diff options
| author | Michal Zidek <mzidek@redhat.com> | 2015-02-10 17:30:00 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-01-13 11:28:45 +0100 |
| commit | 23674dfef4225b90d45c27b88fe72dc37b22e32d (patch) | |
| tree | f3f2814e564511fef79db03b909cc86d10208999 | |
| parent | 867c5d7d51327464a21f48fd6dc2a6f4f107bd36 (diff) | |
| download | sssd-23674dfef4225b90d45c27b88fe72dc37b22e32d.tar.gz sssd-23674dfef4225b90d45c27b88fe72dc37b22e32d.tar.xz sssd-23674dfef4225b90d45c27b88fe72dc37b22e32d.zip | |
sysdb: Unify name format for groups and users
This is WIP patch to unify format of
usernames and groupnames in sssd internals.
In current form it breaks just about everything.
The sysdb update function is just placeholder
and it's contents are irelevant.
Currently I am working on fqname attribute
removal because it seems to just add confusion.
If you decide to look into the code, please use
sunglasses or other other protective gear and play
some calm music in your backgroun to prevent
eye or brain injury.
35 files changed, 1162 insertions, 480 deletions
diff --git a/src/db/sysdb.c b/src/db/sysdb.c index a71364d7c..d9aa2ad5b 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -852,15 +852,17 @@ static char *build_dom_dn_str_escape(TALLOC_CTX *mem_ctx, const char *template, } char *sysdb_user_strdn(TALLOC_CTX *mem_ctx, - const char *domain, const char *name) + const char *domain, const char *internal_fqname) { - return build_dom_dn_str_escape(mem_ctx, SYSDB_TMPL_USER, domain, name); + return build_dom_dn_str_escape(mem_ctx, SYSDB_TMPL_USER, domain, + internal_fqname); } char *sysdb_group_strdn(TALLOC_CTX *mem_ctx, - const char *domain, const char *name) + const char *domain, const char *internal_fqname) { - return build_dom_dn_str_escape(mem_ctx, SYSDB_TMPL_GROUP, domain, name); + return build_dom_dn_str_escape(mem_ctx, SYSDB_TMPL_GROUP, domain, + internal_fqname); } /* TODO: make a more complete and precise mapping */ diff --git a/src/db/sysdb.h b/src/db/sysdb.h index ad1bf75b7..423fb0f81 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -58,6 +58,8 @@ #define SYSDB_DOMAIN_ID_RANGE_CLASS "domainIDRange" #define SYSDB_TRUSTED_AD_DOMAIN_RANGE_CLASS "TrustedADDomainRange" +#define SYSDB_DOMNAME "domain" +#define SYSDB_FQNAME "fqname" #define SYSDB_NAME "name" #define SYSDB_NAME_ALIAS "nameAlias" #define SYSDB_OBJECTCLASS "objectClass" diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index ab0d59ca6..106ae5e2e 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -333,6 +333,8 @@ static int sysdb_search_by_name(TALLOC_CTX *mem_ctx, size_t msgs_count = 0; char *sanitized_name; char *lc_sanitized_name; + char *fqname; + char *lc_fqname; char *filter; int ret; @@ -369,8 +371,17 @@ static int sysdb_search_by_name(TALLOC_CTX *mem_ctx, goto done; } - filter = talloc_asprintf(tmp_ctx, filter_tmpl, lc_sanitized_name, - sanitized_name, sanitized_name); + fqname = sss_create_internal_fqname(tmp_ctx, sanitized_name, + domain->name); + lc_fqname = sss_create_internal_fqname(tmp_ctx, lc_sanitized_name, + domain->name); + if (fqname == NULL || lc_fqname == NULL) { + ret = ENOMEM; + goto done; + } + + filter = talloc_asprintf(tmp_ctx, filter_tmpl, lc_fqname, + fqname, fqname); if (!filter) { ret = ENOMEM; goto done; @@ -1023,7 +1034,7 @@ done: /* =Add-Basic-User-NO-CHECKS============================================== */ int sysdb_add_basic_user(struct sss_domain_info *domain, - const char *name, + const char *internal_fqname, uid_t uid, gid_t gid, const char *gecos, const char *homedir, @@ -1045,7 +1056,7 @@ int sysdb_add_basic_user(struct sss_domain_info *domain, } /* user dn */ - msg->dn = sysdb_user_dn(msg, domain, name); + msg->dn = sysdb_user_dn(msg, domain, internal_fqname); if (!msg->dn) { ERROR_OUT(ret, ENOMEM, done); } @@ -1053,7 +1064,13 @@ int sysdb_add_basic_user(struct sss_domain_info *domain, ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_USER_CLASS); if (ret) goto done; - ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name); + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, internal_fqname); + if (ret) goto done; + + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_FQNAME, internal_fqname); + if (ret) goto done; + + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_DOMNAME, domain->name); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_UIDNUM, (unsigned long)uid); @@ -1291,7 +1308,7 @@ done: /* =Add-User-Function===================================================== */ int sysdb_add_user(struct sss_domain_info *domain, - const char *name, + const char *internal_fqname, uid_t uid, gid_t gid, const char *gecos, const char *homedir, @@ -1350,7 +1367,8 @@ int sysdb_add_user(struct sss_domain_info *domain, * Don't worry about users, if we try to add a user with the same * name the operation will fail */ - ret = sysdb_search_group_by_name(tmp_ctx, domain, name, NULL, &msg); + ret = sysdb_search_group_by_name(tmp_ctx, domain, + internal_fqname, NULL, &msg); if (ret != ENOENT) { if (ret == EOK) ret = EEXIST; goto done; @@ -1367,7 +1385,8 @@ int sysdb_add_user(struct sss_domain_info *domain, } /* try to add the user */ - ret = sysdb_add_basic_user(domain, name, uid, gid, gecos, homedir, shell); + ret = sysdb_add_basic_user(domain, internal_fqname, uid, gid, gecos, + homedir, shell); if (ret) goto done; if (uid == 0) { @@ -1387,7 +1406,8 @@ int sysdb_add_user(struct sss_domain_info *domain, if (ret) goto done; } - ret = sysdb_set_user_attr(domain, name, id_attrs, SYSDB_MOD_REP); + ret = sysdb_set_user_attr(domain, internal_fqname, id_attrs, + SYSDB_MOD_REP); /* continue on success, to commit additional attrs */ if (ret) goto done; } @@ -1412,7 +1432,7 @@ int sysdb_add_user(struct sss_domain_info *domain, (now + cache_timeout) : 0)); if (ret) goto done; - ret = sysdb_set_user_attr(domain, name, attrs, SYSDB_MOD_REP); + ret = sysdb_set_user_attr(domain, internal_fqname, attrs, SYSDB_MOD_REP); if (ret) goto done; if (domain->enumerate == false) { @@ -1421,7 +1441,7 @@ int sysdb_add_user(struct sss_domain_info *domain, * with the newly-created user entry */ ret = sysdb_remove_ghostattr_from_groups(domain, orig_dn, attrs, - name); + internal_fqname); if (ret) goto done; } @@ -1442,7 +1462,7 @@ done: /* =Add-Basic-Group-NO-CHECKS============================================= */ int sysdb_add_basic_group(struct sss_domain_info *domain, - const char *name, gid_t gid) + const char *internal_fqname, gid_t gid) { struct ldb_message *msg; int ret; @@ -1460,7 +1480,7 @@ int sysdb_add_basic_group(struct sss_domain_info *domain, } /* group dn */ - msg->dn = sysdb_group_dn(msg, domain, name); + msg->dn = sysdb_group_dn(msg, domain, internal_fqname); if (!msg->dn) { ERROR_OUT(ret, ENOMEM, done); } @@ -1468,7 +1488,13 @@ int sysdb_add_basic_group(struct sss_domain_info *domain, ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS); if (ret) goto done; - ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name); + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, internal_fqname); + if (ret) goto done; + + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_FQNAME, internal_fqname); + if (ret) goto done; + + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_DOMNAME, domain->name); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_GIDNUM, (unsigned long)gid); @@ -2057,7 +2083,7 @@ fail: /* this function does not check that all user members are actually present */ int sysdb_store_group(struct sss_domain_info *domain, - const char *name, + const char *name, /*internal fqname */ gid_t gid, struct sysdb_attrs *attrs, uint64_t cache_timeout, @@ -2075,7 +2101,8 @@ int sysdb_store_group(struct sss_domain_info *domain, return ENOMEM; } - ret = sysdb_search_group_by_name(tmp_ctx, domain, name, src_attrs, &msg); + ret = sysdb_search_group_by_name(tmp_ctx, domain, name, + src_attrs, &msg); if (ret && ret != ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_search_group_by_name failed for %s with: [%d][%s].\n", @@ -2180,24 +2207,44 @@ done: /* =Add-User-to-Group(Native/Legacy)====================================== */ static int sysdb_group_membership_mod(struct sss_domain_info *domain, - const char *group, - const char *member, + const char *group_name, /* internal fq name*/ + const char *member_name, /* internal fq name */ enum sysdb_member_type type, int modify_op, bool is_dn) { struct ldb_dn *group_dn; struct ldb_dn *member_dn; + char *member_shortname; + char *member_domname; + struct sss_domain_info *member_dom; int ret; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } + ret = sss_parse_internal_fqname(tmp_ctx, member_name, + &member_shortname, &member_domname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to parser internal fqname '%s' [%d]: %s\n", + member_name, ret, sss_strerror(ret)); + goto done; + } + + member_dom = find_domain_by_name(domain, member_domname, false); + if (member_dom == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Domain [%s] was not found\n", member_domname); + ret = EINVAL; + goto done; + } + if (type == SYSDB_MEMBER_USER) { - member_dn = sysdb_user_dn(tmp_ctx, domain, member); + member_dn = sysdb_user_dn(tmp_ctx, member_dom, member_name); } else if (type == SYSDB_MEMBER_GROUP) { - member_dn = sysdb_group_dn(tmp_ctx, domain, member); + member_dn = sysdb_group_dn(tmp_ctx, member_dom, member_name); } else { ret = EINVAL; goto done; @@ -2209,9 +2256,9 @@ sysdb_group_membership_mod(struct sss_domain_info *domain, } if (!is_dn) { - group_dn = sysdb_group_dn(tmp_ctx, domain, group); + group_dn = sysdb_group_dn(tmp_ctx, domain, group_name); } else { - group_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, group); + group_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, group_name); } if (!group_dn) { @@ -2227,12 +2274,13 @@ done: } int sysdb_add_group_member(struct sss_domain_info *domain, - const char *group, - const char *member, + const char *group_name, /* internal fqname */ + const char *member_name, /* intrenal fq name */ enum sysdb_member_type type, bool is_dn) { - return sysdb_group_membership_mod(domain, group, member, type, + return sysdb_group_membership_mod(domain, group_name, + member_name, type, SYSDB_MOD_ADD, is_dn); } @@ -2240,12 +2288,13 @@ int sysdb_add_group_member(struct sss_domain_info *domain, int sysdb_remove_group_member(struct sss_domain_info *domain, - const char *group, - const char *member, + const char *group_name, /* internal fqname */ + const char *member_name, /* internal fqname */ enum sysdb_member_type type, bool is_dn) { - return sysdb_group_membership_mod(domain, group, member, type, + return sysdb_group_membership_mod(domain, group_name, + member_name, type, SYSDB_MOD_DEL, is_dn); } @@ -2253,7 +2302,7 @@ int sysdb_remove_group_member(struct sss_domain_info *domain, /* =Password-Caching====================================================== */ int sysdb_cache_password_ex(struct sss_domain_info *domain, - const char *username, + const char *username, /* intrenal fqname */ const char *password, enum sss_authtok_type authtok_type, size_t second_factor_len) @@ -2323,7 +2372,7 @@ fail: } int sysdb_cache_password(struct sss_domain_info *domain, - const char *username, + const char *username, /* internal fqname */ const char *password) { return sysdb_cache_password_ex(domain, username, password, @@ -2899,7 +2948,7 @@ fail: /* =Delete-Group-by-Name-OR-gid=========================================== */ int sysdb_delete_group(struct sss_domain_info *domain, - const char *name, gid_t gid) + const char *internal_fqname, gid_t gid) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; @@ -2910,8 +2959,9 @@ int sysdb_delete_group(struct sss_domain_info *domain, return ENOMEM; } - if (name) { - ret = sysdb_search_group_by_name(tmp_ctx, domain, name, NULL, &msg); + if (internal_fqname) { + ret = sysdb_search_group_by_name(tmp_ctx, domain, internal_fqname, + NULL, &msg); } else { ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg); } @@ -2919,7 +2969,7 @@ int sysdb_delete_group(struct sss_domain_info *domain, goto fail; } - if (name && gid) { + if (internal_fqname && gid) { /* verify name/gid match */ const char *c_name; uint64_t c_gid; @@ -2932,7 +2982,7 @@ int sysdb_delete_group(struct sss_domain_info *domain, ret = EFAULT; goto fail; } - if (strcmp(name, c_name) || gid != c_gid) { + if (strcmp(internal_fqname, c_name) || gid != c_gid) { /* this is not the entry we are looking for */ ret = EINVAL; goto fail; @@ -3460,7 +3510,7 @@ done: } static errno_t sysdb_update_members_ex(struct sss_domain_info *domain, - const char *member, + const char *member_internal_fqname, enum sysdb_member_type type, const char *const *add_groups, const char *const *del_groups, @@ -3488,11 +3538,13 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain, /* Add the user to all add_groups */ for (i = 0; add_groups[i]; i++) { ret = sysdb_add_group_member(domain, add_groups[i], - member, type, is_dn); + member_internal_fqname, + type, is_dn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not add member [%s] to group [%s]. " - "Skipping.\n", member, add_groups[i]); + "Skipping.\n", member_internal_fqname, + add_groups[i]); /* Continue on, we should try to finish the rest */ } } @@ -3502,11 +3554,13 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain, /* Remove the user from all del_groups */ for (i = 0; del_groups[i]; i++) { ret = sysdb_remove_group_member(domain, del_groups[i], - member, type, is_dn); + member_internal_fqname, + type, is_dn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not remove member [%s] from group [%s]. " - "Skipping\n", member, del_groups[i]); + "Skipping\n", member_internal_fqname, + del_groups[i]); /* Continue on, we should try to finish the rest */ } } @@ -3532,23 +3586,24 @@ done: } errno_t sysdb_update_members(struct sss_domain_info *domain, - const char *member, + const char *member_internal_fqname, enum sysdb_member_type type, const char *const *add_groups, const char *const *del_groups) { - return sysdb_update_members_ex(domain, member, type, + return sysdb_update_members_ex(domain, member_internal_fqname, type, add_groups, del_groups, false); } errno_t sysdb_update_members_dn(struct sss_domain_info *member_domain, - const char *member, + const char *member_internal_fqname, enum sysdb_member_type type, - const char *const *add_groups, - const char *const *del_groups) + const char *const *add_groups_dns, + const char *const *del_groups_dns) { - return sysdb_update_members_ex(member_domain, member, type, - add_groups, del_groups, true); + return sysdb_update_members_ex(member_domain, member_internal_fqname, + type, add_groups_dns, + del_groups_dns, true); } errno_t sysdb_remove_attrs(struct sss_domain_info *domain, @@ -3766,7 +3821,7 @@ errno_t sysdb_search_user_by_cert(TALLOC_CTX *mem_ctx, errno_t sysdb_get_sids_of_members(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - const char *group_name, + const char *group_fqname, const char ***_sids, const char ***_dns, size_t *_n) @@ -3785,7 +3840,7 @@ errno_t sysdb_get_sids_of_members(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = sysdb_search_group_by_name(tmp_ctx, dom, group_name, NULL, &msg); + ret = sysdb_search_group_by_name(tmp_ctx, dom, group_fqname, NULL, &msg); if (ret != EOK) { goto done; } diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 1e4031191..f81b4d0ad 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -38,7 +38,8 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, struct ldb_result *res; char *sanitized_name; char *lc_sanitized_name; - const char *src_name; + char *fqname; + char *lc_fqname; int ret; tmp_ctx = talloc_new(NULL); @@ -52,24 +53,24 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, goto done; } - /* If this is a subdomain we need to use fully qualified names for the - * search as well by default */ - src_name = sss_get_domain_name(tmp_ctx, name, domain); - if (!src_name) { - ret = ENOMEM; + ret = sss_filter_sanitize_for_dom(tmp_ctx, name, domain, + &sanitized_name, &lc_sanitized_name); + if (ret != EOK) { goto done; } - ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain, - &sanitized_name, &lc_sanitized_name); - if (ret != EOK) { + fqname = sss_create_internal_fqname(tmp_ctx, sanitized_name, + domain->name); + lc_fqname = sss_create_internal_fqname(tmp_ctx, lc_sanitized_name, + domain->name); + if (fqname == NULL || lc_fqname == NULL) { + ret = ENOMEM; goto done; } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, SYSDB_PWNAM_FILTER, - lc_sanitized_name, - sanitized_name, sanitized_name); + lc_fqname, fqname, fqname); if (ret) { ret = sysdb_error_to_errno(ret); goto done; @@ -569,8 +570,9 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, char *sanitized_name; struct ldb_dn *base_dn; struct ldb_result *res; - const char *src_name; char *lc_sanitized_name; + char *fqname; + char *lc_fqname; int ret; tmp_ctx = talloc_new(NULL); @@ -591,23 +593,24 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, goto done; } - /* If this is a subomain we need to use fully qualified names for the - * search as well by default */ - src_name = sss_get_domain_name(tmp_ctx, name, domain); - if (!src_name) { - ret = ENOMEM; + ret = sss_filter_sanitize_for_dom(tmp_ctx, name, domain, + &sanitized_name, &lc_sanitized_name); + if (ret != EOK) { goto done; } - ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain, - &sanitized_name, &lc_sanitized_name); - if (ret != EOK) { + fqname = sss_create_internal_fqname(tmp_ctx, sanitized_name, + domain->name); + lc_fqname = sss_create_internal_fqname(tmp_ctx, lc_sanitized_name, + domain->name); + if (fqname == NULL || lc_fqname == NULL) { + ret = ENOMEM; goto done; } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, fmt_filter, - lc_sanitized_name, sanitized_name, sanitized_name); + lc_fqname, fqname, fqname); if (ret) { ret = sysdb_error_to_errno(ret); goto done; @@ -1173,9 +1176,10 @@ int sysdb_get_user_attr(TALLOC_CTX *mem_ctx, TALLOC_CTX *tmp_ctx; struct ldb_dn *base_dn; struct ldb_result *res; - const char *src_name; char *sanitized_name; char *lc_sanitized_name; + char *fqname; + char *lc_fqname; int ret; tmp_ctx = talloc_new(NULL); @@ -1189,24 +1193,23 @@ int sysdb_get_user_attr(TALLOC_CTX *mem_ctx, goto done; } - /* If this is a subdomain we need to use fully qualified names for the - * search as well by default */ - src_name = sss_get_domain_name(tmp_ctx, name, domain); - if (!src_name) { - ret = ENOMEM; + ret = sss_filter_sanitize_for_dom(tmp_ctx, name, domain, + &sanitized_name, &lc_sanitized_name); + if (ret != EOK) { goto done; } - ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain, - &sanitized_name, &lc_sanitized_name); - if (ret != EOK) { + fqname = sss_create_internal_fqname(tmp_ctx, sanitized_name, domain->name); + lc_fqname = sss_create_internal_fqname(tmp_ctx, lc_sanitized_name, + domain->name); + if (fqname == NULL || lc_fqname == NULL) { + ret = ENOMEM; goto done; } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attributes, - SYSDB_PWNAM_FILTER, lc_sanitized_name, sanitized_name, - sanitized_name); + SYSDB_PWNAM_FILTER, lc_fqname, fqname, fqname); if (ret) { ret = sysdb_error_to_errno(ret); goto done; diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c index 113f24644..32b54fbef 100644 --- a/src/db/sysdb_upgrade.c +++ b/src/db/sysdb_upgrade.c @@ -1634,6 +1634,80 @@ done: return ret; } +/* For all users and groups: + * - Change ldb fqdn to contain shortname only + * - add fqname attribute + * - change all nameAlias to internal fqname format + * + * For groups only: + * - Change all memberUid and ghost attributes to internal fqname format + * - member attributes should contain shortname only in ldb fqdn + * + * General: + * - start indexing fqname attribute + * - start indexing ---------------- + **/ +/* +int sysdb_upgrade_17(struct sysdb_ctx *sysdb, const char **ver) +{ + struct ldb_message_element *el; + struct ldb_result *res; + struct ldb_dn *basedn; + struct ldb_dn *mem_dn; + struct ldb_message *msg; + const struct ldb_val *val; + const char *filter = "(|(objectclass=user)(objectclass=group))"; + const char *attrs[] = { "memberUid", NULL }; + const char *mdn; + char *domain; + int ret, i, j; + TALLOC_CTX *tmp_ctx; + struct upgrade_ctx *ctx; + + struct upgrade_ctx *ctx; + errno_t ret; + + ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_15, &ctx); + if (ret) { + return ret; + } +*/ + /* DO STUFF HERE (use ctx, as the local temporary memory context) */ +/* + basedn = ldb_dn_new(tmp_ctx, ldb, SYSDB_BASE); + if (!basedn) { + ret = EIO; + goto done; + } + + ret = ldb_search(ldb, tmp_ctx, &res, + basedn, LDB_SCOPE_SUBTREE, + attrs, "%s", filter); + if (ret != LDB_SUCCESS) { + ret = EIO; + goto done; + } + + + for (i = 0; i < res->count; i++) { + el = ldb_msg_find_element(res->msgs[i], "memberUid"); + if (!el) { + DEBUG(SSSDBG_CRIT_FAILURE, + "memberUid is missing from message [%s], skipping\n", + ldb_dn_get_linearized(res->msgs[i]->dn)); + continue; + } + } +*/ + /* conversion done, update version number */ +/* ret = update_version(ctx); + +done: + ret = finish_upgrade(ret, &ctx, ver); + return ret; + +*/ + /* * Example template for future upgrades. * Copy and change version numbers as appropriate. diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c index e5580f26b..690b37b17 100644 --- a/src/ldb_modules/memberof.c +++ b/src/ldb_modules/memberof.c @@ -27,7 +27,7 @@ #define DB_GHOST "ghost" #define DB_MEMBEROF "memberof" #define DB_MEMBERUID "memberuid" -#define DB_NAME "name" +#define DB_FQNAME "fqname" #define DB_USER_CLASS "user" #define DB_GROUP_CLASS "group" #define DB_CACHE_EXPIRE "dataExpireTimestamp" @@ -230,7 +230,7 @@ static int mbof_append_muop(TALLOC_CTX *memctx, int *_num_muops, int flags, struct ldb_dn *parent, - const char *name, + const char *element_value, const char *element_name) { struct mbof_memberuid_op *muops = *_muops; @@ -277,7 +277,7 @@ static int mbof_append_muop(TALLOC_CTX *memctx, } for (i = 0; i < op->el->num_values; i++) { - if (strcmp((char *)op->el->values[i].data, name) == 0) { + if (strcmp((char *)op->el->values[i].data, element_value) == 0) { /* we already have this value, get out*/ return LDB_SUCCESS; } @@ -288,11 +288,12 @@ static int mbof_append_muop(TALLOC_CTX *memctx, if (!val) { return LDB_ERR_OPERATIONS_ERROR; } - val[op->el->num_values].data = (uint8_t *)talloc_strdup(val, name); + val[op->el->num_values].data = (uint8_t *)talloc_strdup(val, + element_value); if (!val[op->el->num_values].data) { return LDB_ERR_OPERATIONS_ERROR; } - val[op->el->num_values].length = strlen(name); + val[op->el->num_values].length = strlen(element_value); op->el->values = val; op->el->num_values++; @@ -639,7 +640,8 @@ static int mbof_add_callback(struct ldb_request *req, static int mbof_next_add(struct mbof_add_operation *addop) { - static const char *attrs[] = { DB_OC, DB_NAME, + static const char *attrs[] = { DB_OC, + DB_FQNAME, DB_MEMBER, DB_GHOST, DB_MEMBEROF, NULL }; struct ldb_context *ldb; @@ -779,7 +781,7 @@ static int mbof_add_operation(struct mbof_add_operation *addop) struct mbof_dn_array *parents; int i, j, ret; const char *val; - const char *name; + const char *fqname; add_ctx = addop->add_ctx; ctx = add_ctx->ctx; @@ -886,9 +888,9 @@ static int mbof_add_operation(struct mbof_add_operation *addop) ret = entry_is_user_object(addop->entry); switch (ret) { case LDB_SUCCESS: - /* it's a user object */ - name = ldb_msg_find_attr_as_string(addop->entry, DB_NAME, NULL); - if (!name) { + /* it's a user object. Use fully qualified name for memberUid value */ + fqname = ldb_msg_find_attr_as_string(addop->entry, DB_FQNAME, NULL); + if (!fqname) { return LDB_ERR_OPERATIONS_ERROR; } @@ -896,7 +898,8 @@ static int mbof_add_operation(struct mbof_add_operation *addop) ret = mbof_append_muop(add_ctx, &add_ctx->muops, &add_ctx->num_muops, LDB_FLAG_MOD_ADD, - parents->dns[i], name, + parents->dns[i], + fqname, DB_MEMBERUID); if (ret != LDB_SUCCESS) { return ret; @@ -1314,7 +1317,8 @@ static void free_delop_contents(struct mbof_del_operation *delop); static int memberof_del(struct ldb_module *module, struct ldb_request *req) { - static const char *attrs[] = { DB_OC, DB_NAME, + static const char *attrs[] = { DB_OC, + DB_FQNAME, DB_MEMBER, DB_MEMBEROF, DB_GHOST, NULL }; struct ldb_context *ldb = ldb_module_get_ctx(module); @@ -1467,7 +1471,7 @@ static int mbof_del_search_callback(struct ldb_request *req, } /* now perform the requested delete, before proceeding further */ - ret = mbof_orig_del(del_ctx); + ret = mbof_orig_del(del_ctx); if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); @@ -1767,8 +1771,7 @@ static int mbof_del_execute_op(struct mbof_del_operation *delop) char *expression; const char *dn; char *clean_dn; - static const char *attrs[] = { DB_OC, DB_NAME, - DB_MEMBER, DB_MEMBEROF, NULL }; + static const char *attrs[] = { DB_OC, DB_MEMBER, DB_MEMBEROF, NULL }; int ret; del_ctx = delop->del_ctx; @@ -2107,7 +2110,7 @@ static int mbof_del_mod_entry(struct mbof_del_operation *delop) struct ldb_message *msg; struct ldb_message_element *el; struct ldb_dn **diff = NULL; - const char *name; + const char *fqname; const char *val; int i, j, k; bool is_user; @@ -2226,8 +2229,8 @@ static int mbof_del_mod_entry(struct mbof_del_operation *delop) if (is_user && diff[0]) { /* file memberuid removal operations */ - name = ldb_msg_find_attr_as_string(delop->entry, DB_NAME, NULL); - if (!name) { + fqname = ldb_msg_find_attr_as_string(delop->entry, DB_FQNAME, NULL); + if (!fqname) { return LDB_ERR_OPERATIONS_ERROR; } @@ -2235,7 +2238,7 @@ static int mbof_del_mod_entry(struct mbof_del_operation *delop) ret = mbof_append_muop(del_ctx, &del_ctx->muops, &del_ctx->num_muops, LDB_FLAG_MOD_DELETE, - diff[i], name, + diff[i], fqname, DB_MEMBERUID); if (ret != LDB_SUCCESS) { return ret; @@ -2435,7 +2438,7 @@ static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx, struct ldb_message *entry) { struct ldb_message_element *el; - char *name; + char *fqname; int ret; int i; @@ -2460,9 +2463,9 @@ static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx, return ret; } - name = talloc_strdup(del_ctx, - ldb_msg_find_attr_as_string(entry, DB_NAME, NULL)); - if (!name) { + fqname = talloc_strdup(del_ctx, + ldb_msg_find_attr_as_string(entry, DB_FQNAME, NULL)); + if (!fqname) { return LDB_ERR_OPERATIONS_ERROR; } @@ -2482,7 +2485,7 @@ static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx, ret = mbof_append_muop(del_ctx, &del_ctx->muops, &del_ctx->num_muops, LDB_FLAG_MOD_DELETE, - valdn, name, + valdn, fqname, DB_MEMBERUID); if (ret != LDB_SUCCESS) { return ret; @@ -3847,7 +3850,7 @@ struct mbof_member { struct mbof_member *next; struct ldb_dn *dn; - const char *name; + const char *fqname; bool orig_has_memberof; bool orig_has_memberuid; struct ldb_message_element *orig_members; @@ -3919,7 +3922,7 @@ static int memberof_recompute_task(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb = ldb_module_get_ctx(module); - static const char *attrs[] = { DB_NAME, DB_MEMBEROF, NULL }; + static const char *attrs[] = { DB_FQNAME, DB_MEMBEROF, NULL }; static const char *filter = "(objectclass=user)"; struct mbof_rcmp_context *ctx; struct ldb_request *src_req; @@ -3956,7 +3959,7 @@ static int mbof_rcmp_usr_callback(struct ldb_request *req, struct mbof_member *usr; hash_value_t value; hash_key_t key; - const char *name; + const char *fqname; int ret; ctx = talloc_get_type(req->context, struct mbof_rcmp_context); @@ -3983,9 +3986,9 @@ static int mbof_rcmp_usr_callback(struct ldb_request *req, usr->status = MBOF_USER; usr->dn = talloc_steal(usr, ares->message->dn); - name = ldb_msg_find_attr_as_string(ares->message, DB_NAME, NULL); - if (name) { - usr->name = talloc_steal(usr, name); + fqname = ldb_msg_find_attr_as_string(ares->message, DB_FQNAME, NULL); + if (fqname) { + usr->fqname = talloc_steal(usr, fqname); } if (ldb_msg_find_element(ares->message, DB_MEMBEROF)) { @@ -4026,7 +4029,7 @@ static int mbof_rcmp_search_groups(struct mbof_rcmp_context *ctx) { struct ldb_context *ldb = ldb_module_get_ctx(ctx->module); static const char *attrs[] = { DB_MEMBEROF, DB_MEMBERUID, - DB_NAME, DB_MEMBER, NULL }; + DB_MEMBER, NULL }; static const char *filter = "(objectclass=group)"; struct ldb_request *req; int ret; @@ -4059,7 +4062,7 @@ static int mbof_rcmp_grp_callback(struct ldb_request *req, struct mbof_member *grp; hash_value_t value; hash_key_t key; - const char *name; + const char *fqname; int i, j; int ret; @@ -4088,10 +4091,11 @@ static int mbof_rcmp_grp_callback(struct ldb_request *req, grp->status = MBOF_GROUP_TO_DO; grp->dn = talloc_steal(grp, ares->message->dn); - grp->name = ldb_msg_find_attr_as_string(ares->message, DB_NAME, NULL); - name = ldb_msg_find_attr_as_string(ares->message, DB_NAME, NULL); - if (name) { - grp->name = talloc_steal(grp, name); + grp->fqname = ldb_msg_find_attr_as_string(ares->message, + DB_FQNAME, NULL); + fqname = ldb_msg_find_attr_as_string(ares->message, DB_FQNAME, NULL); + if (fqname) { + grp->fqname = talloc_steal(grp, fqname); } if (ldb_msg_find_element(ares->message, DB_MEMBEROF)) { @@ -4276,7 +4280,7 @@ static int mbof_member_update(struct mbof_rcmp_context *ctx, if (mem->status == MBOF_USER) { /* add corresponding memuid to the group */ - ret = mbof_add_memuid(parent, mem->name); + ret = mbof_add_memuid(parent, mem->fqname); if (ret != LDB_SUCCESS) { return ret; } @@ -4343,7 +4347,7 @@ static bool mbof_member_iter(hash_entry_t *item, void *user_data) if (mem->status == MBOF_USER) { /* add corresponding memuid to the group */ parent = (struct mbof_member *)item->value.ptr; - ret = mbof_add_memuid(parent, mem->name); + ret = mbof_add_memuid(parent, mem->fqname); if (ret != LDB_SUCCESS) { mem->status = MBOF_ITER_ERROR; return false; diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index b1bfa3ffe..cfbead882 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -332,6 +332,14 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) int dp_err = DP_ERR_FATAL; int ret; int auth_timeout; + char *name; + TALLOC_CTX *tmpctx; + + tmpctx = talloc_new(NULL); + if (tmpctx == NULL) { + ret = ENOMEM; + goto done; + } ret = sdap_cli_connect_recv(req, state, NULL, &state->sh, NULL); talloc_zfree(req); @@ -355,7 +363,13 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) attrs[0] = SYSDB_ORIG_DN; attrs[1] = NULL; - ret = sysdb_search_user_by_name(state, be_ctx->domain, state->pd->user, + name = sss_ioname2internal(tmpctx, be_ctx->domain, state->pd->user); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_search_user_by_name(state, be_ctx->domain, name, attrs, &user_msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_name failed.\n"); diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 72a620ef0..9285a79dc 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -402,7 +402,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *username, + const char *pd_username, struct hbac_request_element **user_element); static errno_t @@ -506,7 +506,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *username, + const char *pd_username, struct hbac_request_element **user_element) { errno_t ret; @@ -528,7 +528,11 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, goto done; } - users->name = username; + users->name = sss_ioname2internal(tmp_ctx, domain, pd_username); + if (users->name == NULL) { + ret = ENOMEM; + goto done; + } /* Read the originalMemberOf attribute * This will give us the list of both POSIX and diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 1d233cd52..7bce94a63 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -1361,7 +1361,7 @@ done: static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - size_t ngroups, char **groups, + size_t ngroups, char **fq_groups, struct ldb_dn ***_dn_list, char ***_missing_groups) { @@ -1393,14 +1393,14 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, parent_domain = (dom->parent == NULL) ? dom : dom->parent; for (c = 0; c < ngroups; c++) { - obj_domain = find_domain_by_object_name(parent_domain, groups[c]); + obj_domain = find_domain_by_object_name(parent_domain, fq_groups[c]); if (obj_domain == NULL) { DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_object_name failed.\n"); ret = ENOMEM; goto done; } - ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, groups[c], NULL, + ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, fq_groups[c], NULL, &msg); if (ret == EOK) { dn_list[n_dns] = ldb_dn_copy(dn_list, msg->dn); @@ -1412,7 +1412,7 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, n_dns++; } else if (ret == ENOENT) { missing_groups[n_missing] = talloc_strdup(missing_groups, - groups[c]); + fq_groups[c]); if (missing_groups[n_missing] == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; @@ -1868,9 +1868,19 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, } if (name == NULL) { - /* we always use the fully qualified name for subdomain users */ - name = sss_tc_fqname(tmp_ctx, dom->names, dom, - attrs->a.user.pw_name); + char *domname; + char *shortname; + ret = sss_parse_name(tmp_ctx, dom->names, + attrs->a.user.pw_name, + &domname, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse user name.\n"); + goto done; + } + + name = sss_create_internal_fqname(tmp_ctx, shortname, + domname ? domname + : dom->name); if (!name) { DEBUG(SSSDBG_OP_FAILURE, "failed to format user name.\n"); ret = ENOMEM; @@ -2129,18 +2139,27 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, type = SYSDB_MEMBER_GROUP; if (name == NULL) { - name = attrs->a.group.gr_name; - } + char *domname; + char *shortname; + ret = sss_parse_name(tmp_ctx, dom->names, + attrs->a.group.gr_name, + &domname, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse group name.\n"); + goto done; + } - if (IS_SUBDOMAIN(dom)) { - /* we always use the fully qualified name for subdomain users */ - name = sss_get_domain_name(tmp_ctx, name, dom); - if (!name) { - DEBUG(SSSDBG_OP_FAILURE, "failed to format user name,\n"); + name = sss_create_internal_fqname(tmp_ctx, shortname, + domname ? domname + : dom->name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to format group name.\n"); ret = ENOMEM; goto done; } } + DEBUG(SSSDBG_TRACE_FUNC, "Processing group %s\n", name); ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs, name); diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 472985d4a..5e6a4e9d4 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -913,7 +913,7 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, SYSDB_GHOST, SYSDB_HOMEDIR, NULL }; - char *name; + char *fq_name; if (ar->filter_type == BE_FILTER_SECID) { ret = sysdb_search_object_by_sid(mem_ctx, dom, ar->filter_value, attrs, @@ -986,24 +986,24 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, goto done; } } else if (ar->filter_type == BE_FILTER_NAME) { - name = sss_get_domain_name(mem_ctx, ar->filter_value, dom); - if (name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sss_get_domain_name failed\n"); + /* is ar->filter_value already internal fq name? */ + fq_name = sss_ioname2internal(mem_ctx, dom, ar->filter_value); + if (fq_name == NULL) { ret = ENOMEM; goto done; } switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_GROUP: - ret = sysdb_search_group_by_name(mem_ctx, dom, name, attrs, &msg); + ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name, attrs, &msg); break; case BE_REQ_INITGROUPS: case BE_REQ_USER: case BE_REQ_USER_AND_GROUP: - ret = sysdb_search_user_by_name(mem_ctx, dom, name, attrs, &msg); + ret = sysdb_search_user_by_name(mem_ctx, dom, fq_name, attrs, &msg); if (ret == ENOENT && (ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_USER_AND_GROUP) { - ret = sysdb_search_group_by_name(mem_ctx, dom, name, + ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name, attrs, &msg); } break; diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 7657b4ded..f155f7b7c 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -331,6 +331,8 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, size_t password_len; size_t fa2_len = 0; int ret = EOK; + TALLOC_CTX *tmp_ctx; + char *name; switch(pd->cmd) { case SSS_CMD_RENEW: @@ -380,7 +382,22 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, return; } - ret = sysdb_cache_password_ex(domain, pd->user, password, + /* Fixme: tmp_ctx should not be used like this */ + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory.\n"); + return; + } + name = sss_ioname2internal(tmp_ctx, domain, pd->user); + if (name == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, + "failed to parse name while storing offline creds.\n"); + talloc_free(tmp_ctx); + return; + } + talloc_free(tmp_ctx); + + ret = sysdb_cache_password_ex(domain, name, password, sss_authtok_get_type(pd->authtok), fa2_len); if (ret) { DEBUG(SSSDBG_OP_FAILURE, diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index fcdc4028e..1a0967704 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -1562,15 +1562,9 @@ sdap_get_primary_name(TALLOC_CTX *memctx, return EINVAL; } - name = sss_get_domain_name(memctx, orig_name, dom); - if (name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to format original name [%s]\n", orig_name); - return ENOMEM; - } - DEBUG(SSSDBG_TRACE_FUNC, "Processing object %s\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Processing object %s\n", orig_name); - *_primary_name = name; + *_primary_name = talloc_steal(memctx, name); return EOK; } diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 09bc0d654..801963205 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -305,6 +305,7 @@ errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, struct sss_domain_info *dom, + bool use_internal_fqname, struct sysdb_attrs *attrs); struct tevent_req * diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 7e979c3c4..0c96c0ddc 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -342,7 +342,7 @@ done: static errno_t sdap_store_group_with_gid(struct sss_domain_info *domain, - const char *name, + const char *name, /* internal fqname */ gid_t gid, struct sysdb_attrs *group_attrs, uint64_t cache_timeout, @@ -738,7 +738,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, goto done; } - ret = sdap_save_all_names(group_name, attrs, dom, group_attrs); + ret = sdap_save_all_names(group_name, attrs, dom, true, group_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save group names\n"); goto done; @@ -805,7 +805,7 @@ are_sids_from_same_dom(const char *sid1, const char *sid2, bool *_result) static errno_t retain_extern_members(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - const char *group_name, + const char *group_fqname, const char *group_sid, char ***_userdns, size_t *_nuserdns) @@ -823,7 +823,7 @@ retain_extern_members(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = sysdb_get_sids_of_members(tmp_ctx, dom, group_name, &sids, &dns, &n); + ret = sysdb_get_sids_of_members(tmp_ctx, dom, group_fqname, &sids, &dns, &n); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_TRACE_ALL, @@ -2414,6 +2414,7 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, errno_t ret, sret; struct ldb_message_element *el; const char *username; + char *gh_name; char *clean_orig_dn; const char *original_dn; struct sss_domain_info *user_dom; @@ -2488,6 +2489,13 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, continue; } + /* We want ghost users in the format name@domain */ + gh_name = talloc_asprintf(tmp_ctx, "%s@%s", username, user_dom->name); + if (gh_name == NULL) { + ret = ENOMEM; + goto done; + } + /* Check for the specified origDN in the sysdb */ filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, @@ -2533,7 +2541,7 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, key.type = HASH_KEY_STRING; key.str = talloc_steal(ghosts, discard_const(original_dn)); value.type = HASH_VALUE_PTR; - value.ptr = talloc_steal(ghosts, discard_const(username)); + value.ptr = talloc_steal(ghosts, gh_name); ret = hash_enter(ghosts, &key, &value); if (ret != HASH_SUCCESS) { talloc_free(key.str); diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 8d45c61ab..91a6d7be9 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -68,7 +68,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, mi = 0; for (i=0; groupnames[i]; i++) { - tmp_name = sss_get_domain_name(tmp_ctx, groupnames[i], domain); + tmp_name = sss_create_internal_fqname(tmp_ctx, groupnames[i], domain->name); if (tmp_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Failed to format original name [%s]\n", groupnames[i]); diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index e210db978..bd0e766d2 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -927,7 +927,12 @@ static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq) /* This is a new group. For now, we will store it under the name * of its SID. When a direct lookup of the group or its GID occurs, * it will replace this temporary entry. */ - name = sid; + name = sss_create_internal_fqname(tmp_ctx, sid, domain->name); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + ret = sysdb_add_incomplete_group(domain, name, gid, NULL, sid, NULL, false, now); if (ret != EOK) { diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index e50f25087..e2ce29396 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -121,7 +121,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); - ret = sdap_save_all_names(name, attrs, dom, + ret = sdap_save_all_names(name, attrs, dom, false, netgroup_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save netgroup names\n"); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 25304d4bf..45bd898e5 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -466,7 +466,7 @@ int sdap_save_user(TALLOC_CTX *memctx, cache_timeout = dom->user_timeout; - ret = sdap_save_all_names(user_name, attrs, dom, user_attrs); + ret = sdap_save_all_names(user_name, attrs, dom, true, user_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save user names\n"); goto done; diff --git a/src/providers/ldap/sdap_utils.c b/src/providers/ldap/sdap_utils.c index 9da46ea70..cf48d2541 100644 --- a/src/providers/ldap/sdap_utils.c +++ b/src/providers/ldap/sdap_utils.c @@ -77,10 +77,11 @@ errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, struct sss_domain_info *dom, + bool use_internal_fqname, struct sysdb_attrs *attrs) { const char **aliases = NULL; - const char *domname; + const char *sysdb_alias; errno_t ret; TALLOC_CTX *tmp_ctx; int i; @@ -100,14 +101,20 @@ sdap_save_all_names(const char *name, } for (i = 0; aliases[i]; i++) { - domname = sss_get_domain_name(tmp_ctx, aliases[i], dom); - if (domname == NULL) { + if (use_internal_fqname) { + sysdb_alias = sss_create_internal_fqname(tmp_ctx, aliases[i], + dom->name); + } else { + sysdb_alias = sss_get_domain_name(tmp_ctx, aliases[i], dom); + } + + if (sysdb_alias == NULL) { ret = ENOMEM; goto done; } if (lowercase) { - ret = sysdb_attrs_add_lc_name_alias(attrs, domname); + ret = sysdb_attrs_add_lc_name_alias(attrs, sysdb_alias); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Failed to add lower-cased version " "of alias [%s] into the " @@ -115,7 +122,7 @@ sdap_save_all_names(const char *name, goto done; } } else { - ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, domname); + ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, sysdb_alias); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Failed to add alias [%s] into the " "attribute list\n", aliases[i]); diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index f8b8cbdf2..d74040526 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -44,7 +44,7 @@ delete_user(struct sss_domain_info *domain, static int get_pw_name(struct proxy_id_ctx *ctx, struct sss_domain_info *dom, - const char *name) + const char *i_name) { TALLOC_CTX *tmpctx; struct passwd *pwd; @@ -56,14 +56,31 @@ static int get_pw_name(struct proxy_id_ctx *ctx, bool del_user; struct ldb_result *cached_pwd = NULL; const char *real_name = NULL; + char *shortname; + char *shortname_or_alias; + char *name_or_alias; + char *domname; - DEBUG(SSSDBG_TRACE_FUNC, "Searching user by name (%s)\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Searching user by name (%s)\n", i_name); tmpctx = talloc_new(NULL); if (!tmpctx) { return ENOMEM; } + ret = sss_parse_name(tmpctx, dom->names, i_name, + &domname, &shortname_or_alias); + if (ret != EOK) { + goto done; + } + + name_or_alias = sss_create_internal_fqname(tmpctx, shortname_or_alias, + domname ? domname : dom->name); + if (name_or_alias == NULL) { + ret = ENOMEM; + goto done; + } + pwd = talloc_zero(tmpctx, struct passwd); if (!pwd) { ret = ENOMEM; @@ -79,7 +96,7 @@ static int get_pw_name(struct proxy_id_ctx *ctx, /* FIXME: should we move this call outside the transaction to keep the * transaction as short as possible ? */ - status = ctx->ops.getpwnam_r(name, pwd, buffer, buflen, &ret); + status = ctx->ops.getpwnam_r(i_name, pwd, buffer, buflen, &ret); ret = handle_getpw_result(status, pwd, dom, &del_user); if (ret) { DEBUG(SSSDBG_OP_FAILURE, @@ -88,7 +105,7 @@ static int get_pw_name(struct proxy_id_ctx *ctx, } if (del_user) { - ret = delete_user(dom, name, 0); + ret = delete_user(dom, name_or_alias, 0); goto done; } @@ -124,24 +141,36 @@ static int get_pw_name(struct proxy_id_ctx *ctx, goto done; } - real_name = pwd->pw_name; + ret = sss_parse_name(tmpctx, dom->names, pwd->pw_name, + NULL, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sss_parse_name failed [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + real_name = sss_create_internal_fqname(tmpctx, shortname, dom->name); + if (real_name == NULL) { + ret = ENOMEM; + goto done; + } } if (del_user) { - ret = delete_user(dom, name, uid); + ret = delete_user(dom, name_or_alias, uid); goto done; } /* Both lookups went fine, we can save the user now */ ret = save_user(dom, !dom->case_sensitive, pwd, - real_name, name, dom->user_timeout); + real_name, name_or_alias, dom->user_timeout); done: talloc_zfree(tmpctx); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "proxy -> getpwnam_r failed for '%s' <%d>: %s\n", - name, ret, strerror(ret)); + i_name, ret, strerror(ret)); } return ret; } @@ -315,6 +344,7 @@ static int get_pw_uid(struct proxy_id_ctx *ctx, size_t buflen; bool del_user = false; int ret; + char *name; DEBUG(SSSDBG_TRACE_FUNC, "Searching user by uid (%"SPRIuid")\n", uid); @@ -349,8 +379,14 @@ static int get_pw_uid(struct proxy_id_ctx *ctx, goto done; } + name = sss_ioname2internal(tmpctx, dom, pwd->pw_name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse name '%s'\n", + pwd->pw_name); + goto done; + } ret = save_user(dom, !dom->case_sensitive, pwd, - pwd->pw_name, NULL, dom->user_timeout); + name, NULL, dom->user_timeout); done: talloc_zfree(tmpctx); @@ -379,6 +415,7 @@ static int enum_users(TALLOC_CTX *mem_ctx, int ret; errno_t sret; bool again; + char *name; DEBUG(SSSDBG_TRACE_LIBS, "Enumerating users\n"); @@ -472,8 +509,15 @@ static int enum_users(TALLOC_CTX *mem_ctx, break; } + name = sss_ioname2internal(tmpctx, dom, pwd->pw_name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse name '%s'\n", + pwd->pw_name); + goto done; + } + ret = save_user(dom, !dom->case_sensitive, pwd, - pwd->pw_name, NULL, dom->user_timeout); + name, NULL, dom->user_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -534,7 +578,7 @@ static errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb, struct group *grp, time_t now); static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom, - struct group *grp, const char *real_name, + struct group *grp, const char *real_name, /* internal fqname */ const char *alias, uint64_t cache_timeout) { errno_t ret, sret; @@ -793,6 +837,7 @@ static int get_gr_name(struct proxy_id_ctx *ctx, gid_t gid; struct ldb_result *cached_grp = NULL; const char *real_name = NULL; + char *alias; DEBUG(SSSDBG_FUNC_DATA, "Searching group by name (%s)\n", name); @@ -873,7 +918,13 @@ static int get_gr_name(struct proxy_id_ctx *ctx, goto done; } - real_name = grp->gr_name; + real_name = sss_ioname2internal(tmpctx, dom, grp->gr_name); + if (real_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to parse name '%s'\n", + grp->gr_name); + ret = ENOMEM; + goto done; + } } if (delete_group) { @@ -888,6 +939,13 @@ static int get_gr_name(struct proxy_id_ctx *ctx, goto done; } + alias = sss_ioname2internal(tmpctx, dom, name); + if (alias == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to parse name %s\n", name); + ret = ENOMEM; + goto done; + } ret = save_group(sysdb, dom, grp, real_name, name, dom->group_timeout); if (ret) { DEBUG(SSSDBG_OP_FAILURE, @@ -920,6 +978,7 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx, size_t buflen = 0; bool delete_group = false; int ret; + char *name; DEBUG(SSSDBG_TRACE_FUNC, "Searching group by gid (%"SPRIgid")\n", gid); @@ -966,7 +1025,13 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx, goto done; } - ret = save_group(sysdb, dom, grp, grp->gr_name, NULL, dom->group_timeout); + name = sss_ioname2internal(tmpctx, dom, grp->gr_name); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + + ret = save_group(sysdb, dom, grp, name, NULL, dom->group_timeout); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Cannot save user [%d]: %s\n", ret, strerror(ret)); @@ -1000,6 +1065,7 @@ static int enum_groups(TALLOC_CTX *mem_ctx, int ret; errno_t sret; bool again; + char *name; DEBUG(SSSDBG_TRACE_LIBS, "Enumerating groups\n"); @@ -1091,7 +1157,13 @@ static int enum_groups(TALLOC_CTX *mem_ctx, break; } - ret = save_group(sysdb, dom, grp, grp->gr_name, + name = sss_ioname2internal(tmpctx, dom, grp->gr_name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to parse group name." + "Ignoring\n"); + ret = ENOMEM; + } + ret = save_group(sysdb, dom, grp, name, NULL, dom->group_timeout); if (ret) { /* Do not fail completely on errors. diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index d6ac9dc28..b1d4345a2 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -350,7 +350,7 @@ static int fill_pwent(struct sss_packet *packet, size_t rsize, rp, blen; int fq_len = 0; int i, ret, num; - bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames); + bool add_domain = dom->fqnames; const char *domain = dom->name; bool packet_initialized = false; int ncret; @@ -2734,6 +2734,8 @@ void nss_update_gr_memcache(struct nss_ctx *nctx) #define MNUM_ROFFSET sizeof(uint32_t) #define STRS_ROFFSET 2*sizeof(uint32_t) +/* member can be from memberuid or ghost attribute. Both are stored + * in the internal fqname format (name@domain) */ static int parse_member(TALLOC_CTX *mem_ctx, struct sss_domain_info *group_dom, const char *member, struct sss_domain_info **_member_dom, struct sized_string *_name, bool *_add_domain) @@ -2744,40 +2746,51 @@ static int parse_member(TALLOC_CTX *mem_ctx, struct sss_domain_info *group_dom, const char *use_member; struct sss_domain_info *member_dom; bool add_domain; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } - ret = sss_parse_name(mem_ctx, group_dom->names, member, &domname, &username); + ret = sss_parse_internal_fqname(tmp_ctx, member, &username, &domname); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Could not parse [%s] into " - "name-value components.\n", member); - return ret; + "shortname and domain name components.\n", member); + goto done; } - add_domain = (!IS_SUBDOMAIN(group_dom) && group_dom->fqnames); - use_member = member; - member_dom = group_dom; + add_domain = group_dom->fqnames; + use_member = username; + member_dom = find_domain_by_name(group_dom, domname, true); + if (member_dom == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, "Could not find domain '%s'\n", domname); + ret = ERR_DOMAIN_NOT_FOUND; + goto done; + } - if (IS_SUBDOMAIN(group_dom) == false && domname != NULL) { + if (IS_SUBDOMAIN(group_dom) == false && IS_SUBDOMAIN(member_dom) == true) { /* The group is stored in the parent domain, but the member comes from. - * a subdomain. No need to add the domain component, it's already - * present in the memberuid/ghost attribute - */ - add_domain = false; + * a subdomain. */ + add_domain = true; } - if (IS_SUBDOMAIN(group_dom) == true && domname == NULL) { + if (IS_SUBDOMAIN(group_dom) == true && IS_SUBDOMAIN(member_dom) == false) { /* The group is stored in a subdomain, but the member comes * from the parent domain. Need to add the domain component * of the parent domain */ add_domain = true; - use_member = username; - member_dom = group_dom->parent; } to_sized_string(_name, use_member); *_add_domain = add_domain; *_member_dom = member_dom; - return EOK; + + ret = EOK; +done: + talloc_free(tmp_ctx); + return ret; } static int fill_members(struct sss_packet *packet, @@ -2842,7 +2855,8 @@ static int fill_members(struct sss_packet *packet, } } - ret = parse_member(tmp_ctx, dom, tmpstr, &member_dom, &name, &add_domain); + ret = parse_member(tmp_ctx, dom, tmpstr, &member_dom, &name, + &add_domain); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Could not process member %s, skipping\n", tmpstr); @@ -2923,7 +2937,7 @@ static int fill_grent(struct sss_packet *packet, int i = 0; int ret, num, memnum; size_t rzero, rsize; - bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames); + bool add_domain = dom->fqnames; const char *domain = dom->name; TALLOC_CTX *tmp_ctx = NULL; @@ -4594,26 +4608,21 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx) goto done; } - /* For subdomains a fully qualified name is needed for - * sysdb_search_user_by_name and sysdb_search_group_by_name. */ - if (IS_SUBDOMAIN(dom)) { - sysdb_name = sss_tc_fqname(cmdctx, dom->names, dom, name); - if (sysdb_name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n"); - ret = ENOMEM; - goto done; - } + sysdb_name = sss_ioname2internal(cmdctx, dom, name); + if (sysdb_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse name '%s'.\n", name); + ret = ENOMEM; + goto done; } - /* verify this name has not yet been negatively cached, as user * and groupm, or has been permanently filtered */ ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout, - dom, name); + dom, sysdb_name); if (ret == EEXIST) { ret = sss_ncache_check_group(nctx->ncache, nctx->neg_timeout, - dom, name); + dom, sysdb_name); if (ret == EEXIST) { /* if neg cached, return we didn't find it */ DEBUG(SSSDBG_TRACE_FUNC, @@ -4685,9 +4694,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx) } } } else { - ret = sysdb_search_user_by_name(cmdctx, dom, - sysdb_name ? sysdb_name : name, - attrs, &msg); + ret = sysdb_search_user_by_name(cmdctx, dom, sysdb_name, attrs, + &msg); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to make request to our cache!\n"); @@ -4699,8 +4707,7 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx) user_found = true; } else { talloc_free(msg); - ret = sysdb_search_group_by_name(cmdctx, dom, - sysdb_name ? sysdb_name : name, + ret = sysdb_search_group_by_name(cmdctx, dom, sysdb_name, attrs, &msg); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -4736,13 +4743,13 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx) if (dctx->res->count == 0 && !dctx->check_provider) { if (cmdctx->cmd == SSS_NSS_GETSIDBYNAME || cmdctx->cmd == SSS_NSS_GETORIGBYNAME) { - ret = sss_ncache_set_user(nctx->ncache, false, dom, name); + ret = sss_ncache_set_user(nctx->ncache, false, dom, sysdb_name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n", name, dom->name); } - ret = sss_ncache_set_group(nctx->ncache, false, dom, name); + ret = sss_ncache_set_group(nctx->ncache, false, dom, sysdb_name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n", name, dom->name); @@ -4766,7 +4773,7 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx) req_name = NULL; req_id = cmdctx->id; } else { - req_name = name; + req_name = sysdb_name; req_id = 0; } if (user_found) { diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index 64c02e81c..e5b45a72f 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -583,6 +583,8 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx) ret = sysdb_search_user_by_uid(tmp_ctx, pr_ctx->dom, pwd->pw_uid, attrs, &msg); if (ret == ENOENT) { + char *name; + if (pwd->pw_gid == 0 && !pr_ctx->dom->mpg) { DEBUG(SSSDBG_CRIT_FAILURE, "Primary group RID from the PAC " "cannot be translated into a GID for " @@ -598,6 +600,12 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx) goto done; } + name = sss_ioname2internal(tmp_ctx, pr_ctx->dom, pwd->pw_name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to format name for '%s'.\n", + pwd->pw_name); + goto done; + } ret = sysdb_store_user(pr_ctx->dom, pwd->pw_name, NULL, pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos, pwd->pw_dir, @@ -636,7 +644,7 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx) struct sss_domain_info *dom = pr_ctx->dom; struct tevent_req *req; errno_t ret; - char *dom_name = NULL; + char *sysdb_name = NULL; struct ldb_message *msg; req = tevent_req_create(pr_ctx, &state, struct pac_save_memberships_state); @@ -646,14 +654,14 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx) state->sid_iter = 0; - dom_name = sss_get_domain_name(state, pr_ctx->user_name, dom); - if (dom_name == NULL) { + sysdb_name = sss_ioname2internal(state, dom, pr_ctx->user_name); + if (sysdb_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_sprintf failed.\n"); ret = ENOMEM; goto done; } - ret = sysdb_search_user_by_name(state, dom, dom_name, NULL, &msg); + ret = sysdb_search_user_by_name(state, dom, sysdb_name, NULL, &msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_name failed " \ "[%d][%s].\n", ret, strerror(ret)); @@ -676,7 +684,7 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx) } done: - talloc_free(dom_name); + talloc_free(sysdb_name); if (ret != EOK && ret != EAGAIN) { tevent_req_error(req, ret); tevent_req_post(req, pr_ctx->cctx->ev); diff --git a/src/responder/pam/pam_LOCAL_domain.c b/src/responder/pam/pam_LOCAL_domain.c index 4b076146c..0966bcb0c 100644 --- a/src/responder/pam/pam_LOCAL_domain.c +++ b/src/responder/pam/pam_LOCAL_domain.c @@ -73,6 +73,12 @@ static void prepare_reply(struct LOCAL_request *lreq) static void do_successful_login(struct LOCAL_request *lreq) { int ret; + char *name; + TALLOC_CTX *tmpctx; + + tmpctx = talloc_new(NULL); + NULL_CHECK_OR_JUMP(tmpctx, ("talloc_new failed.\n"), + lreq->error, ENOMEM, done); lreq->mod_attrs = sysdb_new_attrs(lreq); NULL_CHECK_OR_JUMP(lreq->mod_attrs, ("sysdb_new_attrs failed.\n"), @@ -87,13 +93,16 @@ static void do_successful_login(struct LOCAL_request *lreq) NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); - ret = sysdb_set_user_attr(lreq->domain, - lreq->preq->pd->user, + name = sss_ioname2internal(tmpctx, lreq->domain, lreq->preq->pd->user); + NULL_CHECK_OR_JUMP(name, ("sss_ioname2internal failed.\n"), + lreq->error, ENOMEM, done); + ret = sysdb_set_user_attr(lreq->domain, name, lreq->mod_attrs, SYSDB_MOD_REP); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), lreq->error, ret, done); done: + talloc_free(tmpctx); return; } @@ -102,6 +111,12 @@ static void do_failed_login(struct LOCAL_request *lreq) int ret; int failedLoginAttempts; struct pam_data *pd; + char *name; + TALLOC_CTX *tmpctx; + + tmpctx = talloc_new(NULL); + NULL_CHECK_OR_JUMP(tmpctx, ("talloc_new failed.\n"), + lreq->error, ENOMEM, done); pd = lreq->preq->pd; pd->pam_status = PAM_AUTH_ERR; @@ -128,13 +143,16 @@ static void do_failed_login(struct LOCAL_request *lreq) NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); - ret = sysdb_set_user_attr(lreq->domain, - lreq->preq->pd->user, + name = sss_ioname2internal(tmpctx, lreq->domain, lreq->preq->pd->user); + NULL_CHECK_OR_JUMP(name, ("sss_ioname2internal failed.\n"), + lreq->error, ENOMEM, done); + ret = sysdb_set_user_attr(lreq->domain, name, lreq->mod_attrs, SYSDB_MOD_REP); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), lreq->error, ret, done); done: + talloc_free(tmpctx); return; } @@ -161,9 +179,15 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq) char *salt; char *new_hash; struct pam_data *pd; + char *name; + TALLOC_CTX *tmpctx; pd = lreq->preq->pd; + tmpctx = talloc_new(NULL); + NULL_CHECK_OR_JUMP(tmpctx, ("talloc_new failed.\n"), + lreq->error, ENOMEM, done); + ret = sss_authtok_get_password(pd->newauthtok, &password, NULL); if (ret) { /* TODO: should we allow null passwords via a config option ? */ @@ -197,13 +221,16 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq) NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); - ret = sysdb_set_user_attr(lreq->domain, - lreq->preq->pd->user, + name = sss_ioname2internal(tmpctx, lreq->domain, lreq->preq->pd->user); + NULL_CHECK_OR_JUMP(name, ("sss_ioname2internal failed.\n"), + lreq->error, ENOMEM, done); + ret = sysdb_set_user_attr(lreq->domain, name, lreq->mod_attrs, SYSDB_MOD_REP); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), lreq->error, ret, done); done: + talloc_free(tmpctx); sss_authtok_set_empty(pd->newauthtok); } diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index b9fd35325..b497b8247 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -45,10 +45,10 @@ enum pam_verbosity { static errno_t pam_null_last_online_auth_with_curr_token(struct sss_domain_info *domain, - const char *username); + const char *pd_username); static errno_t pam_get_last_online_auth_with_curr_token(struct sss_domain_info *domain, - const char *name, + const char *pd_name, uint64_t *_value); static void pam_reply(struct pam_auth_req *preq); @@ -430,44 +430,61 @@ static errno_t set_last_login(struct pam_auth_req *preq) { struct sysdb_attrs *attrs; errno_t ret; + char *name; + TALLOC_CTX *tmpctx; + + tmpctx = talloc_new(NULL); + if (tmpctx == NULL) { + ret = ENOMEM; + goto done; + } attrs = sysdb_new_attrs(preq); if (!attrs) { ret = ENOMEM; - goto fail; + goto done; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_ONLINE_AUTH, time(NULL)); if (ret != EOK) { - goto fail; + goto done; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_ONLINE_AUTH_WITH_CURR_TOKEN, time(NULL)); if (ret != EOK) { - goto fail; + goto done; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_LOGIN, time(NULL)); if (ret != EOK) { - goto fail; + goto done; + } + + name = sss_ioname2internal(tmpctx, preq->domain, preq->pd->user); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse name '%s'.\n", + preq->pd->user); + ret = ENOMEM; + goto done; } - ret = sysdb_set_user_attr(preq->domain, preq->pd->user, attrs, + ret = sysdb_set_user_attr(preq->domain, name, attrs, SYSDB_MOD_REP); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "set_last_login failed.\n"); preq->pd->pam_status = PAM_SYSTEM_ERR; - goto fail; + goto done; } else { preq->pd->last_auth_saved = true; } preq->callback(preq); - return EOK; + ret = EOK; -fail: +done: + talloc_free(tmpctx); return ret; } @@ -1678,7 +1695,7 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, } static errno_t pam_is_last_online_login_fresh(struct sss_domain_info *domain, - const char* user, + const char* pd_user, int cached_auth_timeout, bool *_result) { @@ -1686,7 +1703,7 @@ static errno_t pam_is_last_online_login_fresh(struct sss_domain_info *domain, bool result; uint64_t last_login; - ret = pam_get_last_online_auth_with_curr_token(domain, user, &last_login); + ret = pam_get_last_online_auth_with_curr_token(domain, pd_user, &last_login); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_get_last_online_auth_with_curr_token failed: %s:[%d]\n", @@ -1737,7 +1754,7 @@ static bool pam_is_authtok_cachable(struct sss_auth_token *authtok) static bool pam_can_user_cache_auth(struct sss_domain_info *domain, int pam_cmd, struct sss_auth_token *authtok, - const char* user, + const char* pd_user, bool cached_auth_failed) { errno_t ret; @@ -1749,7 +1766,7 @@ static bool pam_can_user_cache_auth(struct sss_domain_info *domain, && pam_is_authtok_cachable(authtok) && pam_is_cmd_cachable(pam_cmd)) { - ret = pam_is_last_online_login_fresh(domain, user, + ret = pam_is_last_online_login_fresh(domain, pd_user, domain->cached_auth_timeout, &result); if (ret != EOK) { @@ -1939,12 +1956,13 @@ struct sss_cmd_table *get_pam_cmds(void) errno_t pam_set_last_online_auth_with_curr_token(struct sss_domain_info *domain, - const char *username, + const char *pd_username, uint64_t value) { TALLOC_CTX *tmp_ctx; struct sysdb_attrs *attrs; int ret; + char *name; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -1963,7 +1981,13 @@ pam_set_last_online_auth_with_curr_token(struct sss_domain_info *domain, value); if (ret != EOK) { goto done; } - ret = sysdb_set_user_attr(domain, username, attrs, SYSDB_MOD_REP); + name = sss_ioname2internal(tmp_ctx, domain, pd_username); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_set_user_attr(domain, name, attrs, SYSDB_MOD_REP); if (ret != EOK) { goto done; } done: @@ -1977,14 +2001,14 @@ done: static errno_t pam_null_last_online_auth_with_curr_token(struct sss_domain_info *domain, - const char *username) + const char *pd_username) { - return pam_set_last_online_auth_with_curr_token(domain, username, 0); + return pam_set_last_online_auth_with_curr_token(domain, pd_username, 0); } static errno_t pam_get_last_online_auth_with_curr_token(struct sss_domain_info *domain, - const char *name, + const char *pd_name, uint64_t *_value) { TALLOC_CTX *tmp_ctx = NULL; @@ -1992,8 +2016,9 @@ pam_get_last_online_auth_with_curr_token(struct sss_domain_info *domain, struct ldb_message *ldb_msg; uint64_t value; errno_t ret; + char *name; - if (name == NULL || *name == '\0') { + if (pd_name == NULL || *pd_name == '\0') { DEBUG(SSSDBG_CRIT_FAILURE, "Missing user name.\n"); ret = EINVAL; goto done; @@ -2011,6 +2036,12 @@ pam_get_last_online_auth_with_curr_token(struct sss_domain_info *domain, goto done; } + name = sss_ioname2internal(tmp_ctx, domain, pd_name); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + ret = sysdb_search_user_by_name(tmp_ctx, domain, name, attrs, &ldb_msg); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, diff --git a/src/tests/cmocka/test_ldap_id_cleanup.c b/src/tests/cmocka/test_ldap_id_cleanup.c index e40f2b6dd..fc6ddd274 100644 --- a/src/tests/cmocka/test_ldap_id_cleanup.c +++ b/src/tests/cmocka/test_ldap_id_cleanup.c @@ -182,16 +182,42 @@ static void test_id_cleanup_exp_group(void **state) errno_t ret; struct ldb_message *msg; struct sdap_domain sdom; - const char *special_grp = "special_gr*o/u\\p(2016)"; - const char *empty_special_grp = "empty_gr*o/u\\p(2016)"; - const char *empty_grp = "empty_grp"; - const char *grp = "grp"; + char *special_grp; + char *empty_special_grp; + char *empty_grp; + char *grp; + char *test_user; + char *test_user2; /* This timeout can be bigger because we will call invalidate_group * to expire entries without waiting. */ const uint64_t CACHE_TIMEOUT = 30; struct sysdb_test_ctx *test_ctx = talloc_get_type_abort(*state, struct sysdb_test_ctx); + special_grp = sss_create_internal_fqname(test_ctx, + "special_gr*o/u\\p(2016)", + test_ctx->domain->name); + assert_non_null(special_grp); + + empty_special_grp = sss_create_internal_fqname(test_ctx, + "empty_gr*o/u\\p(2016)", + test_ctx->domain->name); + assert_non_null(empty_special_grp); + + empty_grp = sss_create_internal_fqname(test_ctx, "empty_grp", + test_ctx->domain->name); + assert_non_null(empty_grp); + + grp = sss_create_internal_fqname(test_ctx, "grp", test_ctx->domain->name); + assert_non_null(grp); + + test_user = sss_create_internal_fqname(test_ctx, "test_user", + test_ctx->domain->name); + assert_non_null(test_user); + test_user2 = sss_create_internal_fqname(test_ctx, "test_user2", + test_ctx->domain->name); + assert_non_null(test_user2); + ret = sysdb_store_group(test_ctx->domain, special_grp, 10002, NULL, CACHE_TIMEOUT, 0); assert_int_equal(ret, EOK); @@ -208,13 +234,13 @@ static void test_id_cleanup_exp_group(void **state) 10005, NULL, CACHE_TIMEOUT, 0); assert_int_equal(ret, EOK); - ret = sysdb_store_user(test_ctx->domain, "test_user", NULL, + ret = sysdb_store_user(test_ctx->domain, test_user, NULL, 10001, 10002, "Test user", NULL, NULL, NULL, NULL, NULL, 0, 0); assert_int_equal(ret, EOK); - ret = sysdb_store_user(test_ctx->domain, "test_user2", NULL, + ret = sysdb_store_user(test_ctx->domain, test_user2, NULL, 10002, 10004, "Test user", NULL, NULL, NULL, NULL, NULL, 0, 0); diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c index f05b55e46..b4e716a22 100644 --- a/src/tests/cmocka/test_nss_srv.c +++ b/src/tests/cmocka/test_nss_srv.c @@ -368,7 +368,7 @@ void test_nss_getpwnam(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuser", 123, 456, "test user", + "testuser@"TEST_DOM_NAME, 123, 456, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -430,10 +430,14 @@ void test_nss_getpwnam_neg(void **state) static int test_nss_getpwnam_search_acct_cb(void *pvt) { errno_t ret; + char *fqname; struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); + fqname = sss_create_internal_fqname(ctx->tctx, "testuser_search", + ctx->tctx->dom->name); + assert_non_null(fqname); ret = sysdb_add_user(ctx->tctx->dom, - "testuser_search", 567, 890, "test search", + fqname, 567, 890, "test search", "/home/testsearch", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -501,7 +505,8 @@ static int test_nss_getpwnam_update_acct_cb(void *pvt) struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); ret = sysdb_store_user(ctx->tctx->dom, - "testuser_update", NULL, 10, 11, "test user", + "testuser_update@"TEST_DOM_NAME, + NULL, 10, 11, "test user", "/home/testuser", "/bin/ksh", NULL, NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -532,10 +537,15 @@ void test_nss_getpwnam_update(void **state) errno_t ret; struct ldb_result *res; const char *shell; + char *username; + username = sss_create_internal_fqname(nss_test_ctx, + "testuser_update", + nss_test_ctx->tctx->dom->name); + assert_non_null(username); /* Prime the cache with a valid but expired user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuser_update", 10, 11, "test user", + username, 10, 11, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 1, 1); assert_int_equal(ret, EOK); @@ -562,7 +572,7 @@ void test_nss_getpwnam_update(void **state) /* Check the user was updated in the cache */ ret = sysdb_getpwnam(nss_test_ctx, nss_test_ctx->tctx->dom, - "testuser_update", &res); + username , &res); assert_int_equal(ret, EOK); assert_int_equal(res->count, 1); @@ -599,7 +609,8 @@ void test_nss_getpwnam_fqdn(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuser_fqdn", 124, 457, "test user", + "testuser_fqdn@"TEST_DOM_NAME, + 124, 457, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -646,7 +657,7 @@ void test_nss_getpwnam_space(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "space user", 225, 558, "space user", + "space user@"TEST_DOM_NAME, 225, 558, "space user", "/home/testuser", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -761,7 +772,8 @@ void test_nss_getpwnam_fqdn_fancy(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuser_fqdn_fancy", 125, 458, "test user", + "testuser_fqdn_fancy@"TEST_DOM_NAME, + 125, 458, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -810,7 +822,8 @@ void test_nss_getpwuid(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuser1", 101, 401, "test user1", + "testuser1@"TEST_DOM_NAME, + 101, 401, "test user1", "/home/testuser1", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -877,7 +890,8 @@ static int test_nss_getpwuid_search_acct_cb(void *pvt) struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); ret = sysdb_add_user(ctx->tctx->dom, - "exampleuser_search", 107, 987, "example search", + "exampleuser_search@"TEST_DOM_NAME, + 107, 987, "example search", "/home/examplesearch", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -946,7 +960,8 @@ static int test_nss_getpwuid_update_acct_cb(void *pvt) struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); ret = sysdb_store_user(ctx->tctx->dom, - "exampleuser_update", NULL, 109, 11000, "example user", + "exampleuser_update@"TEST_DOM_NAME, + NULL, 109, 11000, "example user", "/home/exampleuser", "/bin/ksh", NULL, NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -980,7 +995,8 @@ void test_nss_getpwuid_update(void **state) /* Prime the cache with a valid but expired user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "exampleuser_update", 109, 11000, "example user", + "exampleuser_update@"TEST_DOM_NAME, + 109, 11000, "example user", "/home/exampleuser", "/bin/sh", NULL, NULL, 1, 1); assert_int_equal(ret, EOK); @@ -1110,7 +1126,7 @@ void test_nss_getgrnam_no_members(void **state) /* Prime the cache with a valid group */ ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testgroup", 1123, + "testgroup@"TEST_DOM_NAME, 1123, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -1164,29 +1180,33 @@ void test_nss_getgrnam_members(void **state) /* Prime the cache with a valid group and some members */ ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testgroup_members", 1124, + "testgroup_members@"TEST_DOM_NAME, 1124, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testmember1", 2001, 456, "test member1", + "testmember1@"TEST_DOM_NAME, + 2001, 456, "test member1", "/home/testmember2", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testmember2", 2002, 456, "test member2", + "testmember2@"TEST_DOM_NAME, + 2002, 456, "test member2", "/home/testmember2", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testgroup_members", "testmember1", + "testgroup_members@"TEST_DOM_NAME, + "testmember1@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testgroup_members", "testmember2", + "testgroup_members@"TEST_DOM_NAME, + "testmember2@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -1292,44 +1312,58 @@ static int test_nss_getgrnam_members_check_subdom(uint32_t status, void test_nss_getgrnam_members_subdom(void **state) { errno_t ret; + char *submember1; + char *submember2; + char *testsubdomgroup; + + submember1 = sss_create_internal_fqname(nss_test_ctx, "submember1", + nss_test_ctx->subdom->name); + submember2 = sss_create_internal_fqname(nss_test_ctx, "submember2", + nss_test_ctx->subdom->name); + testsubdomgroup = sss_create_internal_fqname(nss_test_ctx, + "testsubdomgroup", + nss_test_ctx->subdom->name); + assert_non_null(submember1); + assert_non_null(submember2); + assert_non_null(testsubdomgroup); nss_test_ctx->tctx->dom->fqnames = true; /* Add a group from a subdomain and two members from the same subdomain */ ret = sysdb_add_group(nss_test_ctx->subdom, - "testsubdomgroup@"TEST_SUBDOM_NAME, + testsubdomgroup, 2124, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->subdom, - "submember1@"TEST_SUBDOM_NAME, + submember1, 4001, 456, "test subdomain member1", "/home/submember1", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->subdom, - "submember2@"TEST_SUBDOM_NAME, + submember2, 2002, 456, "test subdomain member2", "/home/submember2", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->subdom, - "testsubdomgroup@"TEST_SUBDOM_NAME, - "submember1@"TEST_SUBDOM_NAME, + testsubdomgroup, + submember1, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->subdom, - "testsubdomgroup@"TEST_SUBDOM_NAME, - "submember2@"TEST_SUBDOM_NAME, + testsubdomgroup, + submember2, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); - mock_input_user_or_group("testsubdomgroup@"TEST_SUBDOM_NAME); + mock_input_user_or_group(testsubdomgroup); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETGRNAM); mock_fill_group_with_members(2); @@ -1494,16 +1528,19 @@ void test_nss_getgrnam_mix_subdom(void **state) errno_t ret; const char *group_strdn = NULL; const char *add_groups[] = { NULL, NULL }; + char *testmember1_fqname = sss_create_internal_fqname(nss_test_ctx, + "testmember1", + TEST_DOM_NAME); - /* Add a subdomain user to a parent domain group */ + /* Add a parent domain user to a subdomain group */ group_strdn = sysdb_group_strdn(nss_test_ctx, nss_test_ctx->subdom->name, - "testsubdomgroup@"TEST_SUBDOM_NAME); + "testsubdomgroup"); assert_non_null(group_strdn); add_groups[0] = group_strdn; ret = sysdb_update_members_dn(nss_test_ctx->tctx->dom, - "testmember1", + testmember1_fqname, SYSDB_MEMBER_USER, add_groups, NULL); assert_int_equal(ret, EOK); @@ -1557,7 +1594,7 @@ void test_nss_getgrnam_space(void **state) /* Prime the cache with a valid group */ ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "space group", 2123, + "space group@"TEST_DOM_NAME, 2123, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -1860,7 +1897,11 @@ void test_nss_getorigbyname(void **state) { errno_t ret; struct sysdb_attrs *attrs; + char *fqname; + fqname = sss_create_internal_fqname(nss_test_ctx, "testuserorig", + nss_test_ctx->tctx->dom->name); + assert_non_null(fqname); attrs = sysdb_new_attrs(nss_test_ctx); assert_non_null(attrs); @@ -1876,7 +1917,7 @@ void test_nss_getorigbyname(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuserorig", 1234, 5689, "test user orig", + fqname, 1234, 5689, "test user orig", "/home/testuserorig", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); @@ -1966,6 +2007,11 @@ void test_nss_getorigbyname_extra_attrs(void **state) { errno_t ret; struct sysdb_attrs *attrs; + char *fqname; + + fqname = sss_create_internal_fqname(nss_test_ctx, "testuserorigextra", + nss_test_ctx->tctx->dom->name); + assert_non_null(fqname); attrs = sysdb_new_attrs(nss_test_ctx); assert_non_null(attrs); @@ -1991,7 +2037,7 @@ void test_nss_getorigbyname_extra_attrs(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuserorigextra", 2345, 6789, + fqname, 2345, 6789, "test user orig extra", "/home/testuserorigextra", "/bin/sh", NULL, attrs, 300, 0); @@ -2092,6 +2138,11 @@ void test_nss_getorigbyname_multi_value_attrs(void **state) { errno_t ret; struct sysdb_attrs *attrs; + char *fqname; + + fqname = sss_create_internal_fqname(nss_test_ctx, "testuserorigmulti", + nss_test_ctx->tctx->dom->name); + assert_non_null(fqname); attrs = sysdb_new_attrs(nss_test_ctx); assert_non_null(attrs); @@ -2117,7 +2168,7 @@ void test_nss_getorigbyname_multi_value_attrs(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuserorigmulti", 3456, 7890, + fqname, 3456, 7890, "test user orig multi value", "/home/testuserorigextra", "/bin/sh", NULL, attrs, 300, 0); @@ -2162,6 +2213,11 @@ void test_nss_getpwnam_upn(void **state) { errno_t ret; struct sysdb_attrs *attrs; + char *upnuser; + + upnuser = sss_create_internal_fqname(nss_test_ctx, "upnuser", + nss_test_ctx->tctx->dom->name); + assert_non_null(upnuser); attrs = sysdb_new_attrs(nss_test_ctx); assert_non_null(attrs); @@ -2171,7 +2227,7 @@ void test_nss_getpwnam_upn(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "upnuser", 34567, 45678, "up user", + upnuser, 34567, 45678, "up user", "/home/upnuser", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); @@ -2256,28 +2312,31 @@ void test_nss_initgroups(void **state) assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testinitgr", 321, 654, "test initgroups", + "testinitgr@"TEST_DOM_NAME, + 321, 654, "test initgroups", "/home/testinitgr", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_gr1", 3211, + "testinitgr_gr1@"TEST_DOM_NAME, 3211, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_gr2", 3212, + "testinitgr_gr2@"TEST_DOM_NAME, 3212, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_gr1", "testinitgr", + "testinitgr_gr1@"TEST_DOM_NAME, + "testinitgr@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_gr2", "testinitgr", + "testinitgr_gr2@"TEST_DOM_NAME, + "testinitgr@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2355,28 +2414,31 @@ static int test_nss_initgr_search_acct_cb(void *pvt) assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testinitgr_srch", 421, 654, "test initgroups", + "testinitgr_srch@"TEST_DOM_NAME, + 421, 654, "test initgroups", "/home/testinitgr", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_srch_gr1", 4211, + "testinitgr_srch_gr1@"TEST_DOM_NAME, 4211, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_srch_gr2", 4212, + "testinitgr_srch_gr2@"TEST_DOM_NAME, 4212, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_srch_gr1", "testinitgr_srch", + "testinitgr_srch_gr1@"TEST_DOM_NAME, + "testinitgr_srch@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_srch_gr2", "testinitgr_srch", + "testinitgr_srch_gr2@"TEST_DOM_NAME, + "testinitgr_srch@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2438,18 +2500,18 @@ static int test_nss_initgr_update_acct_cb(void *pvt) assert_int_equal(ret, EOK); ret = sysdb_set_user_attr(nss_test_ctx->tctx->dom, - "testinitgr_update", + "testinitgr_update@"TEST_DOM_NAME, attrs, SYSDB_MOD_REP); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_check_gr2", 5212, + "testinitgr_check_gr2@"TEST_DOM_NAME, 5212, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_check_gr2", - "testinitgr_update", + "testinitgr_check_gr2@"TEST_DOM_NAME, + "testinitgr_update@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2478,18 +2540,20 @@ void test_nss_initgr_update(void **state) assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testinitgr_update", 521, 654, "test initgroups", + "testinitgr_update@"TEST_DOM_NAME, + 521, 654, "test initgroups", "/home/testinitgr", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_update_gr1", 5211, + "testinitgr_update_gr1@"TEST_DOM_NAME, 5211, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_update_gr1", "testinitgr_update", + "testinitgr_update_gr1@"TEST_DOM_NAME, + "testinitgr_update@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2523,18 +2587,18 @@ static int test_nss_initgr_update_acct_2expire_attributes_cb(void *pvt) assert_int_equal(ret, EOK); ret = sysdb_set_user_attr(nss_test_ctx->tctx->dom, - "testinitgr_2attr", + "testinitgr_2attr@"TEST_DOM_NAME, attrs, SYSDB_MOD_REP); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_2attr_gr12", 5222, + "testinitgr_2attr_gr12@"TEST_DOM_NAME, 5222, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_2attr_gr12", - "testinitgr_2attr", + "testinitgr_2attr_gr12@"TEST_DOM_NAME, + "testinitgr_2attr@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2575,18 +2639,20 @@ void test_nss_initgr_update_two_expire_attributes(void **state) assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testinitgr_2attr", 522, 655, "test initgroups2", + "testinitgr_2attr@"TEST_DOM_NAME, + 522, 655, "test initgroups2", "/home/testinitgr_2attr", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_2attr_gr11", 5221, + "testinitgr_2attr_gr11@"TEST_DOM_NAME, 5221, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_2attr_gr11", "testinitgr_2attr", + "testinitgr_2attr_gr11@"TEST_DOM_NAME, + "testinitgr_2attr@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2749,7 +2815,8 @@ static void test_nss_getnamebysid(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testsiduser", 12345, 6890, "test sid user", + "testsiduser@"TEST_DOM_NAME, + 12345, 6890, "test sid user", "/home/testsiduser", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); @@ -2838,7 +2905,8 @@ static int test_nss_getnamebysid_update_acct_cb(void *pvt) errno_t ret; struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); - ret = sysdb_store_user(ctx->tctx->dom, "testsidbyname_update", NULL, + ret = sysdb_store_user(ctx->tctx->dom, + "testsidbyname_update@"TEST_DOM_NAME, NULL, 123456, 789, "test user", "/home/testsidbyname_update", "/bin/ksh", NULL, NULL, NULL, 300, 0); @@ -2867,7 +2935,8 @@ void test_nss_getnamebysid_update(void **state) /* Prime the cache with a valid but expired user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testsidbyname_update", 123456, 789, "test user", + "testsidbyname_update@"TEST_DOM_NAME, + 123456, 789, "test user", "/home/testsidbyname_update", "/bin/sh", NULL, attrs, 1, 1); assert_int_equal(ret, EOK); diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index 75411feee..24ecc5a4a 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -1034,7 +1034,8 @@ void test_pam_offline_auth_success(void **state) { int ret; - ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345"); + ret = sysdb_cache_password(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345"); assert_int_equal(ret, EOK); mock_input_pam(pam_test_ctx, "pamuser", "12345", NULL); @@ -1058,7 +1059,7 @@ void test_pam_offline_auth_wrong_pw(void **state) { int ret; - ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345"); + ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser@"TEST_DOM_NAME, "12345"); assert_int_equal(ret, EOK); mock_input_pam(pam_test_ctx, "pamuser", "11111", NULL); @@ -1082,7 +1083,8 @@ void test_pam_offline_auth_success_2fa(void **state) { int ret; - ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345"); + ret = sysdb_cache_password(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345"); assert_int_equal(ret, EOK); mock_input_pam(pam_test_ctx, "pamuser", "12345", "abcde"); @@ -1106,7 +1108,8 @@ void test_pam_offline_auth_failed_2fa(void **state) { int ret; - ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345"); + ret = sysdb_cache_password(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345"); assert_int_equal(ret, EOK); mock_input_pam(pam_test_ctx, "pamuser", "11111", "abcde"); @@ -1130,7 +1133,8 @@ void test_pam_offline_auth_success_2fa_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1155,7 +1159,8 @@ void test_pam_offline_auth_failed_2fa_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1180,7 +1185,8 @@ void test_pam_offline_auth_success_pw_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1205,7 +1211,8 @@ void test_pam_offline_auth_failed_pw_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1230,7 +1237,8 @@ void test_pam_offline_auth_success_combined_pw_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345678", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1255,7 +1263,8 @@ void test_pam_offline_auth_failed_combined_pw_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345678", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1280,7 +1289,8 @@ void test_pam_offline_auth_failed_wrong_2fa_size_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345678", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c index 842f94a72..76c7e845c 100644 --- a/src/tests/cmocka/test_responder_cache_req.c +++ b/src/tests/cmocka/test_responder_cache_req.c @@ -173,7 +173,7 @@ static void cache_req_group_by_id_test_done(struct tevent_req *req) static void prepare_concrete_user(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char* user_name, + const char* user_shortname, int user_id, int group_id, uint64_t timeout, @@ -181,6 +181,10 @@ static void prepare_concrete_user(TALLOC_CTX *mem_ctx, { struct sysdb_attrs *attrs; errno_t ret; + char *name; + + name = sss_create_internal_fqname(mem_ctx, user_shortname, domain->name); + assert_non_null(name); attrs = sysdb_new_attrs(mem_ctx); assert_non_null(attrs); @@ -188,7 +192,7 @@ static void prepare_concrete_user(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_add_string(attrs, SYSDB_UPN, TEST_UPN); assert_int_equal(ret, EOK); - ret = sysdb_store_user(domain, user_name, "pwd", + ret = sysdb_store_user(domain, name, "pwd", user_id, group_id, NULL, NULL, NULL, "cn=test-user,dc=test", attrs, NULL, timeout, transaction_time); @@ -209,9 +213,12 @@ static void run_user_by_name(struct cache_req_test_ctx *test_ctx, int cache_refresh_percent, errno_t exp_ret) { + char *name; + + name = sss_create_internal_fqname(test_ctx, TEST_USER_NAME, domain->name); run_cache_req(test_ctx, cache_req_user_by_name_send, cache_req_user_by_name_test_done, domain, - cache_refresh_percent, TEST_USER_NAME, exp_ret); + cache_refresh_percent, name, exp_ret); } static void run_user_by_upn(struct cache_req_test_ctx *test_ctx, @@ -270,8 +277,12 @@ static void prepare_group(TALLOC_CTX *mem_ctx, time_t transaction_time) { errno_t ret; + char *name; + + name = sss_create_internal_fqname(mem_ctx, TEST_GROUP_NAME, domain->name); + assert_non_null(name); - ret = sysdb_store_group(domain, TEST_GROUP_NAME, TEST_GROUP_ID, NULL, + ret = sysdb_store_group(domain, name, TEST_GROUP_ID, NULL, timeout, transaction_time); assert_int_equal(ret, EOK); } @@ -281,9 +292,13 @@ static void run_group_by_name(struct cache_req_test_ctx *test_ctx, int cache_refresh_percent, errno_t exp_ret) { + char *name; + + name = sss_create_internal_fqname(test_ctx, TEST_GROUP_NAME, + domain->name); run_cache_req(test_ctx, cache_req_group_by_name_send, cache_req_group_by_name_test_done, domain, - cache_refresh_percent, TEST_GROUP_NAME, exp_ret); + cache_refresh_percent, name, exp_ret); } static void run_group_by_id(struct cache_req_test_ctx *test_ctx, @@ -469,7 +484,8 @@ void test_user_by_name_multiple_domains_parse(void **state) struct sss_domain_info *domain = NULL; TALLOC_CTX *req_mem_ctx = NULL; struct tevent_req *req = NULL; - const char *name = TEST_USER_NAME; + char *name_a; + char *name_d; const char *fqn = NULL; errno_t ret; @@ -480,7 +496,11 @@ void test_user_by_name_multiple_domains_parse(void **state) "responder_cache_req_test_a", true); assert_non_null(domain); - ret = sysdb_store_user(domain, name, "pwd", 2000, 1000, + name_a = sss_create_internal_fqname(test_ctx, TEST_USER_NAME, + domain->name); + assert_non_null(name_a); + + ret = sysdb_store_user(domain, name_a, "pwd", 1000, 1000, NULL, NULL, NULL, "cn=test-user,dc=test", NULL, NULL, 1000, time(NULL)); assert_int_equal(ret, EOK); @@ -494,12 +514,12 @@ void test_user_by_name_multiple_domains_parse(void **state) prepare_user(test_ctx, domain, 1000, time(NULL)); /* Append domain name to the username. */ - fqn = talloc_asprintf(test_ctx, "%s@%s", name, + fqn = talloc_asprintf(test_ctx, "%s@%s", TEST_USER_NAME, "responder_cache_req_test_d"); assert_non_null(fqn); /* Mock values. */ - mock_parse_inp(name, "responder_cache_req_test_d", ERR_OK); + mock_parse_inp(TEST_USER_NAME, "responder_cache_req_test_d", ERR_OK); /* Test. */ @@ -520,7 +540,7 @@ void test_user_by_name_multiple_domains_parse(void **state) check_user(test_ctx, domain); assert_non_null(test_ctx->name); - assert_string_equal(name, test_ctx->name); + assert_string_equal(name_d, test_ctx->name); } void test_user_by_name_cache_valid(void **state) @@ -540,7 +560,6 @@ void test_user_by_name_cache_valid(void **state) void test_user_by_name_cache_expired(void **state) { struct cache_req_test_ctx *test_ctx = NULL; - test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); /* Setup user. */ @@ -970,7 +989,8 @@ void test_group_by_name_multiple_domains_parse(void **state) struct sss_domain_info *domain = NULL; TALLOC_CTX *req_mem_ctx = NULL; struct tevent_req *req = NULL; - const char *name = TEST_GROUP_NAME; + const char *shortname = TEST_GROUP_NAME; + char *name_a; const char *fqn = NULL; errno_t ret; @@ -980,8 +1000,10 @@ void test_group_by_name_multiple_domains_parse(void **state) domain = find_domain_by_name(test_ctx->tctx->dom, "responder_cache_req_test_a", true); assert_non_null(domain); + name_a = sss_create_internal_fqname(test_ctx, shortname, domain->name); + assert_int_equal(ret, EOK); - ret = sysdb_store_group(domain, name, 2000, NULL, + ret = sysdb_store_group(domain, name_a, 2000, NULL, 1000, time(NULL)); assert_int_equal(ret, EOK); @@ -994,7 +1016,7 @@ void test_group_by_name_multiple_domains_parse(void **state) prepare_group(test_ctx, domain, 1000, time(NULL)); /* Append domain name to the username. */ - fqn = talloc_asprintf(test_ctx, "%s@%s", name, + fqn = talloc_asprintf(test_ctx, "%s@%s", shortname, "responder_cache_req_test_d"); assert_non_null(fqn); @@ -1002,7 +1024,7 @@ void test_group_by_name_multiple_domains_parse(void **state) req_mem_ctx = talloc_new(global_talloc_context); check_leaks_push(req_mem_ctx); - mock_parse_inp(name, "responder_cache_req_test_d", ERR_OK); + mock_parse_inp(TEST_USER_NAME, "responder_cache_req_test_d", ERR_OK); req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, test_ctx->ncache, 10, 0, @@ -1018,7 +1040,7 @@ void test_group_by_name_multiple_domains_parse(void **state) check_group(test_ctx, domain); assert_non_null(test_ctx->name); - assert_string_equal(name, test_ctx->name); + assert_string_equal(TEST_USER_NAME, test_ctx->name); } void test_group_by_name_cache_valid(void **state) @@ -1402,7 +1424,8 @@ void test_users_by_filter_filter_old(void **state) /* This user was updated in distant past, so it wont't be reported by * the filter search */ - ret = sysdb_store_user(test_ctx->tctx->dom, TEST_USER_NAME2, "pwd", 1001, 1001, + ret = sysdb_store_user(test_ctx->tctx->dom, + TEST_USER_NAME2"@"TEST_DOM_NAME, "pwd", 1001, 1001, NULL, NULL, NULL, "cn="TEST_USER_NAME2",dc=test", NULL, NULL, 1000, 1); assert_int_equal(ret, EOK); diff --git a/src/tests/cmocka/test_sysdb_views.c b/src/tests/cmocka/test_sysdb_views.c index 8ec9b53fb..b8cb453b0 100644 --- a/src/tests/cmocka/test_sysdb_views.c +++ b/src/tests/cmocka/test_sysdb_views.c @@ -150,6 +150,7 @@ static void test_sysdb_store_override(void **state) struct ldb_message **msgs; struct sysdb_attrs *attrs; size_t count; + char *name; const char override_dn_str[] = SYSDB_OVERRIDE_ANCHOR_UUID "=" \ TEST_ANCHOR_PREFIX TEST_USER_SID "," TEST_VIEW_CONTAINER; @@ -157,14 +158,17 @@ static void test_sysdb_store_override(void **state) struct sysdb_test_ctx); test_ctx->domain->mpg = false; + name = sss_create_internal_fqname(test_ctx, TEST_USER_NAME, + test_ctx->domain->name); + assert_non_null(name); - ret = sysdb_store_user(test_ctx->domain, TEST_USER_NAME, NULL, + ret = sysdb_store_user(test_ctx->domain, name, NULL, TEST_USER_UID, TEST_USER_GID, TEST_USER_GECOS, TEST_USER_HOMEDIR, TEST_USER_SHELL, NULL, NULL, NULL, 0,0); assert_int_equal(ret, EOK); - ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, TEST_USER_NAME, + ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, name, NULL, &msg); assert_int_equal(ret, EOK); assert_non_null(msg); @@ -378,6 +382,7 @@ void test_sysdb_delete_view_tree(void **state) struct sysdb_attrs *attrs; size_t count; struct ldb_dn *views_dn; + char *name; struct sysdb_test_ctx *test_ctx = talloc_get_type_abort(*state, struct sysdb_test_ctx); @@ -387,13 +392,17 @@ void test_sysdb_delete_view_tree(void **state) ret = sysdb_update_view_name(test_ctx->domain->sysdb, TEST_VIEW_NAME); assert_int_equal(ret, EOK); - ret = sysdb_store_user(test_ctx->domain, TEST_USER_NAME, NULL, + name = sss_create_internal_fqname(test_ctx, TEST_USER_NAME, + test_ctx->domain->name); + assert_non_null(name); + + ret = sysdb_store_user(test_ctx->domain, name, NULL, TEST_USER_UID, TEST_USER_GID, TEST_USER_GECOS, TEST_USER_HOMEDIR, TEST_USER_SHELL, NULL, NULL, NULL, 0,0); assert_int_equal(ret, EOK); - ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, TEST_USER_NAME, + ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, name, NULL, &msg); assert_int_equal(ret, EOK); assert_non_null(msg); @@ -436,6 +445,7 @@ void test_sysdb_invalidate_overrides(void **state) struct ldb_message *msg; struct sysdb_attrs *attrs; struct ldb_dn *views_dn; + char *name; const char *user_attrs[] = { SYSDB_NAME, SYSDB_CACHE_EXPIRE, SYSDB_OVERRIDE_DN, @@ -445,17 +455,21 @@ void test_sysdb_invalidate_overrides(void **state) struct sysdb_test_ctx); test_ctx->domain->mpg = false; + name = sss_create_internal_fqname(test_ctx, TEST_USER_NAME, + test_ctx->domain->name); + assert_non_null(name); + ret = sysdb_update_view_name(test_ctx->domain->sysdb, TEST_VIEW_NAME); assert_int_equal(ret, EOK); - ret = sysdb_store_user(test_ctx->domain, TEST_USER_NAME, NULL, + ret = sysdb_store_user(test_ctx->domain, name, NULL, TEST_USER_UID, TEST_USER_GID, TEST_USER_GECOS, TEST_USER_HOMEDIR, TEST_USER_SHELL, NULL, NULL, NULL, 10,0); assert_int_equal(ret, EOK); - ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, TEST_USER_NAME, + ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, name, NULL, &msg); assert_int_equal(ret, EOK); assert_non_null(msg); @@ -478,7 +492,7 @@ void test_sysdb_invalidate_overrides(void **state) ret = sysdb_delete_view_tree(test_ctx->domain->sysdb, TEST_VIEW_NAME); assert_int_equal(ret, EOK); - ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, TEST_USER_NAME, + ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, name, user_attrs, &msg); assert_int_equal(ret, EOK); assert_non_null(msg); @@ -488,7 +502,7 @@ void test_sysdb_invalidate_overrides(void **state) ret = sysdb_invalidate_overrides(test_ctx->domain->sysdb); assert_int_equal(ret, EOK); - ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, TEST_USER_NAME, + ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, name, user_attrs, &msg); assert_int_equal(ret, EOK); assert_non_null(msg); @@ -496,7 +510,7 @@ void test_sysdb_invalidate_overrides(void **state) 1); assert_null(ldb_msg_find_attr_as_string(msg, SYSDB_OVERRIDE_DN, NULL)); - ret = sysdb_delete_user(test_ctx->domain, TEST_USER_NAME, 0); + ret = sysdb_delete_user(test_ctx->domain, name, 0); assert_int_equal(ret, EOK); } @@ -542,19 +556,23 @@ static void enum_test_add_users(struct sysdb_test_ctx *test_ctx, int i; int ret; struct sysdb_attrs *attrs; + char *name = NULL; for (i = 0; usernames[i] != NULL; i++) { attrs = talloc(test_ctx, struct sysdb_attrs); assert_non_null(attrs); - - ret = sysdb_store_user(test_ctx->domain, usernames[i], + name = sss_create_internal_fqname(test_ctx, usernames[i], + test_ctx->domain->name); + assert_non_null(name); + ret = sysdb_store_user(test_ctx->domain, name, NULL, 0, 0, usernames[i], "/", "/bin/sh", NULL, NULL, NULL, 1, 1234 + i); assert_int_equal(ret, EOK); - enum_test_user_override(test_ctx, usernames[i]); + enum_test_user_override(test_ctx, name); talloc_free(attrs); + talloc_free(name); } } @@ -779,16 +797,19 @@ static void enum_test_add_groups(struct sysdb_test_ctx *test_ctx, int i; int ret; struct sysdb_attrs *attrs; + char *gr_name; for (i = 0; groupnames[i] != NULL; i++) { attrs = talloc(test_ctx, struct sysdb_attrs); assert_non_null(attrs); - ret = sysdb_store_group(test_ctx->domain, groupnames[i], + gr_name = sss_create_internal_fqname(test_ctx, groupnames[i], + test_ctx->domain->name); + ret = sysdb_store_group(test_ctx->domain, gr_name, 0, NULL, 1, 1234 + i); assert_int_equal(ret, EOK); - enum_test_group_override(test_ctx, groupnames[i], + enum_test_group_override(test_ctx, gr_name, TEST_GID_OVERRIDE_BASE + i); talloc_free(attrs); } diff --git a/src/tests/simple_access-tests.c b/src/tests/simple_access-tests.c index a7d6a5278..b968b3570 100644 --- a/src/tests/simple_access-tests.c +++ b/src/tests/simple_access-tests.c @@ -159,38 +159,65 @@ void setup_simple_group(void) setup_simple(); + char *u1; + char *u2; + char *u3; + char *g1; + char *g2; + char *pvt; + + u1 = sss_create_internal_fqname(test_ctx, "u1", + test_ctx->ctx->domain->name); + u2 = sss_create_internal_fqname(test_ctx, "u2", + test_ctx->ctx->domain->name); + u3 = sss_create_internal_fqname(test_ctx, "u3", + test_ctx->ctx->domain->name); + g1 = sss_create_internal_fqname(test_ctx, "g1", + test_ctx->ctx->domain->name); + g2 = sss_create_internal_fqname(test_ctx, "g2", + test_ctx->ctx->domain->name); + pvt = sss_create_internal_fqname(test_ctx, "pvt", + test_ctx->ctx->domain->name); + + fail_if(u1 == NULL, "sss_create_internal_fqname failed"); + fail_if(u2 == NULL, "sss_create_internal_fqname failed"); + fail_if(u3 == NULL, "sss_create_internal_fqname failed"); + fail_if(g1 == NULL, "sss_create_internal_fqname failed"); + fail_if(g2 == NULL, "sss_create_internal_fqname failed"); + fail_if(pvt == NULL, "sss_create_internal_fqname failed"); + /* Add test users u1 and u2 that would be members of test groups * g1 and g2 respectively */ - ret = sysdb_add_group(test_ctx->ctx->domain, "pvt", 999, NULL, 0, 0); + ret = sysdb_add_group(test_ctx->ctx->domain, pvt, 999, NULL, 0, 0); fail_if(ret != EOK, "Could not add private group %s", strerror(ret)); ret = sysdb_store_user(test_ctx->ctx->domain, - "u1", NULL, 123, 999, "u1", "/home/u1", + u1, NULL, 123, 999, "u1", "/home/u1", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_if(ret != EOK, "Could not add u1"); ret = sysdb_store_user(test_ctx->ctx->domain, - "u2", NULL, 456, 999, "u1", "/home/u1", + u2, NULL, 456, 999, "u1", "/home/u1", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_if(ret != EOK, "Could not add u2"); ret = sysdb_store_user(test_ctx->ctx->domain, - "u3", NULL, 789, 999, "u1", "/home/u1", + u3, NULL, 789, 999, "u1", "/home/u1", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_if(ret != EOK, "Could not add u3"); - ret = sysdb_add_group(test_ctx->ctx->domain, "g1", 321, NULL, 0, 0); + ret = sysdb_add_group(test_ctx->ctx->domain, g1, 321, NULL, 0, 0); fail_if(ret != EOK, "Could not add g1"); - ret = sysdb_add_group(test_ctx->ctx->domain, "g2", 654, NULL, 0, 0); + ret = sysdb_add_group(test_ctx->ctx->domain, g2, 654, NULL, 0, 0); fail_if(ret != EOK, "Could not add g2"); ret = sysdb_add_group_member(test_ctx->ctx->domain, - "g1", "u1", SYSDB_MEMBER_USER, false); + g1, u1, SYSDB_MEMBER_USER, false); fail_if(ret != EOK, "Could not add u1 to g1"); ret = sysdb_add_group_member(test_ctx->ctx->domain, - "g2", "u2", SYSDB_MEMBER_USER, false); + g2, u2, SYSDB_MEMBER_USER, false); fail_if(ret != EOK, "Could not add u2 to g2"); } @@ -198,17 +225,45 @@ void teardown_simple_group(void) { errno_t ret; - ret = sysdb_delete_user(test_ctx->ctx->domain, "u1", 0); + char *u1; + char *u2; + char *u3; + char *g1; + char *g2; + char *pvt; + + u1 = sss_create_internal_fqname(test_ctx, "u1", + test_ctx->ctx->domain->name); + u2 = sss_create_internal_fqname(test_ctx, "u2", + test_ctx->ctx->domain->name); + u3 = sss_create_internal_fqname(test_ctx, "u3", + test_ctx->ctx->domain->name); + g1 = sss_create_internal_fqname(test_ctx, "g1", + test_ctx->ctx->domain->name); + g2 = sss_create_internal_fqname(test_ctx, "g2", + test_ctx->ctx->domain->name); + pvt = sss_create_internal_fqname(test_ctx, "pvt", + test_ctx->ctx->domain->name); + + fail_if(u1 == NULL, "sss_create_internal_fqname failed"); + fail_if(u2 == NULL, "sss_create_internal_fqname failed"); + fail_if(u3 == NULL, "sss_create_internal_fqname failed"); + fail_if(g1 == NULL, "sss_create_internal_fqname failed"); + fail_if(g2 == NULL, "sss_create_internal_fqname failed"); + fail_if(pvt == NULL, "sss_create_internal_fqname failed"); + + + ret = sysdb_delete_user(test_ctx->ctx->domain, u1, 0); fail_if(ret != EOK, "Could not delete u1"); - ret = sysdb_delete_user(test_ctx->ctx->domain, "u2", 0); + ret = sysdb_delete_user(test_ctx->ctx->domain, u2, 0); fail_if(ret != EOK, "Could not delete u2"); - ret = sysdb_delete_user(test_ctx->ctx->domain, "u3", 0); + ret = sysdb_delete_user(test_ctx->ctx->domain, u3, 0); fail_if(ret != EOK, "Could not delete u3"); - ret = sysdb_delete_group(test_ctx->ctx->domain, "g1", 0); + ret = sysdb_delete_group(test_ctx->ctx->domain, g1, 0); fail_if(ret != EOK, "Could not delete g1"); - ret = sysdb_delete_group(test_ctx->ctx->domain, "g2", 0); + ret = sysdb_delete_group(test_ctx->ctx->domain, g2, 0); fail_if(ret != EOK, "Could not delete g2"); - ret = sysdb_delete_group(test_ctx->ctx->domain, "pvt", 0); + ret = sysdb_delete_group(test_ctx->ctx->domain, pvt, 0); fail_if(ret != EOK, "Could not delete pvt"); teardown_simple(); diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index d64e31cfb..0477660f3 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -44,6 +44,7 @@ #define TEST_ATTR_ADD_VALUE "test_attr_add_value" #define CUSTOM_TEST_CONTAINER "custom_test_container" #define CUSTOM_TEST_OBJECT "custom_test_object" +#define TEST_DOM_NAME "local" #define ASQ_TEST_USER "testuser27010" #define ASQ_TEST_USER_UID 27010 @@ -146,7 +147,7 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) return ret; } - ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local", + ret = sssd_domain_init(test_ctx, test_ctx->confdb, TEST_DOM_NAME, TESTS_PATH, &test_ctx->domain); if (ret != EOK) { fail("Could not initialize connection to the sysdb (%d)", ret); @@ -274,9 +275,14 @@ static int test_add_incomplete_group(struct test_data *data) static int test_store_group(struct test_data *data) { int ret; + char *internal_fqname; + internal_fqname = sss_create_internal_fqname(data->ctx, + data->groupname, + data->ctx->domain->name); ret = sysdb_store_group(data->ctx->domain, - data->groupname, data->gid, data->attrs, -1, 0); + internal_fqname, data->gid, data->attrs, -1, 0); + talloc_free(internal_fqname); return ret; } @@ -314,16 +320,18 @@ static int test_set_user_attr(struct test_data *data) static int test_add_group_member(struct test_data *data) { - const char *username; + const char *fq_username; int ret; - username = talloc_asprintf(data, "testuser%d", data->uid); - if (username == NULL) { + fq_username = talloc_asprintf(data, "testuser%d@%s", data->uid, + data->ctx->domain->name); + if (fq_username == NULL) { return ENOMEM; } ret = sysdb_add_group_member(data->ctx->domain, - data->groupname, username, + data->groupname, + fq_username, SYSDB_MEMBER_USER, false); return ret; } @@ -331,6 +339,7 @@ static int test_add_group_member(struct test_data *data) static int test_remove_group_member(struct test_data *data) { const char *username; + char *user_fqname; int ret; username = talloc_asprintf(data, "testuser%d", data->uid); @@ -338,8 +347,11 @@ static int test_remove_group_member(struct test_data *data) return ENOMEM; } + user_fqname = sss_create_internal_fqname(data, username, + data->ctx->domain->name); + ret = sysdb_remove_group_member(data->ctx->domain, - data->groupname, username, + data->groupname, user_fqname, SYSDB_MEMBER_USER, false); return ret; } @@ -407,6 +419,7 @@ static int test_memberof_store_group(struct test_data *data) struct sysdb_attrs *attrs = NULL; char *member; int i; + char *gr_fqname; attrs = sysdb_new_attrs(data); if (!attrs) { @@ -424,8 +437,11 @@ static int test_memberof_store_group(struct test_data *data) } } + gr_fqname = sss_create_internal_fqname(data->ctx, data->groupname, + data->ctx->domain->name); ret = sysdb_store_group(data->ctx->domain, - data->groupname, data->gid, attrs, -1, 0); + gr_fqname, data->gid, attrs, -1, 0); + talloc_free(gr_fqname); return ret; } @@ -435,6 +451,7 @@ static int test_memberof_store_group_with_ghosts(struct test_data *data) struct sysdb_attrs *attrs = NULL; char *member; int i; + char *gr_fqname; attrs = sysdb_new_attrs(data); if (!attrs) { @@ -461,8 +478,14 @@ static int test_memberof_store_group_with_ghosts(struct test_data *data) } } + gr_fqname = sss_create_internal_fqname(data->ctx, data->groupname, + data->ctx->domain->name); + if (gr_fqname == NULL) { + return ENOMEM; + } + ret = sysdb_store_group(data->ctx->domain, - data->groupname, data->gid, attrs, -1, 0); + gr_fqname, data->gid, attrs, -1, 0); return ret; } @@ -539,7 +562,7 @@ START_TEST (test_sysdb_user_new_id) return; } - username = "testuser_newid"; + username = "testuser_newid@test.sub"; attrs = sysdb_new_attrs(test_ctx); fail_if(attrs == NULL); @@ -574,6 +597,7 @@ START_TEST (test_sysdb_store_user) struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; + char *shortname; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -587,7 +611,10 @@ START_TEST (test_sysdb_store_user) data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; - data->username = talloc_asprintf(data, "testuser%d", _i); + shortname = talloc_asprintf(data, "testuser%d", _i); + data->username = sss_create_internal_fqname(data, shortname, + data->ctx->domain->name); + talloc_free(shortname); ret = test_store_user(data); @@ -601,6 +628,7 @@ START_TEST (test_sysdb_store_user_existing) struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; + char *shortname; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -614,8 +642,11 @@ START_TEST (test_sysdb_store_user_existing) data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; - data->username = talloc_asprintf(data, "testuser%d", _i); + shortname = talloc_asprintf(data, "testuser%d", _i); data->shell = talloc_asprintf(data, "/bin/ksh"); + data->username = sss_create_internal_fqname(data, shortname, + data->ctx->domain->name); + talloc_free(shortname); ret = test_store_user(data); @@ -641,7 +672,7 @@ START_TEST (test_sysdb_store_group) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, TEST_DOM_NAME); ret = test_store_group(data); @@ -716,7 +747,7 @@ START_TEST (test_sysdb_remove_local_group) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, TEST_DOM_NAME); ret = test_remove_group(data); @@ -795,7 +826,7 @@ START_TEST (test_sysdb_add_group) data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, TEST_DOM_NAME); ret = test_add_group(data); @@ -824,7 +855,8 @@ START_TEST (test_sysdb_add_group_with_ghosts) data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, + TEST_DOM_NAME); fail_unless(data->groupname != NULL, "Out of memory\n"); data->attrs = sysdb_new_attrs(data); @@ -867,7 +899,7 @@ START_TEST (test_sysdb_add_incomplete_group) data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, TEST_DOM_NAME); ret = test_add_incomplete_group(data); @@ -1167,7 +1199,7 @@ START_TEST (test_sysdb_set_user_attr) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->username = talloc_asprintf(data, "testuser%d", _i); + data->username = talloc_asprintf(data, "testuser%d@%s", _i, test_ctx->domain->name); data->attrs = sysdb_new_attrs(test_ctx); if (ret != EOK) { @@ -1231,7 +1263,8 @@ START_TEST (test_sysdb_remove_attrs) ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); - username = talloc_asprintf(test_ctx, "testuser%d", _i); + username = talloc_asprintf(test_ctx, "testuser%d@%s", _i, + test_ctx->domain->name); fail_if(username == NULL, "OOM"); ret = sysdb_getpwnam(test_ctx, @@ -1324,7 +1357,7 @@ START_TEST (test_sysdb_get_user_attr_subdomain) fail_if(ret != EOK, "Failed to init names."); /* Create user */ - fq_name = sss_tc_fqname(test_ctx, subdomain->names, subdomain, username); + fq_name = sss_create_internal_fqname(test_ctx, username, subdomain->name); fail_if(fq_name == NULL, "Failed to create fq name."); ret = sysdb_store_user(subdomain, fq_name, NULL, 12345, 0, "Gecos", @@ -1362,7 +1395,7 @@ START_TEST (test_sysdb_add_group_member) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, TEST_DOM_NAME); data->uid = _i - 1000; /* the UID of user to add */ ret = test_add_group_member(data); @@ -1437,7 +1470,8 @@ START_TEST (test_sysdb_remove_group_member) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, + TEST_DOM_NAME); data->uid = _i - 1000; /* the UID of user to add */ ret = test_remove_group_member(data); @@ -2049,7 +2083,8 @@ START_TEST (test_sysdb_prepare_asq_test_user) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, + TEST_DOM_NAME); data->uid = ASQ_TEST_USER_UID; ret = test_add_group_member(data); @@ -2260,7 +2295,8 @@ START_TEST (test_sysdb_memberof_store_group) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = MBO_GROUP_BASE + _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); if (_i == 0) { data->attrlist = NULL; @@ -2283,6 +2319,7 @@ START_TEST (test_sysdb_memberof_store_group_with_ghosts) struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; + char *member_name; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -2297,7 +2334,7 @@ START_TEST (test_sysdb_memberof_store_group_with_ghosts) data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); - if (_i == 0) { + if (_i == 0 || _i == MBO_GROUP_BASE) { data->attrlist = NULL; } else { data->attrlist = talloc_array(data, const char *, 2); @@ -2308,7 +2345,9 @@ START_TEST (test_sysdb_memberof_store_group_with_ghosts) data->memberlist = talloc_array(data, char *, 2); fail_unless(data->memberlist != NULL, "talloc_array failed."); - data->memberlist[0] = talloc_asprintf(data, "testuser%d", data->gid); + member_name = talloc_asprintf(data, "testuser%d", data->gid); + data->memberlist[0] = sss_create_internal_fqname(data, member_name, + test_ctx->domain->name); data->memberlist[1] = NULL; ret = test_memberof_store_group_with_ghosts(data); @@ -2335,7 +2374,8 @@ START_TEST (test_sysdb_memberof_store_group_with_double_ghosts) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); if (_i == 0) { data->attrlist = NULL; @@ -2380,7 +2420,8 @@ START_TEST (test_sysdb_memberof_mod_add) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -2469,7 +2510,8 @@ START_TEST (test_sysdb_memberof_mod_replace) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -2562,7 +2604,8 @@ START_TEST (test_sysdb_memberof_mod_replace_keep) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = MBO_GROUP_BASE + 10 - _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -2711,7 +2754,8 @@ START_TEST (test_sysdb_memberof_close_loop) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = MBO_GROUP_BASE; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); @@ -2730,6 +2774,7 @@ START_TEST (test_sysdb_memberof_store_user) struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; + char *shortname; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -2743,8 +2788,10 @@ START_TEST (test_sysdb_memberof_store_user) data->ev = test_ctx->ev; data->uid = MBO_USER_BASE + _i; data->gid = 0; /* MPG domain */ - data->username = talloc_asprintf(data, "testuser%d", data->uid); - + shortname = talloc_asprintf(data, "testuser%d", data->uid); + data->username = sss_create_internal_fqname(data, shortname, + data->ctx->domain->name); + talloc_free(shortname); ret = test_store_user(data); fail_if(ret != EOK, "Could not store user %s", data->username); @@ -2768,7 +2815,9 @@ START_TEST (test_sysdb_memberof_add_group_member) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->groupname = talloc_asprintf(data, "testgroup%d", _i + MBO_GROUP_BASE); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", + _i + MBO_GROUP_BASE, + TEST_DOM_NAME); data->uid = MBO_USER_BASE + _i; ret = test_add_group_member(data); @@ -3122,7 +3171,8 @@ START_TEST (test_sysdb_memberof_mod_del) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -3257,6 +3307,7 @@ START_TEST (test_sysdb_memberof_convert_to_real_users) struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; + char *shortname; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -3270,8 +3321,10 @@ START_TEST (test_sysdb_memberof_convert_to_real_users) data->ev = test_ctx->ev; data->uid = _i * 2; data->gid = _i * 2; - data->username = talloc_asprintf(data, "testghost%d", _i); - + shortname = talloc_asprintf(data, "testghost%d", _i); + data->username = sss_create_internal_fqname(data, shortname, + data->ctx->domain->name); + talloc_free(shortname); ret = test_store_user(data); fail_if(ret != EOK, "Cannot add user %s\n", data->username); } @@ -3365,7 +3418,8 @@ START_TEST (test_sysdb_memberof_ghost_replace) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -3445,7 +3499,8 @@ START_TEST (test_sysdb_memberof_ghost_replace_noop) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -3619,14 +3674,23 @@ START_TEST(test_sysdb_get_real_name) struct sysdb_test_ctx *test_ctx; struct sysdb_attrs *user_attrs; const char *str; + char *fq_alias; + char *realname; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); + fq_alias = sss_create_internal_fqname(test_ctx, "alias", + test_ctx->domain->name); + realname = sss_create_internal_fqname(test_ctx, "RealName", + test_ctx->domain->name); + fail_if(fq_alias == NULL, "sss_create_internal_fqname failed"); + fail_if(realname == NULL, "sss_create_internal_fqname failed"); + user_attrs = sysdb_new_attrs(test_ctx); fail_unless(user_attrs != NULL, "sysdb_new_attrs failed"); - ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, "alias"); + ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, fq_alias); fail_unless(ret == EOK, "sysdb_attrs_add_string failed."); ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, "foo@bar"); @@ -3640,34 +3704,34 @@ START_TEST(test_sysdb_get_real_name) "12345678-9012-3456-7890-123456789012"); fail_unless(ret == EOK, "sysdb_attrs_add_string failed."); - ret = sysdb_store_user(test_ctx->domain, "RealName", + ret = sysdb_store_user(test_ctx->domain, realname, NULL, 22345, 0, "gecos", "/home/realname", "/bin/bash", NULL, user_attrs, NULL, -1, 0); fail_unless(ret == EOK, "sysdb_store_user failed."); /* Get real, uncanonicalized name as string */ - ret = sysdb_get_real_name(test_ctx, test_ctx->domain, "alias", &str); + ret = sysdb_get_real_name(test_ctx, test_ctx->domain, fq_alias, &str); fail_unless(ret == EOK, "sysdb_get_real_name failed."); - fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].", - "RealName", str); + fail_unless(strcmp(str, realname) == 0, "Expected [%s], got [%s].", + realname, str); ret = sysdb_get_real_name(test_ctx, test_ctx->domain, "foo@bar", &str); fail_unless(ret == EOK, "sysdb_get_real_name failed."); - fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].", - "RealName", str); + fail_unless(strcmp(str, realname) == 0, "Expected [%s], got [%s].", + realname, str); ret = sysdb_get_real_name(test_ctx, test_ctx->domain, "S-1-5-21-123-456-789-111", &str); fail_unless(ret == EOK, "sysdb_get_real_name failed."); - fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].", - "RealName", str); + fail_unless(strcmp(str, realname) == 0, "Expected [%s], got [%s].", + realname, str); ret = sysdb_get_real_name(test_ctx, test_ctx->domain, "12345678-9012-3456-7890-123456789012", &str); fail_unless(ret == EOK, "sysdb_get_real_name failed."); - fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].", - "RealName", str); + fail_unless(strcmp(str, realname) == 0, "Expected [%s], got [%s].", + realname, str); } END_TEST @@ -3678,14 +3742,21 @@ START_TEST(test_group_rename) gid_t gid; const gid_t grgid = 38001; const char *name; - const char *fromname = "fromgroup"; - const char *toname = "togroup"; + char *fromname; + char *toname; struct ldb_result *res; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); + fromname = sss_create_internal_fqname(test_ctx, "fromgroup", + test_ctx->domain->name); + fail_if(fromname == NULL, "sss_create_internal_fqname failed"); + toname = sss_create_internal_fqname(test_ctx, "togroup", + test_ctx->domain->name); + fail_if(toname == NULL, "sss_create_internal_fqname failed"); + /* Store and verify the first group */ ret = sysdb_store_group(test_ctx->domain, fromname, grgid, NULL, 0, 0); @@ -3748,14 +3819,19 @@ START_TEST(test_user_rename) uid_t uid; const uid_t userid = 38002; const char *name; - const char *fromname = "fromuser"; - const char *toname = "touser"; + char *fromname; + char *toname; struct ldb_result *res; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); + fromname = sss_create_internal_fqname(&test_ctx, "fromname", test_ctx->domain->name); + toname = sss_create_internal_fqname(&test_ctx, "toname", test_ctx->domain->name); + fail_if(fromname == NULL, "sss_create_internal_fqname failed"); + fail_if(toname == NULL, "sss_create_internal_fqname failed"); + /* Store and verify the first user */ ret = sysdb_store_user(test_ctx->domain, fromname, NULL, userid, 0, @@ -3821,32 +3897,42 @@ START_TEST (test_sysdb_update_members) char **add_groups; char **del_groups; const char *user = "testuser27000"; + char *user_fqname; errno_t ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); + user_fqname = sss_create_internal_fqname(test_ctx, user, + test_ctx->domain->name); + fail_if(user_fqname == NULL, "user_fqname returned NULL"); + /* Add a user to two groups */ add_groups = talloc_array(test_ctx, char *, 3); - add_groups[0] = talloc_strdup(add_groups, "testgroup28001"); - add_groups[1] = talloc_strdup(add_groups, "testgroup28002"); + add_groups[0] = sss_create_internal_fqname(add_groups, "testgroup28001", + test_ctx->domain->name); + add_groups[1] = sss_create_internal_fqname(add_groups, "testgroup28002", + test_ctx->domain->name); add_groups[2] = NULL; - ret = sysdb_update_members(test_ctx->domain, user, SYSDB_MEMBER_USER, + ret = sysdb_update_members(test_ctx->domain, user_fqname, + SYSDB_MEMBER_USER, (const char *const *)add_groups, NULL); fail_unless(ret == EOK, "Could not add groups"); talloc_zfree(add_groups); /* Remove a user from one group and add to another */ del_groups = talloc_array(test_ctx, char *, 2); - del_groups[0] = talloc_strdup(del_groups, "testgroup28001"); + del_groups[0] = sss_create_internal_fqname(del_groups, "testgroup28001", + test_ctx->domain->name); del_groups[1] = NULL; add_groups = talloc_array(test_ctx, char *, 2); - add_groups[0] = talloc_strdup(add_groups, "testgroup28003"); + add_groups[0] = sss_create_internal_fqname(add_groups, "testgroup28003", + test_ctx->domain->name); add_groups[1] = NULL; - ret = sysdb_update_members(test_ctx->domain, user, SYSDB_MEMBER_USER, + ret = sysdb_update_members(test_ctx->domain, user_fqname, SYSDB_MEMBER_USER, (const char *const *)add_groups, (const char *const *)del_groups); fail_unless(ret == EOK, "Group replace failed"); @@ -3855,11 +3941,13 @@ START_TEST (test_sysdb_update_members) /* Remove a user from two groups */ del_groups = talloc_array(test_ctx, char *, 3); - del_groups[0] = talloc_strdup(del_groups, "testgroup28002"); - del_groups[1] = talloc_strdup(del_groups, "testgroup28003"); + del_groups[0] = sss_create_internal_fqname(del_groups, "testgroup28002", + test_ctx->domain->name); + del_groups[1] = sss_create_internal_fqname(del_groups, "testgroup28003", + test_ctx->domain->name); del_groups[2] = NULL; - ret = sysdb_update_members(test_ctx->domain, user, SYSDB_MEMBER_USER, + ret = sysdb_update_members(test_ctx->domain, user_fqname, SYSDB_MEMBER_USER, NULL, (const char *const *)del_groups); fail_unless(ret == EOK, "Could not remove groups"); @@ -3883,7 +3971,7 @@ START_TEST (test_sysdb_group_dn_name) return; } - groupname = talloc_asprintf(test_ctx, "testgroup%d", _i); + groupname = talloc_asprintf(test_ctx, "testgroup%d@%s", _i, TEST_DOM_NAME); group_dn = sysdb_group_dn(test_ctx, test_ctx->domain, groupname); if (!group_dn || !groupname) { fail("Out of memory"); @@ -4092,10 +4180,10 @@ START_TEST(test_odd_characters) struct ldb_result *res; struct ldb_message *msg; const struct ldb_val *val; - const char odd_username[] = "*(odd)\\user,name"; + char *odd_username; const char odd_username_orig_dn[] = "\\2a\\28odd\\29\\5cuser,name,cn=users,dc=example,dc=com"; - const char odd_groupname[] = "*(odd\\*)\\group,name"; + char *odd_groupname; const char odd_netgroupname[] = "*(odd\\*)\\netgroup,name"; const char *received_user; const char *received_group; @@ -4109,6 +4197,14 @@ START_TEST(test_odd_characters) return; } + odd_groupname = sss_create_internal_fqname(test_ctx, + "*(odd\\*)\\group,name", + test_ctx->domain->name); + odd_username = sss_create_internal_fqname(test_ctx, "*(odd)\\user,name", + test_ctx->domain->name); + fail_if(odd_groupname == NULL, "sss_create_internal_fqname failed"); + fail_if(odd_username == NULL, "sss_create_internal_fqname failed"); + /* ===== Groups ===== */ /* Add */ @@ -4249,7 +4345,7 @@ START_TEST(test_SSS_LDB_SEARCH) struct sysdb_test_ctx *test_ctx; struct ldb_dn *group_dn, *nonexist_dn; struct ldb_result *res; - const char groupname[] = "test_group"; + const char groupname[] = "test_group@"TEST_DOM_NAME; const char *received_group; /* Setup */ @@ -4265,7 +4361,7 @@ START_TEST(test_SSS_LDB_SEARCH) fail_if(group_dn == NULL, "sysdb_group_dn failed"); nonexist_dn = sysdb_group_dn(test_ctx, test_ctx->domain, - "non-existing-group"); + "non-existing-group@"TEST_DOM_NAME); fail_if(nonexist_dn == NULL, "sysdb_group_dn failed"); /* Add */ @@ -4957,7 +5053,8 @@ START_TEST (test_sysdb_search_return_ENOENT) /* Search user */ ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, - "nonexisting_user", NULL, &msg); + "nonexisting_user@"TEST_DOM_NAME, + NULL, &msg); fail_unless(ret == ENOENT, "sysdb_search_user_by_name error [%d][%s].", ret, strerror(ret)); talloc_zfree(msg); @@ -5058,7 +5155,8 @@ START_TEST (test_sysdb_search_return_ENOENT) talloc_zfree(msgs); /* General search */ - user_dn = sysdb_user_dn(test_ctx, test_ctx->domain, "nonexisting_user"); + user_dn = sysdb_user_dn(test_ctx, test_ctx->domain, + "nonexisting_user@"TEST_DOM_NAME); fail_if(user_dn == NULL, "sysdb_user_dn failed"); ret = sysdb_asq_search(test_ctx, test_ctx->domain, @@ -5078,7 +5176,8 @@ START_TEST (test_sysdb_search_return_ENOENT) talloc_zfree(user_dn); /* SSS_LDB_SEARCH */ - user_dn = sysdb_user_dn(test_ctx, test_ctx->domain, "nonexisting_user"); + user_dn = sysdb_user_dn(test_ctx, test_ctx->domain, + "nonexisting_user@"TEST_DOM_NAME); fail_if(user_dn == NULL, "sysdb_user_dn failed"); SSS_LDB_SEARCH(ret, test_ctx->sysdb->ldb, test_ctx, &res, user_dn, LDB_SCOPE_BASE, NULL, "objectClass=user"); @@ -5141,22 +5240,22 @@ START_TEST(test_sysdb_original_dn_case_insensitive) fail_if(ret != EOK, "Could not set up the test"); ret = sysdb_add_incomplete_group(test_ctx->domain, - "case_sensitive_group1", 29000, - "cn=case_sensitive_group1,cn=example,cn=com", + "case_sensitive_group1@"TEST_DOM_NAME, 29000, + "cn=case_sensitive_group1@"TEST_DOM_NAME",cn=example,cn=com", NULL, NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); ret = sysdb_add_incomplete_group(test_ctx->domain, - "case_sensitive_group2", 29001, - "cn=CASE_SENSITIVE_GROUP1,cn=EXAMPLE,cn=COM", + "case_sensitive_group2@"TEST_DOM_NAME, 29001, + "cn=CASE_SENSITIVE_GROUP1@"TEST_DOM_NAME",cn=EXAMPLE,cn=COM", NULL, NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); /* Search by originalDN should yield 2 entries */ filter = talloc_asprintf(test_ctx, "%s=%s", SYSDB_ORIG_DN, - "cn=case_sensitive_group1,cn=example,cn=com"); + "cn=case_sensitive_group1@"TEST_DOM_NAME",cn=example,cn=com"); fail_if(filter == NULL, "Cannot construct filter\n"); base_dn = sysdb_domain_dn(test_ctx, test_ctx->domain); @@ -5184,8 +5283,8 @@ START_TEST(test_sysdb_search_sid_str) fail_if(ret != EOK, "Could not set up the test"); ret = sysdb_add_incomplete_group(test_ctx->domain, - "group", 29000, - "cn=group,cn=example,cn=com", + "group@"TEST_DOM_NAME, 29000, + "cn=group@"TEST_DOM_NAME",cn=example,cn=com", "S-1-2-3-4", NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); @@ -5384,10 +5483,11 @@ START_TEST(test_sysdb_subdomain_store_user) user_attrs = sysdb_new_attrs(test_ctx); fail_unless(user_attrs != NULL, "sysdb_new_attrs failed"); - ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, "subdomuser"); + ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, + "subdomuser@test.sub"); fail_unless(ret == EOK, "sysdb_store_user failed."); - ret = sysdb_store_user(subdomain, "SubDomUser", + ret = sysdb_store_user(subdomain, "SubDomUser@test.sub", NULL, 12345, 0, "Sub Domain User", "/home/subdomuser", "/bin/bash", NULL, user_attrs, NULL, -1, 0); @@ -5397,11 +5497,11 @@ START_TEST(test_sysdb_subdomain_store_user) fail_unless(base_dn != NULL); check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, - "name=SubDomUser,cn=users,cn=test.sub,cn=sysdb"); + "name=SubDomUser@test.sub,cn=users,cn=test.sub,cn=sysdb"); fail_unless(check_dn != NULL); ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn, - LDB_SCOPE_SUBTREE, NULL, "name=SubDomUser"); + LDB_SCOPE_SUBTREE, NULL, "name=SubDomUser@test.sub"); fail_unless(ret == EOK, "ldb_search failed."); fail_unless(results->count == 1, "Unexpected number of results, " "expected [%d], got [%d]", @@ -5411,16 +5511,16 @@ START_TEST(test_sysdb_subdomain_store_user) /* Subdomains are case-insensitive. Test that the lowercased name * can be found, too */ - ret = sysdb_search_user_by_name(test_ctx, subdomain, "subdomuser", attrs, - &msg); + ret = sysdb_search_user_by_name(test_ctx, subdomain, "subdomuser@test.sub", + attrs, &msg); fail_unless(ret == EOK, "sysdb_search_user_by_name failed."); - ret = sysdb_delete_user(subdomain, "subdomuser", 0); + ret = sysdb_delete_user(subdomain, "subdomuser@test.sub", 0); fail_unless(ret == EOK, "sysdb_delete_user failed [%d][%s].", ret, strerror(ret)); ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn, - LDB_SCOPE_SUBTREE, NULL, "name=subdomuser"); + LDB_SCOPE_SUBTREE, NULL, "name=subdomuser@test.sub"); fail_unless(ret == EOK, "ldb_search failed."); fail_unless(results->count == 0, "Unexpected number of results, " "expected [%d], got [%d]", @@ -5452,17 +5552,18 @@ START_TEST(test_sysdb_subdomain_user_ops) fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", ret, strerror(ret)); - ret = sysdb_store_user(subdomain, "subdomuser", + ret = sysdb_store_user(subdomain, "subdomuser@test.sub", NULL, 12345, 0, "Sub Domain User", "/home/subdomuser", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_unless(ret == EOK, "sysdb_store_domuser failed."); check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, - "name=subdomuser,cn=users,cn=test.sub,cn=sysdb"); + "name=subdomuser@test.sub,cn=users,cn=test.sub,cn=sysdb"); fail_unless(check_dn != NULL); - ret = sysdb_search_user_by_name(test_ctx, subdomain, "subdomuser", NULL, + ret = sysdb_search_user_by_name(test_ctx, subdomain, + "subdomuser@test.sub", NULL, &msg); fail_unless(ret == EOK, "sysdb_search_user_by_name failed with [%d][%s].", ret, strerror(ret)); @@ -5475,7 +5576,7 @@ START_TEST(test_sysdb_subdomain_user_ops) fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, "Unexpedted DN returned"); - ret = sysdb_delete_user(subdomain, "subdomuser", 12345); + ret = sysdb_delete_user(subdomain, "subdomuser@test.sub", 12345); fail_unless(ret == EOK, "sysdb_delete_domuser failed with [%d][%s].", ret, strerror(ret)); @@ -5490,6 +5591,8 @@ START_TEST(test_sysdb_subdomain_group_ops) struct ldb_message *msg = NULL; struct ldb_dn *check_dn = NULL; struct sysdb_attrs *group_attrs; + char *dn; + char *subdomgroup; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); @@ -5513,15 +5616,19 @@ START_TEST(test_sysdb_subdomain_group_ops) ret = sysdb_attrs_add_string(group_attrs, SYSDB_NAME_ALIAS, "subdomgroup"); fail_unless(ret == EOK, "sysdb_attrs_add_string failed."); + subdomgroup = sss_create_internal_fqname(test_ctx, "subDomGroup", + subdomain->name); + fail_if(subdomgroup == NULL, "sss_create_internal_fqname failed"); ret = sysdb_store_group(subdomain, - "subDomGroup", 12345, group_attrs, -1, 0); + subdomgroup, 12345, group_attrs, -1, 0); fail_unless(ret == EOK, "sysdb_store_group failed."); - check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, - "name=subDomGroup,cn=groups,cn=test.sub,cn=sysdb"); + dn = talloc_asprintf(test_ctx, "name=%s,cn=groups,cn=test.sub,cn=sysdb", + subdomgroup); + check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, dn); fail_unless(check_dn != NULL); - ret = sysdb_search_group_by_name(test_ctx, subdomain, "subDomGroup", NULL, + ret = sysdb_search_group_by_name(test_ctx, subdomain, subdomgroup, NULL, &msg); fail_unless(ret == EOK, "sysdb_search_group_by_name failed with [%d][%s].", ret, strerror(ret)); @@ -5530,7 +5637,8 @@ START_TEST(test_sysdb_subdomain_group_ops) /* subdomains are case insensitive, so it should be possible to search the group with a lowercase name version, too */ - ret = sysdb_search_group_by_name(test_ctx, subdomain, "subdomgroup", NULL, + /* Fixme - lowercase this */ + ret = sysdb_search_group_by_name(test_ctx, subdomain, subdomgroup, NULL, &msg); fail_unless(ret == EOK, "case-insensitive group search failed with [%d][%s].", ret, strerror(ret)); @@ -5544,7 +5652,7 @@ START_TEST(test_sysdb_subdomain_group_ops) fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, "Unexpedted DN returned"); - ret = sysdb_delete_group(subdomain, "subDomGroup", 12345); + ret = sysdb_delete_group(subdomain, subdomgroup, 12345); fail_unless(ret == EOK, "sysdb_delete_group failed with [%d][%s].", ret, strerror(ret)); @@ -6324,7 +6432,8 @@ START_TEST(test_sysdb_mark_entry_as_expired_ldb_dn) expire = ldb_msg_find_attr_as_uint64(msgs[0], SYSDB_CACHE_EXPIRE, 0); ck_assert(expire != 1); - userdn = sysdb_user_dn(test_ctx, test_ctx->domain, "testuser"); + userdn = sysdb_user_dn(test_ctx, test_ctx->domain, + "testuser@"TEST_DOM_NAME); ck_assert(userdn != NULL); ret = sysdb_transaction_start(test_ctx->sysdb); diff --git a/src/tools/sss_groupshow.c b/src/tools/sss_groupshow.c index 41d7475ce..3743a568f 100644 --- a/src/tools/sss_groupshow.c +++ b/src/tools/sss_groupshow.c @@ -318,7 +318,7 @@ int group_show(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, bool recursive, - const char *name, + const char *internal_fqname, struct group_info **res) { struct group_info *root; @@ -330,7 +330,8 @@ int group_show(TALLOC_CTX *mem_ctx, int i; /* First, search for the root group */ - ret = sysdb_search_group_by_name(mem_ctx, domain, name, attrs, &msg); + ret = sysdb_search_group_by_name(mem_ctx, domain, internal_fqname, + attrs, &msg); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Search failed: %s (%d)\n", strerror(ret), ret); @@ -408,7 +409,7 @@ done: static int group_show_trim_memberof(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *name, + const char *name, /* internal fqname */ const char **memberofs, const char ***_direct) { @@ -478,7 +479,7 @@ int group_show_recurse(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, struct group_info *root, struct group_info *parent, - const char **group_members, + const char **group_members, /* internal fq format */ const int nmembers, struct group_info ***up_members) { diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c index 2cd6a57aa..e45bbcc6e 100644 --- a/src/tools/sss_seed.c +++ b/src/tools/sss_seed.c @@ -729,6 +729,19 @@ static int seed_cache_user(struct seed_ctx *sctx) bool in_transaction = false; int ret = EOK; errno_t sret; + char *name; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + name = sss_ioname2internal(tmp_ctx, sctx->domain, sctx->uctx->name); + if (name == NULL) { + ret = ENOMEM; + goto done; + } ret = sysdb_transaction_start(sctx->sysdb); if (ret != EOK) { @@ -777,6 +790,7 @@ done: } } + talloc_free(tmp_ctx); return ret; } diff --git a/src/util/usertools.c b/src/util/usertools.c index 81b729d5c..79b9fc77b 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -797,7 +797,7 @@ done: char *sss_ioname2internal(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - char *ioname) + const char *ioname) { char *shortname; char *domname; diff --git a/src/util/util.h b/src/util/util.h index 25935f2fd..9f9507cfc 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -323,7 +323,7 @@ int sss_parse_name_for_domains(TALLOC_CTX *memctx, char *sss_ioname2internal(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - char *ioname); + const char *ioname); char * sss_get_cased_name(TALLOC_CTX *mem_ctx, const char *orig_name, bool case_sensitive); |