diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-08-08 12:04:11 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-19 22:32:34 +0200 |
| commit | 75dd4b05e1dacc76dc9d5f16be31978f84a71dc5 (patch) | |
| tree | c01533ef057253df9b22d83db188744a554923c2 /src | |
| parent | fd04fbbf93d33db729404cdc4408f59226025ea6 (diff) | |
| download | sssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.tar.gz sssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.tar.xz sssd-75dd4b05e1dacc76dc9d5f16be31978f84a71dc5.zip | |
sysdb_add_incomplete_group: store SID string is available
During initgroups request we read the SID of a group from the server but
do not save it to the cache. This patch fixes this and might help to
avoid an additional lookup of the SID later.
Diffstat (limited to 'src')
| -rw-r--r-- | src/db/sysdb.h | 4 | ||||
| -rw-r--r-- | src/db/sysdb_ops.c | 6 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 25 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 2 | ||||
| -rw-r--r-- | src/tests/sysdb-tests.c | 49 |
5 files changed, 72 insertions, 14 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 7b02b3442..96679007a 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -614,7 +614,9 @@ int sysdb_add_incomplete_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid, - const char *original_dn, bool posix, + const char *original_dn, + const char *sid_str, + bool posix, time_t now); /* Add netgroup (only basic attrs and w/o checks) */ diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index ff8fb0085..45f3289b7 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1409,6 +1409,7 @@ int sysdb_add_incomplete_group(struct sysdb_ctx *sysdb, const char *name, gid_t gid, const char *original_dn, + const char *sid_str, bool posix, time_t now) { @@ -1450,6 +1451,11 @@ int sysdb_add_incomplete_group(struct sysdb_ctx *sysdb, if (ret) goto done; } + if (sid_str) { + ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, sid_str); + if (ret) goto done; + } + ret = sysdb_set_group_attr(sysdb, domain, name, attrs, SYSDB_MOD_REP); done: diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 9a46dc9b9..aa0ea4c1b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -48,7 +48,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, bool in_transaction = false; bool posix; time_t now; - char *sid_str; + char *sid_str = NULL; bool use_id_mapping; char *tmp_name; @@ -127,16 +127,24 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, if (strcmp(groupname, missing[i]) == 0) { posix = true; + ret = sdap_attrs_get_sid_str( + tmp_ctx, opts->idmap_ctx, ldap_groups[ai], + opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, + &sid_str); + if (ret != EOK && ret != ENOENT) goto done; + if (use_id_mapping) { + if (sid_str == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, ("No SID for group [%s] " \ + "while id-mapping.\n", + groupname)); + ret = EINVAL; + goto done; + } + DEBUG(SSSDBG_TRACE_LIBS, ("Mapping group [%s] objectSID to unix ID\n", groupname)); - ret = sdap_attrs_get_sid_str( - tmp_ctx, opts->idmap_ctx, ldap_groups[ai], - opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, - &sid_str); - if (ret != EOK) goto done; - DEBUG(SSSDBG_TRACE_INTERNAL, ("Group [%s] has objectSID [%s]\n", groupname, sid_str)); @@ -187,7 +195,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding fake group %s to sysdb\n", groupname)); ret = sysdb_add_incomplete_group(sysdb, domain, groupname, gid, - original_dn, posix, now); + original_dn, sid_str, posix, + now); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 89789204a..e5649a2b9 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -496,7 +496,7 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) ret = sysdb_add_incomplete_group(state->sysdb, state->domain, group_name, gid, - NULL, false, now); + NULL, sid_str, false, now); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not create incomplete group: [%s]\n", diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index a4ca92a65..60a20c8b4 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -271,7 +271,7 @@ static int test_add_incomplete_group(struct test_data *data) ret = sysdb_add_incomplete_group(data->ctx->sysdb, data->ctx->domain, data->groupname, - data->gid, NULL, true, 0); + data->gid, NULL, NULL, true, 0); return ret; } @@ -3918,7 +3918,7 @@ START_TEST(test_odd_characters) /* Add */ ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, - odd_groupname, 20000, NULL, true, 0); + odd_groupname, 20000, NULL, NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); @@ -4446,14 +4446,14 @@ START_TEST(test_sysdb_original_dn_case_insensitive) ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, "case_sensitive_group1", 29000, "cn=case_sensitive_group1,cn=example,cn=com", - true, 0); + NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, "case_sensitive_group2", 29001, "cn=CASE_SENSITIVE_GROUP1,cn=EXAMPLE,cn=COM", - true, 0); + NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); @@ -4475,6 +4475,44 @@ START_TEST(test_sysdb_original_dn_case_insensitive) } END_TEST +START_TEST(test_sysdb_group_sid_str) +{ + errno_t ret; + struct sysdb_test_ctx *test_ctx; + const char *filter; + struct ldb_dn *base_dn; + const char *no_attrs[] = { NULL }; + struct ldb_message **msgs; + size_t num_msgs; + + /* Setup */ + ret = setup_sysdb_tests(&test_ctx); + fail_if(ret != EOK, "Could not set up the test"); + + ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, + "group", 29000, + "cn=group,cn=example,cn=com", + "S-1-2-3-4", true, 0); + fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", + ret, strerror(ret)); + + filter = talloc_asprintf(test_ctx, "%s=%s", SYSDB_SID_STR, "S-1-2-3-4"); + fail_if(filter == NULL, "Cannot construct filter\n"); + + base_dn = sysdb_domain_dn(test_ctx->sysdb, test_ctx, test_ctx->domain); + fail_if(base_dn == NULL, "Cannot construct basedn\n"); + + ret = sysdb_search_entry(test_ctx, test_ctx->sysdb, + base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs, + &num_msgs, &msgs); + fail_unless(ret == EOK, "cache search error [%d][%s]", + ret, strerror(ret)); + fail_unless(num_msgs == 1, "Did not find the expected number of entries using " + "SID string search"); +} +END_TEST + + START_TEST(test_sysdb_subdomain_create) { struct sysdb_test_ctx *test_ctx; @@ -5063,6 +5101,9 @@ Suite *create_sysdb_suite(void) /* Test originalDN searches */ tcase_add_test(tc_sysdb, test_sysdb_original_dn_case_insensitive); + /* Test SID string group searches */ + tcase_add_test(tc_sysdb, test_sysdb_group_sid_str); + /* Test user and group renames */ tcase_add_test(tc_sysdb, test_group_rename); tcase_add_test(tc_sysdb, test_user_rename); |