sdap: properly handle binary objectGuid attribute

Although in the initial processing SSSD treats the binary value right at
some point it mainly assumes that it is a string. Depending on the value
this might end up with the correct binary value stored in the cache but
in most cases there will be only a broken entry in the cache.

This patch converts the binary value into a string representation which
is described in [MS-DTYP] and stores the result in the cache.

Resolves https://fedorahosted.org/sssd/ticket/2588

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 4619742836ec22edf8f9d274d928bc896c5b0883)

5 files changed, 197 insertions, 0 deletions

diff --git a/src/tests/cmocka/test_string_utils.c b/src/tests/cmocka/test_string_utils.c
index e446387d6..5d3fcf4fe 100644
--- a/src/tests/cmocka/test_string_utils.c
+++ b/src/tests/cmocka/test_string_utils.c
@@ -133,3 +133,62 @@ void test_reverse_replace_whitespaces(void **state)
     assert_true(check_leaks_pop(mem_ctx) == true);
     talloc_free(mem_ctx);
 }
+
+void test_guid_blob_to_string_buf(void **state)
+{
+    int ret;
+    char str_buf[GUID_STR_BUF_SIZE];
+    size_t c;
+
+    /* How to get test data:
+     * The objectGUID attribute contains a 16byte long binary value
+     * representing the GUID of the object. This data can be converted
+     * manually to the string representation but it might be easier to use
+     * LDAP_SERVER_EXTENDED_DN_OID as described in [MS-ADST] section
+     * 3.1.1.3.4.1.5. This is an LDAP extended control which adds the GUID and
+     * the SID to the DN of an object. This can be activate with the -E
+     * ldapsearch option like:
+     *
+     *  ldapsearch -E 1.2.840.113556.1.4.529=::MAMCAQE= ....
+     *
+     * where 'MAMCAQE=' is the base64 encoded BER sequence with the integer
+     * value 1 (see [MS-ADTS] for details about possible values).
+     *
+     * Btw, if you want to use the string representation of a GUID to search
+     * for an object in AD you have to use the GUID as the search base in the
+     * following form:
+     *
+     *  ldapsearch b '<GUID=fea80d8d-dbd5-4f84-8574-7db0477f962e>' ...
+     *
+     * (please note that the '<' and '>' are really needed).
+     */
+    struct test_data {
+        uint8_t blob[16];
+        const char *guid_str;
+    } test_data[] = {
+        {{0x8d, 0x0d, 0xa8, 0xfe, 0xd5, 0xdb, 0x84, 0x4f,
+          0x85, 0x74, 0x7d, 0xb0, 0x47, 0x7f, 0x96, 0x2e},
+        "fea80d8d-dbd5-4f84-8574-7db0477f962e"},
+        {{0x91, 0x7e, 0x2e, 0xf8, 0x4e, 0x44, 0xfa, 0x4e,
+         0xb1, 0x13, 0x08, 0x98, 0x63, 0x49, 0x6c, 0xc6},
+        "f82e7e91-444e-4efa-b113-089863496cc6"},
+        {{0}, NULL}
+    };
+
+    ret = guid_blob_to_string_buf(NULL, str_buf, GUID_STR_BUF_SIZE);
+    assert_int_equal(ret, EINVAL);
+
+    ret = guid_blob_to_string_buf((const uint8_t *) "1234567812345678", NULL,
+                                  GUID_STR_BUF_SIZE);
+    assert_int_equal(ret, EINVAL);
+
+    ret = guid_blob_to_string_buf((const uint8_t *) "1234567812345678", str_buf, 0);
+    assert_int_equal(ret, EINVAL);
+
+    for (c = 0; test_data[c].guid_str != NULL; c++) {
+        ret = guid_blob_to_string_buf(test_data[c].blob, str_buf,
+                                      sizeof(str_buf));
+        assert_int_equal(ret, EOK);
+        assert_string_equal(test_data[c].guid_str, str_buf);
+    }
+}
diff --git a/src/tests/cmocka/test_sysdb_utils.c b/src/tests/cmocka/test_sysdb_utils.c
new file mode 100644
index 000000000..d217314cc
--- /dev/null
+++ b/src/tests/cmocka/test_sysdb_utils.c
@@ -0,0 +1,134 @@
+/*
+    SSSD
+
+    sysdb_utils - Tests for various sysdb calls
+
+    Authors:
+        Sumit Bose <sbose@redhat.com>
+
+    Copyright (C) 2015 Red Hat
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+#include <popt.h>
+
+#include "tests/cmocka/common_mock.h"
+
+#define IPA_UUID "bcae7c40-97eb-11e4-88ca-525400e96a6b"
+
+#define AD_GUID_BIN {0x8d, 0x0d, 0xa8, 0xfe, 0xd5, 0xdb, 0x84, 0x4f, \
+                     0x85, 0x74, 0x7d, 0xb0, 0x47, 0x7f, 0x96, 0x2e};
+#define AD_GUID "fea80d8d-dbd5-4f84-8574-7db0477f962e"
+static void test_sysdb_handle_original_uuid(void **state)
+{
+    int ret;
+    struct sysdb_attrs *src_attrs;
+    struct sysdb_attrs *dest_attrs;
+    const char *guid;
+    uint8_t bin_guid[] = AD_GUID_BIN;
+    struct ldb_val guid_val = {bin_guid, 16};
+
+    ret = sysdb_handle_original_uuid(NULL, NULL, NULL, NULL, NULL);
+    assert_int_equal(ret, EINVAL);
+
+    src_attrs = sysdb_new_attrs(NULL);
+    assert_non_null(src_attrs);
+
+    dest_attrs = sysdb_new_attrs(NULL);
+    assert_non_null(dest_attrs);
+
+    ret = sysdb_handle_original_uuid("xyz", src_attrs, "abc", dest_attrs,
+                                     "def");
+    assert_int_equal(ret, ENOENT);
+
+    ret = sysdb_attrs_add_val(src_attrs, "GUID", &guid_val);
+    assert_int_equal(ret, EOK);
+
+    ret = sysdb_attrs_add_string(src_attrs, "UUID", IPA_UUID);
+    assert_int_equal(ret, EOK);
+
+    ret = sysdb_handle_original_uuid("objectGUID", src_attrs, "GUID",
+                                     dest_attrs, "def");
+    assert_int_equal(ret, EOK);
+    ret = sysdb_attrs_get_string(dest_attrs, "def", &guid);
+    assert_int_equal(ret, EOK);
+    assert_string_equal(guid, AD_GUID);
+
+    ret = sysdb_handle_original_uuid("ipaUniqueID", src_attrs, "UUID",
+                                     dest_attrs, "ghi");
+    assert_int_equal(ret, EOK);
+    ret = sysdb_attrs_get_string(dest_attrs, "ghi", &guid);
+    assert_int_equal(ret, EOK);
+    assert_string_equal(guid, IPA_UUID);
+
+    talloc_free(src_attrs);
+    src_attrs = sysdb_new_attrs(NULL);
+    assert_non_null(src_attrs);
+
+    /* check objectGUID with length other than 16 */
+    ret = sysdb_attrs_add_string(src_attrs, "GUID", IPA_UUID);
+    assert_int_equal(ret, EOK);
+    ret = sysdb_handle_original_uuid("objectGUID", src_attrs, "GUID",
+                                     dest_attrs, "jkl");
+    assert_int_equal(ret, EOK);
+    ret = sysdb_attrs_get_string(dest_attrs, "jkl", &guid);
+    assert_int_equal(ret, EOK);
+    assert_string_equal(guid, IPA_UUID);
+
+    talloc_free(src_attrs);
+    talloc_free(dest_attrs);
+}
+
+int main(int argc, const char *argv[])
+{
+    int rv;
+    poptContext pc;
+    int opt;
+    struct poptOption long_options[] = {
+        POPT_AUTOHELP
+        SSSD_DEBUG_OPTS
+        POPT_TABLEEND
+    };
+
+    const UnitTest tests[] = {
+        unit_test(test_sysdb_handle_original_uuid),
+    };
+
+    /* Set debug level to invalid value so we can deside if -d 0 was used. */
+    debug_level = SSSDBG_INVALID;
+
+    pc = poptGetContext(argv[0], argc, argv, long_options, 0);
+    while((opt = poptGetNextOpt(pc)) != -1) {
+        switch(opt) {
+        default:
+            fprintf(stderr, "\nInvalid option %s: %s\n\n",
+                    poptBadOption(pc, 0), poptStrerror(opt));
+            poptPrintUsage(pc, stderr, 0);
+            return 1;
+        }
+    }
+    poptFreeContext(pc);
+
+    DEBUG_CLI_INIT(debug_level);
+
+    tests_set_cwd();
+    rv = run_tests(tests);
+
+    return rv;
+}
diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c
index 2203e2c49..4cc6ec85a 100644
--- a/src/tests/cmocka/test_utils.c
+++ b/src/tests/cmocka/test_utils.c
@@ -1127,6 +1127,7 @@ int main(int argc, const char *argv[])
         cmocka_unit_test(test_textual_public_key),
         cmocka_unit_test(test_replace_whitespaces),
         cmocka_unit_test(test_reverse_replace_whitespaces),
+        cmocka_unit_test(test_guid_blob_to_string_buf),
         cmocka_unit_test_setup_teardown(test_add_strings_lists,
                                         setup_add_strings_lists,
                                         teardown_add_strings_lists),
diff --git a/src/tests/cmocka/test_utils.h b/src/tests/cmocka/test_utils.h
index f85ac2f2b..61ef7e43a 100644
--- a/src/tests/cmocka/test_utils.h
+++ b/src/tests/cmocka/test_utils.h
@@ -29,5 +29,6 @@ void test_textual_public_key(void **state);
 /* from src/tests/cmocka/test_string_utils.c */
 void test_replace_whitespaces(void **state);
 void test_reverse_replace_whitespaces(void **state);
+void test_guid_blob_to_string_buf(void **state);
 
 #endif /* __TESTS__CMOCKA__TEST_UTILS_H__ */
diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am
index c1991a19c..b805e8349 100644
--- a/src/tests/cwrap/Makefile.am
+++ b/src/tests/cwrap/Makefile.am
@@ -78,6 +78,7 @@ server_tests_SOURCES = \
     ../../../src/util/atomic_io.c \
     ../../../src/util/signal.c \
     ../../../src/util/util.c \
+    ../../../src/util/string_utils.c \
     ../../../src/util/strtonum.c \
     ../../../src/util/util_errors.c \
     ../../../src/util/safe-format-string.c \
@@ -115,6 +116,7 @@ usertools_tests_SOURCES = \
     ../../../src/util/domain_info_utils.c \
     ../../../src/util/safe-format-string.c \
     ../../../src/util/usertools.c \
+    ../../../src/util/string_utils.c \
     ../../../src/util/strtonum.c \
     ../../../src/util/backup_file.c \
     ../../../src/util/atomic_io.c \