sdap: properly handle binary objectGuid attribute

Although in the initial processing SSSD treats the binary value right at
some point it mainly assumes that it is a string. Depending on the value
this might end up with the correct binary value stored in the cache but
in most cases there will be only a broken entry in the cache.

This patch converts the binary value into a string representation which
is described in [MS-DTYP] and stores the result in the cache.

Resolves https://fedorahosted.org/sssd/ticket/2588

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

3 files changed, 21 insertions, 34 deletions

diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 818f30b95..478325214 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -511,7 +511,6 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     bool posix_group;
     bool use_id_mapping;
     char *sid_str;
-    const char *uuid;
     struct sss_domain_info *subdomain;
     int32_t ad_group_type;
 
@@ -549,22 +548,14 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     }
 
     /* Always store UUID if available */
-    ret = sysdb_attrs_get_string(attrs,
-                                 opts->group_map[SDAP_AT_GROUP_UUID].sys_name,
-                                 &uuid);
-    if (ret == EOK) {
-        ret = sysdb_attrs_add_string(group_attrs, SYSDB_UUID, uuid);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_MINOR_FAILURE, "Could not add UUID string: [%s]\n",
-                                         sss_strerror(ret));
-            goto done;
-        }
-    } else if (ret == ENOENT) {
-        DEBUG(SSSDBG_TRACE_ALL, "UUID not available for group [%s].\n",
-                                 group_name);
-    } else {
-        DEBUG(SSSDBG_MINOR_FAILURE, "Could not identify UUID [%s]\n",
-                                     sss_strerror(ret));
+    ret = sysdb_handle_original_uuid(
+                                   opts->group_map[SDAP_AT_GROUP_UUID].def_name,
+                                   attrs,
+                                   opts->group_map[SDAP_AT_GROUP_UUID].sys_name,
+                                   group_attrs, SYSDB_UUID);
+    if (ret != EOK) {
+        DEBUG((ret == ENOENT) ? SSSDBG_TRACE_ALL : SSSDBG_MINOR_FAILURE,
+              "Failed to retrieve UUID [%d][%s].\n", ret, sss_strerror(ret));
     }
 
     /* If this object has a SID available, we will determine the correct
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 2fd235f28..96617aecc 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -196,8 +196,13 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
                     original_dn = NULL;
                 }
 
+                ret = sysdb_handle_original_uuid(
+                                   opts->group_map[SDAP_AT_GROUP_UUID].def_name,
+                                   ldap_groups[ai],
+                                   opts->group_map[SDAP_AT_GROUP_UUID].sys_name,
+                                   ldap_groups[ai], "uniqueIDstr");
                 ret = sysdb_attrs_get_string(ldap_groups[ai],
-                                             SYSDB_UUID,
+                                             "uniqueIDstr",
                                              &uuid);
                 if (ret) {
                     DEBUG(SSSDBG_FUNC_DATA,
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index 367e3d795..82b4df479 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -140,7 +140,6 @@ int sdap_save_user(TALLOC_CTX *memctx,
     TALLOC_CTX *tmpctx = NULL;
     bool use_id_mapping;
     char *sid_str;
-    const char *uuid;
     char *dom_sid_str = NULL;
     struct sss_domain_info *subdomain;
 
@@ -179,21 +178,13 @@ int sdap_save_user(TALLOC_CTX *memctx,
     }
 
     /* Always store UUID if available */
-    ret = sysdb_attrs_get_string(attrs,
-                                 opts->user_map[SDAP_AT_USER_UUID].sys_name,
-                                 &uuid);
-    if (ret == EOK) {
-        ret = sysdb_attrs_add_string(user_attrs, SYSDB_UUID, uuid);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_MINOR_FAILURE, "Could not add UUID string: [%s]\n",
-                                         sss_strerror(ret));
-            goto done;
-        }
-    } else if (ret == ENOENT) {
-        DEBUG(SSSDBG_TRACE_ALL, "UUID not available for user.\n");
-    } else {
-        DEBUG(SSSDBG_MINOR_FAILURE, "Could not identify UUID [%s]\n",
-                                     sss_strerror(ret));
+    ret = sysdb_handle_original_uuid(opts->user_map[SDAP_AT_USER_UUID].def_name,
+                                     attrs,
+                                     opts->user_map[SDAP_AT_USER_UUID].sys_name,
+                                     user_attrs, SYSDB_UUID);
+    if (ret != EOK) {
+        DEBUG((ret == ENOENT) ? SSSDBG_TRACE_ALL : SSSDBG_MINOR_FAILURE,
+              "Failed to retrieve UUID [%d][%s].\n", ret, sss_strerror(ret));
     }
 
     /* If this object has a SID available, we will determine the correct