_transaction_cancel(tctx->sysdb); - } - talloc_zfree(tctx); - return NULL; -} - -/* - * Delete a user - */ -PyDoc_STRVAR(py_sss_userdel__doc__, - "Remove the user named ``username``.\n\n" - ":param username: Name of user being removed\n" - ":param kwargs: Keyword arguments that customize the operation\n\n" - "* userdel can be customized further with keyword arguments:\n" - " * ``force``: (bool) Force removal of files not owned by the user\n" - " * ``remove``: (bool) Toggle removing home directory and mail spool\n"); - -static PyObject *py_sss_userdel(PySssLocalObject *self, - PyObject *args, - PyObject *kwds) -{ - struct tools_ctx *tctx = NULL; - char *username = NULL; - int ret; - PyObject *py_remove = Py_None; - int remove_home = 0; - PyObject *py_force = Py_None; - const char * const kwlist[] = { "username", "remove", "force", NULL }; - - if(!PyArg_ParseTupleAndKeywords(args, kwds, - discard_const_p(char, "s|O!O!"), - discard_const_p(char *, kwlist), - &username, - &PyBool_Type, - &py_remove, - &PyBool_Type, - &py_force)) { - goto fail; - } - - tctx = init_ctx(self); - if (!tctx) { - PyErr_NoMemory(); - return NULL; - } - - tctx->octx->name = username; - - if (py_remove == Py_True) { - remove_home = DO_REMOVE_HOME; - } else if (py_remove == Py_False) { - remove_home = DO_NOT_REMOVE_HOME; - } - - /* - * Fills in defaults for ops_ctx user did not specify. - */ - ret = userdel_defaults(tctx, - tctx->confdb, - tctx->octx, - remove_home); - if (ret != EOK) { - PyErr_SetSssError(ret); - goto fail; - } - - ret = run_userdel_cmd(tctx); - if (ret != EOK) { - PyErr_SetSssError(ret); - goto fail; - } - - if (tctx->octx->remove_homedir) { - ret = sysdb_getpwnam_sync(tctx, - tctx->octx->name, - tctx->octx); - if (ret != EOK) { - PyErr_SetSssError(ret); - goto fail; - } - } - - /* Delete the user */ - ret = userdel(tctx, self->sysdb, tctx->octx); - if (ret != EOK) { - PyErr_SetSssError(ret); - goto fail; - } - - if (tctx->octx->remove_homedir) { - ret = remove_homedir(tctx, - tctx->octx->home, - tctx->octx->maildir, - tctx->octx->name, - tctx->octx->uid, - (py_force == Py_True)); - if (ret != EOK) { - PyErr_SetSssError(ret); - goto fail; - } - } - - talloc_zfree(tctx); - Py_RETURN_NONE; - -fail: - talloc_zfree(tctx); - return NULL; -} - -/* - * Modify a user - */ -PyDoc_STRVAR(py_sss_usermod__doc__, - "Modify a user.\n\n" - ":param username: Name of user being modified\n\n" - ":param kwargs: Keyword arguments that customize the operation\n\n" - "* usermod can be customized further with keyword arguments:\n" - " * ``uid``: The UID of the user\n" - " * ``gid``: The GID of the user\n" - " * ``gecos``: The comment string\n" - " * ``homedir``: Home directory\n" - " * ``shell``: Login shell\n" - " * ``addgroups``: List of groups to add the user to\n" - " * ``rmgroups``: List of groups to remove the user from\n" - " * ``lock``: Lock or unlock the account\n"); - -static PyObject *py_sss_usermod(PySssLocalObject *self, - PyObject *args, - PyObject *kwds) -{ - struct tools_ctx *tctx = NULL; - PyObject *py_addgroups = Py_None; - PyObject *py_rmgroups = Py_None; - unsigned long uid = 0; - unsigned long gid = 0; - char *gecos = NULL; - char *home = NULL; - char *shell = NULL; - char *username = NULL; - unsigned long lock = 0; - const char * const kwlist[] = { "username", "uid", "gid", "lock", - "gecos", "homedir", "shell", - "addgroups", "rmgroups", NULL }; - bool in_transaction = false; - - /* parse arguments */ - if (!PyArg_ParseTupleAndKeywords(args, kwds, - discard_const_p(char, "s|kkksssO!O!"), - discard_const_p(char *, kwlist), - &username, - &uid, - &gid, - &lock, - &gecos, - &home, - &shell, - &PyList_Type, - &py_addgroups, - &PyList_Type, - &py_rmgroups)) { - goto fail; - } - - tctx = init_ctx(self); - if (!tctx) { - PyErr_NoMemory(); - return NULL; - } - - if (lock && lock != DO_LOCK && lock != DO_UNLOCK) { - PyErr_SetString(PyExc_ValueError, - "Unknown value for lock parameter"); - goto fail; - } - - if (py_addgroups != Py_None) { - tctx->octx->addgroups = PyList_AsStringList(tctx, - py_addgroups, - "addgroups"); - if (!tctx->octx->addgroups) { - return NULL; - } - } - - if (py_rmgroups != Py_None) { - tctx->octx->rmgroups = PyList_AsStringList(tctx, - py_rmgroups, - "rmgroups"); - if (!tctx->octx->rmgroups) { - return NULL; - } - } - - tctx->octx->name = username; - tctx->octx->uid = uid; - tctx->octx->gid = gid; - tctx->octx->gecos = gecos; - tctx->octx->home = home; - tctx->octx->shell = shell; - tctx->octx->lock = lock; - - /* Modify the user within a transaction */ - tctx->error = sysdb_transaction_start(tctx->sysdb); - if (tctx->error != EOK) { - PyErr_SetSssError(tctx->error); - goto fail; - } - in_transaction = true; - - /* usermod */ - tctx->error = usermod(tctx, tctx->octx); - if (tctx->error) { - PyErr_SetSssError(tctx->error); - goto fail; - } - - tctx->error = sysdb_transaction_commit(tctx->sysdb); - if (tctx->error) { - PyErr_SetSssError(tctx->error); - goto fail; - } - in_transaction = false; - - talloc_zfree(tctx); - Py_RETURN_NONE; - -fail: - if (in_transaction) { - /* We do not handle return value of sysdb_transaction_cancel() - * because we don't want to overwrite previous error code. - */ - sysdb_transaction_cancel(tctx->sysdb); - } - talloc_zfree(tctx); - return NULL; -} - -/* - * Add a group - */ -PyDoc_STRVAR(py_sss_groupadd__doc__, - "Add a group.\n\n" - ":param groupname: Name of group being added\n\n" - ":param kwargs: Keyword arguments ro customize the operation\n\n" - "* groupmod can be customized further with keyword arguments:\n" - " * ``gid``: The GID of the group\n"); - -static PyObject *py_sss_groupadd(PySssLocalObject *self, - PyObject *args, - PyObject *kwds) -{ - struct tools_ctx *tctx = NULL; - char *groupname; - unsigned long gid = 0; - const char * const kwlist[] = { "groupname", "gid", NULL }; - bool in_transaction = false; - - /* parse arguments */ - if (!PyArg_ParseTupleAndKeywords(args, kwds, - discard_const_p(char, "s|k"), - discard_const_p(char *, kwlist), - &groupname, - &gid)) { - goto fail; - } - - tctx = init_ctx(self); - if (!tctx) { - PyErr_NoMemory(); - return NULL; - } - - tctx->octx->name = groupname; - tctx->octx->gid = gid; - - /* Add the group within a transaction */ - tctx->error = sysdb_transaction_start(tctx->sysdb); - if (tctx->error != EOK) { - PyErr_SetSssError(tctx->error); - goto fail; - } - in_transaction = true; - - /* groupadd */ - tctx->error = groupadd(tctx->octx); - if (tctx->error) { - PyErr_SetSssError(tctx->error); - goto fail; - } - - tctx->error = sysdb_transaction_commit(tctx->sysdb); - if (tctx->error) { - PyErr_SetSssError(tctx->error); - goto fail; - } - in_transaction = false; - - talloc_zfree(tctx); - Py_RETURN_NONE; - -fail: - if (in_transaction) { - /* We do not handle return value of sysdb_transaction_cancel() - * because we don't want to overwrite previous error code. - */ - sysdb_transaction_cancel(tctx->sysdb); - } - talloc_zfree(tctx); - return NULL; -} - -/* - * Delete a group - */ -PyDoc_STRVAR(py_sss_groupdel__doc__, - "Remove a group.\n\n" - ":param groupname: Name of group being removed\n"); - -static PyObject *py_sss_groupdel(PySssLocalObject *self, - PyObject *args, - PyObject *kwds) -{ - struct tools_ctx *tctx = NULL; - char *groupname = NULL; - int ret; - - if(!PyArg_ParseTuple(args, discard_const_p(char, "s"), &groupname)) { - goto fail; - } - - tctx = init_ctx(self); - if (!tctx) { - PyErr_NoMemory(); - return NULL; - } - - tctx->octx->name = groupname; - - /* Remove the group */ - ret = groupdel(tctx, self->sysdb, tctx->octx); - if (ret != EOK) { - PyErr_SetSssError(ret); - goto fail; - } - - talloc_zfree(tctx); - Py_RETURN_NONE; - -fail: - talloc_zfree(tctx); - return NULL; -} - -/* - * Modify a group - */ -PyDoc_STRVAR(py_sss_groupmod__doc__, -"Modify a group.\n\n" -":param groupname: Name of group being modified\n\n" -":param kwargs: Keyword arguments ro customize the operation\n\n" -"* groupmod can be customized further with keyword arguments:\n" -" * ``gid``: The GID of the group\n\n" -" * ``addgroups``: Groups to add the group to\n\n" -" * ``rmgroups``: Groups to remove the group from\n\n"); - -static PyObject *py_sss_groupmod(PySssLocalObject *self, - PyObject *args, - PyObject *kwds) -{ - struct tools_ctx *tctx = NULL; - PyObject *py_addgroups = Py_None; - PyObject *py_rmgroups = Py_None; - unsigned long gid = 0; - char *groupname = NULL; - const char * const kwlist[] = { "groupname", "gid", "addgroups", - "rmgroups", NULL }; - bool in_transaction = false; - - /* parse arguments */ - if (!PyArg_ParseTupleAndKeywords(args, kwds, - discard_const_p(char, "s|kO!O!"), - discard_const_p(char *, kwlist), - &groupname, - &gid, - &PyList_Type, - &py_addgroups, - &PyList_Type, - &py_rmgroups)) { - goto fail; - } - - tctx = init_ctx(self); - if (!tctx) { - PyErr_NoMemory(); - return NULL; - } - - if (py_addgroups != Py_None) { - tctx->octx->addgroups = PyList_AsStringList(tctx, - py_addgroups, - "addgroups"); - if (!tctx->octx->addgroups) { - return NULL; - } - } - - if (py_rmgroups != Py_None) { - tctx->octx->rmgroups = PyList_AsStringList(tctx, - py_rmgroups, - "rmgroups"); - if (!tctx->octx->rmgroups) { - return NULL; - } - } - - tctx->octx->name = groupname; - tctx->octx->gid = gid; - - /* Modify the group within a transaction */ - tctx->error = sysdb_transaction_start(tctx->sysdb); - if (tctx->error != EOK) { - PyErr_SetSssError(tctx->error); - goto fail; - } - in_transaction = true; - - /* groupmod */ - tctx->error = groupmod(tctx, tctx->octx); - if (tctx->error) { - PyErr_SetSssError(tctx->error); - goto fail; - } - - tctx->error = sysdb_transaction_commit(tctx->sysdb); - if (tctx->error) { - PyErr_SetSssError(tctx->error); - goto fail; - } - in_transaction = false; - - talloc_zfree(tctx); - Py_RETURN_NONE; - -fail: - if (in_transaction) { - /* We do not handle return value of sysdb_transaction_cancel() - * because we don't want to overwrite previous error code. - */ - sysdb_transaction_cancel(tctx->sysdb); - } - talloc_zfree(tctx); - return NULL; -} - -/* - * Get list of groups user belongs to - */ -PyDoc_STRVAR(py_sss_getgrouplist__doc__, - "Get list of groups user belongs to.\n\n" - "NOTE: The interface uses the system NSS calls and is not limited to " - "users served by the SSSD!\n" - ":param username: name of user to get list for\n"); - -static PyObject *py_sss_getgrouplist(PyObject *self, PyObject *args) -{ - char *username = NULL; - gid_t *groups = NULL; - struct passwd *pw; - struct group *gr; - int ngroups; - int ret; - Py_ssize_t i, idx; - PyObject *groups_tuple; - - if(!PyArg_ParseTuple(args, discard_const_p(char, "s"), &username)) { - goto fail; - } - - pw = getpwnam(username); - if (pw == NULL) { - goto fail; - } - - ngroups = 32; - groups = malloc(sizeof(gid_t) * ngroups); - if (groups == NULL) { - goto fail; - } - - do { - ret = getgrouplist(username, pw->pw_gid, groups, &ngroups); - if (ret < ngroups) { - gid_t *tmp_groups = realloc(groups, ngroups * sizeof(gid_t)); - if (tmp_groups == NULL) { - goto fail; - } - groups = tmp_groups; - } - } while (ret != ngroups); - - groups_tuple = PyTuple_New((Py_ssize_t) ngroups); - if (groups_tuple == NULL) { - goto fail; - } - - /* Populate a tuple with names of groups - * In unlikely case of group not being able to resolve, skip it - * We also need to resize resulting tuple to avoid empty elements there */ - idx = 0; - for (i = 0; i < ngroups; i++) { - gr = getgrgid(groups[i]); - if (gr) { - PyTuple_SetItem(groups_tuple, idx, -#ifdef IS_PY3K - PyUnicode_FromString(gr->gr_name) -#else - PyString_FromString(gr->gr_name) -#endif - ); - idx++; - } - } - free(groups); - groups = NULL; - - if (i != idx) { - _PyTuple_Resize(&groups_tuple, idx); - } - - return groups_tuple; - -fail: - free(groups); - return NULL; -} - -/*** python plumbing begins here ***/ - -/* - * The sss.local destructor - */ -static void PySssLocalObject_dealloc(PySssLocalObject *self) -{ - talloc_free(self->mem_ctx); - Py_TYPE(self)->tp_free((PyObject *)self); -} - -/* - * The sss.local constructor - */ -static PyObject *PySssLocalObject_new(PyTypeObject *type, - PyObject *args, - PyObject *kwds) -{ - TALLOC_CTX *mem_ctx; - PySssLocalObject *self; - char *confdb_path; - int ret; - - mem_ctx = talloc_new(NULL); - if (mem_ctx == NULL) { - PyErr_NoMemory(); - return NULL; - } - - self = (PySssLocalObject *) type->tp_alloc(type, 0); - if (self == NULL) { - talloc_free(mem_ctx); - PyErr_NoMemory(); - return NULL; - } - self->mem_ctx = mem_ctx; - - confdb_path = talloc_asprintf(self->mem_ctx, "%s/%s", DB_PATH, CONFDB_FILE); - if (confdb_path == NULL) { - PyErr_NoMemory(); - goto fail; - } - - /* Connect to the conf db */ - ret = confdb_init(self->mem_ctx, &self->confdb, confdb_path); - if (ret != EOK) { - PyErr_SetSssErrorWithMessage(ret, - "Could not initialize connection to the confdb\n"); - goto fail; - } - - ret = sssd_domain_init(self->mem_ctx, self->confdb, "local", - DB_PATH, &self->local); - if (ret != EOK) { - PyErr_SetSssErrorWithMessage(ret, - "Could not initialize connection to the sysdb\n"); - goto fail; - } - self->sysdb = self->local->sysdb; - - self->lock = DO_LOCK; - self->unlock = DO_UNLOCK; - - return (PyObject *) self; - -fail: - Py_DECREF(self); - return NULL; -} - -/* - * sss.local object methods - */ -static PyMethodDef sss_local_methods[] = { - { sss_py_const_p(char, "useradd"), (PyCFunction)(void *) py_sss_useradd, - METH_KEYWORDS, py_sss_useradd__doc__ - }, - { sss_py_const_p(char, "userdel"), (PyCFunction)(void *) py_sss_userdel, - METH_KEYWORDS, py_sss_userdel__doc__ - }, - { sss_py_const_p(char, "usermod"), (PyCFunction)(void *) py_sss_usermod, - METH_KEYWORDS, py_sss_usermod__doc__ - }, - { sss_py_const_p(char, "groupadd"), (PyCFunction)(void *) py_sss_groupadd, - METH_KEYWORDS, py_sss_groupadd__doc__ - }, - { sss_py_const_p(char, "groupdel"), (PyCFunction)(void *) py_sss_groupdel, - METH_KEYWORDS, py_sss_groupdel__doc__ - }, - { sss_py_const_p(char, "groupmod"), (PyCFunction)(void *) py_sss_groupmod, - METH_KEYWORDS, py_sss_groupmod__doc__ - }, - {NULL, NULL, 0, NULL} /* Sentinel */ -}; - -static PyMemberDef sss_local_members[] = { - { discard_const_p(char, "lock"), T_INT, - offsetof(PySssLocalObject, lock), READONLY, NULL}, - { discard_const_p(char, "unlock"), T_INT, - offsetof(PySssLocalObject, unlock), READONLY, NULL}, - {NULL, 0, 0, 0, NULL} /* Sentinel */ -}; - -/* - * sss.local object properties - */ -static PyTypeObject pysss_local_type = { - PyVarObject_HEAD_INIT(NULL, 0) - .tp_name = sss_py_const_p(char, "sss.local"), - .tp_basicsize = sizeof(PySssLocalObject), - .tp_new = PySssLocalObject_new, - .tp_dealloc = (destructor) PySssLocalObject_dealloc, - .tp_methods = sss_local_methods, - .tp_members = sss_local_members, - .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, - .tp_doc = sss_py_const_p(char, "SSS DB manipulation"), -}; -#endif - /* ==================== obfuscation python wrappers ========================*/ /* @@ -1122,9 +221,6 @@ static PyTypeObject pysss_password_type = { * Module methods */ static PyMethodDef module_methods[] = { -#ifdef BUILD_LOCAL_PROVIDER - {"getgrouplist", py_sss_getgrouplist, METH_VARARGS, py_sss_getgrouplist__doc__}, -#endif {NULL, NULL, 0, NULL} /* Sentinel */ }; @@ -1153,10 +249,6 @@ initpysss(void) { PyObject *m; -#ifdef BUILD_LOCAL_PROVIDER - if (PyType_Ready(&pysss_local_type) < 0) - MODINITERROR; -#endif if (PyType_Ready(&pysss_password_type) < 0) MODINITERROR; @@ -1168,10 +260,6 @@ initpysss(void) if (m == NULL) MODINITERROR; -#ifdef BUILD_LOCAL_PROVIDER - Py_INCREF(&pysss_local_type); - PyModule_AddObject(m, discard_const_p(char, "local"), (PyObject *)&pysss_local_type); -#endif Py_INCREF(&pysss_password_type); PyModule_AddObject(m, discard_const_p(char, "password"), (PyObject *)&pysss_password_type);
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-devel@lists.fedorahosted.org/message/KI7TRBGQBOTRNADXYEKQ55MFPF7HTNAV/
