diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-23 16:27:23 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 15:43:42 +0200 |
commit | 5eda23c28c582b43b2a0a165b1750f3875c0fa84 (patch) | |
tree | 2cf532925461c2292ad4252406cb4a0ad578bbb7 /src/responder/common | |
parent | e373fffbb8e06d0d7682d095c734e8df8a499ba0 (diff) | |
download | sssd-5eda23c28c582b43b2a0a165b1750f3875c0fa84.tar.gz sssd-5eda23c28c582b43b2a0a165b1750f3875c0fa84.tar.xz sssd-5eda23c28c582b43b2a0a165b1750f3875c0fa84.zip |
UTIL: Add a function to convert id_t from a number or a name
We need a custom function that would convert a numeric or string input
into uid_t. The function will be used to drop privileges in servers and
also in the PAC and IFP responders.
Includes a unit test to test all code that changed as well as a fix for
a misnamed attribute in the csv_to_uid_list function synopsis.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/responder/common')
-rw-r--r-- | src/responder/common/responder.h | 2 | ||||
-rw-r--r-- | src/responder/common/responder_common.c | 17 |
2 files changed, 7 insertions, 12 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 3674d13f2..97552ec47 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -308,7 +308,7 @@ errno_t schedule_get_domains_task(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx); -errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *cvs_string, +errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *csv_string, bool allow_sss_loop, size_t *_uid_count, uid_t **_uids); diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index b7331ac8a..0ec2372e8 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -159,7 +159,7 @@ errno_t check_allowed_uids(uid_t uid, size_t allowed_uids_count, return EACCES; } -errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *cvs_string, +errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *csv_string, bool allow_sss_loop, size_t *_uid_count, uid_t **_uids) { @@ -169,9 +169,8 @@ errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *cvs_string, int list_size; uid_t *uids = NULL; char *endptr; - struct passwd *pwd; - ret = split_on_separator(mem_ctx, cvs_string, ',', true, false, + ret = split_on_separator(mem_ctx, csv_string, ',', true, false, &list, &list_size); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "split_on_separator failed [%d][%s].\n", @@ -211,17 +210,13 @@ errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *cvs_string, goto done; } - errno = 0; - pwd = getpwnam(list[c]); - if (pwd == NULL) { + ret = sss_user_by_name_or_uid(list[c], &uids[c], NULL); + if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "List item [%s] is neither a valid " - "UID nor a user name which cloud be " - "resolved by getpwnam().\n", list[c]); - ret = EINVAL; + "UID nor a user name which could be " + "resolved by getpwnam().\n", list[c]); goto done; } - - uids[c] = pwd->pw_uid; } } |