diff options
35 files changed, 1162 insertions, 480 deletions
diff --git a/src/db/sysdb.c b/src/db/sysdb.c index a71364d7c..d9aa2ad5b 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -852,15 +852,17 @@ static char *build_dom_dn_str_escape(TALLOC_CTX *mem_ctx, const char *template, } char *sysdb_user_strdn(TALLOC_CTX *mem_ctx, - const char *domain, const char *name) + const char *domain, const char *internal_fqname) { - return build_dom_dn_str_escape(mem_ctx, SYSDB_TMPL_USER, domain, name); + return build_dom_dn_str_escape(mem_ctx, SYSDB_TMPL_USER, domain, + internal_fqname); } char *sysdb_group_strdn(TALLOC_CTX *mem_ctx, - const char *domain, const char *name) + const char *domain, const char *internal_fqname) { - return build_dom_dn_str_escape(mem_ctx, SYSDB_TMPL_GROUP, domain, name); + return build_dom_dn_str_escape(mem_ctx, SYSDB_TMPL_GROUP, domain, + internal_fqname); } /* TODO: make a more complete and precise mapping */ diff --git a/src/db/sysdb.h b/src/db/sysdb.h index ad1bf75b7..423fb0f81 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -58,6 +58,8 @@ #define SYSDB_DOMAIN_ID_RANGE_CLASS "domainIDRange" #define SYSDB_TRUSTED_AD_DOMAIN_RANGE_CLASS "TrustedADDomainRange" +#define SYSDB_DOMNAME "domain" +#define SYSDB_FQNAME "fqname" #define SYSDB_NAME "name" #define SYSDB_NAME_ALIAS "nameAlias" #define SYSDB_OBJECTCLASS "objectClass" diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index ab0d59ca6..106ae5e2e 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -333,6 +333,8 @@ static int sysdb_search_by_name(TALLOC_CTX *mem_ctx, size_t msgs_count = 0; char *sanitized_name; char *lc_sanitized_name; + char *fqname; + char *lc_fqname; char *filter; int ret; @@ -369,8 +371,17 @@ static int sysdb_search_by_name(TALLOC_CTX *mem_ctx, goto done; } - filter = talloc_asprintf(tmp_ctx, filter_tmpl, lc_sanitized_name, - sanitized_name, sanitized_name); + fqname = sss_create_internal_fqname(tmp_ctx, sanitized_name, + domain->name); + lc_fqname = sss_create_internal_fqname(tmp_ctx, lc_sanitized_name, + domain->name); + if (fqname == NULL || lc_fqname == NULL) { + ret = ENOMEM; + goto done; + } + + filter = talloc_asprintf(tmp_ctx, filter_tmpl, lc_fqname, + fqname, fqname); if (!filter) { ret = ENOMEM; goto done; @@ -1023,7 +1034,7 @@ done: /* =Add-Basic-User-NO-CHECKS============================================== */ int sysdb_add_basic_user(struct sss_domain_info *domain, - const char *name, + const char *internal_fqname, uid_t uid, gid_t gid, const char *gecos, const char *homedir, @@ -1045,7 +1056,7 @@ int sysdb_add_basic_user(struct sss_domain_info *domain, } /* user dn */ - msg->dn = sysdb_user_dn(msg, domain, name); + msg->dn = sysdb_user_dn(msg, domain, internal_fqname); if (!msg->dn) { ERROR_OUT(ret, ENOMEM, done); } @@ -1053,7 +1064,13 @@ int sysdb_add_basic_user(struct sss_domain_info *domain, ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_USER_CLASS); if (ret) goto done; - ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name); + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, internal_fqname); + if (ret) goto done; + + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_FQNAME, internal_fqname); + if (ret) goto done; + + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_DOMNAME, domain->name); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_UIDNUM, (unsigned long)uid); @@ -1291,7 +1308,7 @@ done: /* =Add-User-Function===================================================== */ int sysdb_add_user(struct sss_domain_info *domain, - const char *name, + const char *internal_fqname, uid_t uid, gid_t gid, const char *gecos, const char *homedir, @@ -1350,7 +1367,8 @@ int sysdb_add_user(struct sss_domain_info *domain, * Don't worry about users, if we try to add a user with the same * name the operation will fail */ - ret = sysdb_search_group_by_name(tmp_ctx, domain, name, NULL, &msg); + ret = sysdb_search_group_by_name(tmp_ctx, domain, + internal_fqname, NULL, &msg); if (ret != ENOENT) { if (ret == EOK) ret = EEXIST; goto done; @@ -1367,7 +1385,8 @@ int sysdb_add_user(struct sss_domain_info *domain, } /* try to add the user */ - ret = sysdb_add_basic_user(domain, name, uid, gid, gecos, homedir, shell); + ret = sysdb_add_basic_user(domain, internal_fqname, uid, gid, gecos, + homedir, shell); if (ret) goto done; if (uid == 0) { @@ -1387,7 +1406,8 @@ int sysdb_add_user(struct sss_domain_info *domain, if (ret) goto done; } - ret = sysdb_set_user_attr(domain, name, id_attrs, SYSDB_MOD_REP); + ret = sysdb_set_user_attr(domain, internal_fqname, id_attrs, + SYSDB_MOD_REP); /* continue on success, to commit additional attrs */ if (ret) goto done; } @@ -1412,7 +1432,7 @@ int sysdb_add_user(struct sss_domain_info *domain, (now + cache_timeout) : 0)); if (ret) goto done; - ret = sysdb_set_user_attr(domain, name, attrs, SYSDB_MOD_REP); + ret = sysdb_set_user_attr(domain, internal_fqname, attrs, SYSDB_MOD_REP); if (ret) goto done; if (domain->enumerate == false) { @@ -1421,7 +1441,7 @@ int sysdb_add_user(struct sss_domain_info *domain, * with the newly-created user entry */ ret = sysdb_remove_ghostattr_from_groups(domain, orig_dn, attrs, - name); + internal_fqname); if (ret) goto done; } @@ -1442,7 +1462,7 @@ done: /* =Add-Basic-Group-NO-CHECKS============================================= */ int sysdb_add_basic_group(struct sss_domain_info *domain, - const char *name, gid_t gid) + const char *internal_fqname, gid_t gid) { struct ldb_message *msg; int ret; @@ -1460,7 +1480,7 @@ int sysdb_add_basic_group(struct sss_domain_info *domain, } /* group dn */ - msg->dn = sysdb_group_dn(msg, domain, name); + msg->dn = sysdb_group_dn(msg, domain, internal_fqname); if (!msg->dn) { ERROR_OUT(ret, ENOMEM, done); } @@ -1468,7 +1488,13 @@ int sysdb_add_basic_group(struct sss_domain_info *domain, ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS); if (ret) goto done; - ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name); + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, internal_fqname); + if (ret) goto done; + + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_FQNAME, internal_fqname); + if (ret) goto done; + + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_DOMNAME, domain->name); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_GIDNUM, (unsigned long)gid); @@ -2057,7 +2083,7 @@ fail: /* this function does not check that all user members are actually present */ int sysdb_store_group(struct sss_domain_info *domain, - const char *name, + const char *name, /*internal fqname */ gid_t gid, struct sysdb_attrs *attrs, uint64_t cache_timeout, @@ -2075,7 +2101,8 @@ int sysdb_store_group(struct sss_domain_info *domain, return ENOMEM; } - ret = sysdb_search_group_by_name(tmp_ctx, domain, name, src_attrs, &msg); + ret = sysdb_search_group_by_name(tmp_ctx, domain, name, + src_attrs, &msg); if (ret && ret != ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_search_group_by_name failed for %s with: [%d][%s].\n", @@ -2180,24 +2207,44 @@ done: /* =Add-User-to-Group(Native/Legacy)====================================== */ static int sysdb_group_membership_mod(struct sss_domain_info *domain, - const char *group, - const char *member, + const char *group_name, /* internal fq name*/ + const char *member_name, /* internal fq name */ enum sysdb_member_type type, int modify_op, bool is_dn) { struct ldb_dn *group_dn; struct ldb_dn *member_dn; + char *member_shortname; + char *member_domname; + struct sss_domain_info *member_dom; int ret; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } + ret = sss_parse_internal_fqname(tmp_ctx, member_name, + &member_shortname, &member_domname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to parser internal fqname '%s' [%d]: %s\n", + member_name, ret, sss_strerror(ret)); + goto done; + } + + member_dom = find_domain_by_name(domain, member_domname, false); + if (member_dom == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Domain [%s] was not found\n", member_domname); + ret = EINVAL; + goto done; + } + if (type == SYSDB_MEMBER_USER) { - member_dn = sysdb_user_dn(tmp_ctx, domain, member); + member_dn = sysdb_user_dn(tmp_ctx, member_dom, member_name); } else if (type == SYSDB_MEMBER_GROUP) { - member_dn = sysdb_group_dn(tmp_ctx, domain, member); + member_dn = sysdb_group_dn(tmp_ctx, member_dom, member_name); } else { ret = EINVAL; goto done; @@ -2209,9 +2256,9 @@ sysdb_group_membership_mod(struct sss_domain_info *domain, } if (!is_dn) { - group_dn = sysdb_group_dn(tmp_ctx, domain, group); + group_dn = sysdb_group_dn(tmp_ctx, domain, group_name); } else { - group_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, group); + group_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, group_name); } if (!group_dn) { @@ -2227,12 +2274,13 @@ done: } int sysdb_add_group_member(struct sss_domain_info *domain, - const char *group, - const char *member, + const char *group_name, /* internal fqname */ + const char *member_name, /* intrenal fq name */ enum sysdb_member_type type, bool is_dn) { - return sysdb_group_membership_mod(domain, group, member, type, + return sysdb_group_membership_mod(domain, group_name, + member_name, type, SYSDB_MOD_ADD, is_dn); } @@ -2240,12 +2288,13 @@ int sysdb_add_group_member(struct sss_domain_info *domain, int sysdb_remove_group_member(struct sss_domain_info *domain, - const char *group, - const char *member, + const char *group_name, /* internal fqname */ + const char *member_name, /* internal fqname */ enum sysdb_member_type type, bool is_dn) { - return sysdb_group_membership_mod(domain, group, member, type, + return sysdb_group_membership_mod(domain, group_name, + member_name, type, SYSDB_MOD_DEL, is_dn); } @@ -2253,7 +2302,7 @@ int sysdb_remove_group_member(struct sss_domain_info *domain, /* =Password-Caching====================================================== */ int sysdb_cache_password_ex(struct sss_domain_info *domain, - const char *username, + const char *username, /* intrenal fqname */ const char *password, enum sss_authtok_type authtok_type, size_t second_factor_len) @@ -2323,7 +2372,7 @@ fail: } int sysdb_cache_password(struct sss_domain_info *domain, - const char *username, + const char *username, /* internal fqname */ const char *password) { return sysdb_cache_password_ex(domain, username, password, @@ -2899,7 +2948,7 @@ fail: /* =Delete-Group-by-Name-OR-gid=========================================== */ int sysdb_delete_group(struct sss_domain_info *domain, - const char *name, gid_t gid) + const char *internal_fqname, gid_t gid) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; @@ -2910,8 +2959,9 @@ int sysdb_delete_group(struct sss_domain_info *domain, return ENOMEM; } - if (name) { - ret = sysdb_search_group_by_name(tmp_ctx, domain, name, NULL, &msg); + if (internal_fqname) { + ret = sysdb_search_group_by_name(tmp_ctx, domain, internal_fqname, + NULL, &msg); } else { ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg); } @@ -2919,7 +2969,7 @@ int sysdb_delete_group(struct sss_domain_info *domain, goto fail; } - if (name && gid) { + if (internal_fqname && gid) { /* verify name/gid match */ const char *c_name; uint64_t c_gid; @@ -2932,7 +2982,7 @@ int sysdb_delete_group(struct sss_domain_info *domain, ret = EFAULT; goto fail; } - if (strcmp(name, c_name) || gid != c_gid) { + if (strcmp(internal_fqname, c_name) || gid != c_gid) { /* this is not the entry we are looking for */ ret = EINVAL; goto fail; @@ -3460,7 +3510,7 @@ done: } static errno_t sysdb_update_members_ex(struct sss_domain_info *domain, - const char *member, + const char *member_internal_fqname, enum sysdb_member_type type, const char *const *add_groups, const char *const *del_groups, @@ -3488,11 +3538,13 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain, /* Add the user to all add_groups */ for (i = 0; add_groups[i]; i++) { ret = sysdb_add_group_member(domain, add_groups[i], - member, type, is_dn); + member_internal_fqname, + type, is_dn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not add member [%s] to group [%s]. " - "Skipping.\n", member, add_groups[i]); + "Skipping.\n", member_internal_fqname, + add_groups[i]); /* Continue on, we should try to finish the rest */ } } @@ -3502,11 +3554,13 @@ static errno_t sysdb_update_members_ex(struct sss_domain_info *domain, /* Remove the user from all del_groups */ for (i = 0; del_groups[i]; i++) { ret = sysdb_remove_group_member(domain, del_groups[i], - member, type, is_dn); + member_internal_fqname, + type, is_dn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not remove member [%s] from group [%s]. " - "Skipping\n", member, del_groups[i]); + "Skipping\n", member_internal_fqname, + del_groups[i]); /* Continue on, we should try to finish the rest */ } } @@ -3532,23 +3586,24 @@ done: } errno_t sysdb_update_members(struct sss_domain_info *domain, - const char *member, + const char *member_internal_fqname, enum sysdb_member_type type, const char *const *add_groups, const char *const *del_groups) { - return sysdb_update_members_ex(domain, member, type, + return sysdb_update_members_ex(domain, member_internal_fqname, type, add_groups, del_groups, false); } errno_t sysdb_update_members_dn(struct sss_domain_info *member_domain, - const char *member, + const char *member_internal_fqname, enum sysdb_member_type type, - const char *const *add_groups, - const char *const *del_groups) + const char *const *add_groups_dns, + const char *const *del_groups_dns) { - return sysdb_update_members_ex(member_domain, member, type, - add_groups, del_groups, true); + return sysdb_update_members_ex(member_domain, member_internal_fqname, + type, add_groups_dns, + del_groups_dns, true); } errno_t sysdb_remove_attrs(struct sss_domain_info *domain, @@ -3766,7 +3821,7 @@ errno_t sysdb_search_user_by_cert(TALLOC_CTX *mem_ctx, errno_t sysdb_get_sids_of_members(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - const char *group_name, + const char *group_fqname, const char ***_sids, const char ***_dns, size_t *_n) @@ -3785,7 +3840,7 @@ errno_t sysdb_get_sids_of_members(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = sysdb_search_group_by_name(tmp_ctx, dom, group_name, NULL, &msg); + ret = sysdb_search_group_by_name(tmp_ctx, dom, group_fqname, NULL, &msg); if (ret != EOK) { goto done; } diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 1e4031191..f81b4d0ad 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -38,7 +38,8 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, struct ldb_result *res; char *sanitized_name; char *lc_sanitized_name; - const char *src_name; + char *fqname; + char *lc_fqname; int ret; tmp_ctx = talloc_new(NULL); @@ -52,24 +53,24 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, goto done; } - /* If this is a subdomain we need to use fully qualified names for the - * search as well by default */ - src_name = sss_get_domain_name(tmp_ctx, name, domain); - if (!src_name) { - ret = ENOMEM; + ret = sss_filter_sanitize_for_dom(tmp_ctx, name, domain, + &sanitized_name, &lc_sanitized_name); + if (ret != EOK) { goto done; } - ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain, - &sanitized_name, &lc_sanitized_name); - if (ret != EOK) { + fqname = sss_create_internal_fqname(tmp_ctx, sanitized_name, + domain->name); + lc_fqname = sss_create_internal_fqname(tmp_ctx, lc_sanitized_name, + domain->name); + if (fqname == NULL || lc_fqname == NULL) { + ret = ENOMEM; goto done; } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, SYSDB_PWNAM_FILTER, - lc_sanitized_name, - sanitized_name, sanitized_name); + lc_fqname, fqname, fqname); if (ret) { ret = sysdb_error_to_errno(ret); goto done; @@ -569,8 +570,9 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, char *sanitized_name; struct ldb_dn *base_dn; struct ldb_result *res; - const char *src_name; char *lc_sanitized_name; + char *fqname; + char *lc_fqname; int ret; tmp_ctx = talloc_new(NULL); @@ -591,23 +593,24 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, goto done; } - /* If this is a subomain we need to use fully qualified names for the - * search as well by default */ - src_name = sss_get_domain_name(tmp_ctx, name, domain); - if (!src_name) { - ret = ENOMEM; + ret = sss_filter_sanitize_for_dom(tmp_ctx, name, domain, + &sanitized_name, &lc_sanitized_name); + if (ret != EOK) { goto done; } - ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain, - &sanitized_name, &lc_sanitized_name); - if (ret != EOK) { + fqname = sss_create_internal_fqname(tmp_ctx, sanitized_name, + domain->name); + lc_fqname = sss_create_internal_fqname(tmp_ctx, lc_sanitized_name, + domain->name); + if (fqname == NULL || lc_fqname == NULL) { + ret = ENOMEM; goto done; } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, fmt_filter, - lc_sanitized_name, sanitized_name, sanitized_name); + lc_fqname, fqname, fqname); if (ret) { ret = sysdb_error_to_errno(ret); goto done; @@ -1173,9 +1176,10 @@ int sysdb_get_user_attr(TALLOC_CTX *mem_ctx, TALLOC_CTX *tmp_ctx; struct ldb_dn *base_dn; struct ldb_result *res; - const char *src_name; char *sanitized_name; char *lc_sanitized_name; + char *fqname; + char *lc_fqname; int ret; tmp_ctx = talloc_new(NULL); @@ -1189,24 +1193,23 @@ int sysdb_get_user_attr(TALLOC_CTX *mem_ctx, goto done; } - /* If this is a subdomain we need to use fully qualified names for the - * search as well by default */ - src_name = sss_get_domain_name(tmp_ctx, name, domain); - if (!src_name) { - ret = ENOMEM; + ret = sss_filter_sanitize_for_dom(tmp_ctx, name, domain, + &sanitized_name, &lc_sanitized_name); + if (ret != EOK) { goto done; } - ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain, - &sanitized_name, &lc_sanitized_name); - if (ret != EOK) { + fqname = sss_create_internal_fqname(tmp_ctx, sanitized_name, domain->name); + lc_fqname = sss_create_internal_fqname(tmp_ctx, lc_sanitized_name, + domain->name); + if (fqname == NULL || lc_fqname == NULL) { + ret = ENOMEM; goto done; } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attributes, - SYSDB_PWNAM_FILTER, lc_sanitized_name, sanitized_name, - sanitized_name); + SYSDB_PWNAM_FILTER, lc_fqname, fqname, fqname); if (ret) { ret = sysdb_error_to_errno(ret); goto done; diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c index 113f24644..32b54fbef 100644 --- a/src/db/sysdb_upgrade.c +++ b/src/db/sysdb_upgrade.c @@ -1634,6 +1634,80 @@ done: return ret; } +/* For all users and groups: + * - Change ldb fqdn to contain shortname only + * - add fqname attribute + * - change all nameAlias to internal fqname format + * + * For groups only: + * - Change all memberUid and ghost attributes to internal fqname format + * - member attributes should contain shortname only in ldb fqdn + * + * General: + * - start indexing fqname attribute + * - start indexing ---------------- + **/ +/* +int sysdb_upgrade_17(struct sysdb_ctx *sysdb, const char **ver) +{ + struct ldb_message_element *el; + struct ldb_result *res; + struct ldb_dn *basedn; + struct ldb_dn *mem_dn; + struct ldb_message *msg; + const struct ldb_val *val; + const char *filter = "(|(objectclass=user)(objectclass=group))"; + const char *attrs[] = { "memberUid", NULL }; + const char *mdn; + char *domain; + int ret, i, j; + TALLOC_CTX *tmp_ctx; + struct upgrade_ctx *ctx; + + struct upgrade_ctx *ctx; + errno_t ret; + + ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_15, &ctx); + if (ret) { + return ret; + } +*/ + /* DO STUFF HERE (use ctx, as the local temporary memory context) */ +/* + basedn = ldb_dn_new(tmp_ctx, ldb, SYSDB_BASE); + if (!basedn) { + ret = EIO; + goto done; + } + + ret = ldb_search(ldb, tmp_ctx, &res, + basedn, LDB_SCOPE_SUBTREE, + attrs, "%s", filter); + if (ret != LDB_SUCCESS) { + ret = EIO; + goto done; + } + + + for (i = 0; i < res->count; i++) { + el = ldb_msg_find_element(res->msgs[i], "memberUid"); + if (!el) { + DEBUG(SSSDBG_CRIT_FAILURE, + "memberUid is missing from message [%s], skipping\n", + ldb_dn_get_linearized(res->msgs[i]->dn)); + continue; + } + } +*/ + /* conversion done, update version number */ +/* ret = update_version(ctx); + +done: + ret = finish_upgrade(ret, &ctx, ver); + return ret; + +*/ + /* * Example template for future upgrades. * Copy and change version numbers as appropriate. diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c index e5580f26b..690b37b17 100644 --- a/src/ldb_modules/memberof.c +++ b/src/ldb_modules/memberof.c @@ -27,7 +27,7 @@ #define DB_GHOST "ghost" #define DB_MEMBEROF "memberof" #define DB_MEMBERUID "memberuid" -#define DB_NAME "name" +#define DB_FQNAME "fqname" #define DB_USER_CLASS "user" #define DB_GROUP_CLASS "group" #define DB_CACHE_EXPIRE "dataExpireTimestamp" @@ -230,7 +230,7 @@ static int mbof_append_muop(TALLOC_CTX *memctx, int *_num_muops, int flags, struct ldb_dn *parent, - const char *name, + const char *element_value, const char *element_name) { struct mbof_memberuid_op *muops = *_muops; @@ -277,7 +277,7 @@ static int mbof_append_muop(TALLOC_CTX *memctx, } for (i = 0; i < op->el->num_values; i++) { - if (strcmp((char *)op->el->values[i].data, name) == 0) { + if (strcmp((char *)op->el->values[i].data, element_value) == 0) { /* we already have this value, get out*/ return LDB_SUCCESS; } @@ -288,11 +288,12 @@ static int mbof_append_muop(TALLOC_CTX *memctx, if (!val) { return LDB_ERR_OPERATIONS_ERROR; } - val[op->el->num_values].data = (uint8_t *)talloc_strdup(val, name); + val[op->el->num_values].data = (uint8_t *)talloc_strdup(val, + element_value); if (!val[op->el->num_values].data) { return LDB_ERR_OPERATIONS_ERROR; } - val[op->el->num_values].length = strlen(name); + val[op->el->num_values].length = strlen(element_value); op->el->values = val; op->el->num_values++; @@ -639,7 +640,8 @@ static int mbof_add_callback(struct ldb_request *req, static int mbof_next_add(struct mbof_add_operation *addop) { - static const char *attrs[] = { DB_OC, DB_NAME, + static const char *attrs[] = { DB_OC, + DB_FQNAME, DB_MEMBER, DB_GHOST, DB_MEMBEROF, NULL }; struct ldb_context *ldb; @@ -779,7 +781,7 @@ static int mbof_add_operation(struct mbof_add_operation *addop) struct mbof_dn_array *parents; int i, j, ret; const char *val; - const char *name; + const char *fqname; add_ctx = addop->add_ctx; ctx = add_ctx->ctx; @@ -886,9 +888,9 @@ static int mbof_add_operation(struct mbof_add_operation *addop) ret = entry_is_user_object(addop->entry); switch (ret) { case LDB_SUCCESS: - /* it's a user object */ - name = ldb_msg_find_attr_as_string(addop->entry, DB_NAME, NULL); - if (!name) { + /* it's a user object. Use fully qualified name for memberUid value */ + fqname = ldb_msg_find_attr_as_string(addop->entry, DB_FQNAME, NULL); + if (!fqname) { return LDB_ERR_OPERATIONS_ERROR; } @@ -896,7 +898,8 @@ static int mbof_add_operation(struct mbof_add_operation *addop) ret = mbof_append_muop(add_ctx, &add_ctx->muops, &add_ctx->num_muops, LDB_FLAG_MOD_ADD, - parents->dns[i], name, + parents->dns[i], + fqname, DB_MEMBERUID); if (ret != LDB_SUCCESS) { return ret; @@ -1314,7 +1317,8 @@ static void free_delop_contents(struct mbof_del_operation *delop); static int memberof_del(struct ldb_module *module, struct ldb_request *req) { - static const char *attrs[] = { DB_OC, DB_NAME, + static const char *attrs[] = { DB_OC, + DB_FQNAME, DB_MEMBER, DB_MEMBEROF, DB_GHOST, NULL }; struct ldb_context *ldb = ldb_module_get_ctx(module); @@ -1467,7 +1471,7 @@ static int mbof_del_search_callback(struct ldb_request *req, } /* now perform the requested delete, before proceeding further */ - ret = mbof_orig_del(del_ctx); + ret = mbof_orig_del(del_ctx); if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); @@ -1767,8 +1771,7 @@ static int mbof_del_execute_op(struct mbof_del_operation *delop) char *expression; const char *dn; char *clean_dn; - static const char *attrs[] = { DB_OC, DB_NAME, - DB_MEMBER, DB_MEMBEROF, NULL }; + static const char *attrs[] = { DB_OC, DB_MEMBER, DB_MEMBEROF, NULL }; int ret; del_ctx = delop->del_ctx; @@ -2107,7 +2110,7 @@ static int mbof_del_mod_entry(struct mbof_del_operation *delop) struct ldb_message *msg; struct ldb_message_element *el; struct ldb_dn **diff = NULL; - const char *name; + const char *fqname; const char *val; int i, j, k; bool is_user; @@ -2226,8 +2229,8 @@ static int mbof_del_mod_entry(struct mbof_del_operation *delop) if (is_user && diff[0]) { /* file memberuid removal operations */ - name = ldb_msg_find_attr_as_string(delop->entry, DB_NAME, NULL); - if (!name) { + fqname = ldb_msg_find_attr_as_string(delop->entry, DB_FQNAME, NULL); + if (!fqname) { return LDB_ERR_OPERATIONS_ERROR; } @@ -2235,7 +2238,7 @@ static int mbof_del_mod_entry(struct mbof_del_operation *delop) ret = mbof_append_muop(del_ctx, &del_ctx->muops, &del_ctx->num_muops, LDB_FLAG_MOD_DELETE, - diff[i], name, + diff[i], fqname, DB_MEMBERUID); if (ret != LDB_SUCCESS) { return ret; @@ -2435,7 +2438,7 @@ static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx, struct ldb_message *entry) { struct ldb_message_element *el; - char *name; + char *fqname; int ret; int i; @@ -2460,9 +2463,9 @@ static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx, return ret; } - name = talloc_strdup(del_ctx, - ldb_msg_find_attr_as_string(entry, DB_NAME, NULL)); - if (!name) { + fqname = talloc_strdup(del_ctx, + ldb_msg_find_attr_as_string(entry, DB_FQNAME, NULL)); + if (!fqname) { return LDB_ERR_OPERATIONS_ERROR; } @@ -2482,7 +2485,7 @@ static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx, ret = mbof_append_muop(del_ctx, &del_ctx->muops, &del_ctx->num_muops, LDB_FLAG_MOD_DELETE, - valdn, name, + valdn, fqname, DB_MEMBERUID); if (ret != LDB_SUCCESS) { return ret; @@ -3847,7 +3850,7 @@ struct mbof_member { struct mbof_member *next; struct ldb_dn *dn; - const char *name; + const char *fqname; bool orig_has_memberof; bool orig_has_memberuid; struct ldb_message_element *orig_members; @@ -3919,7 +3922,7 @@ static int memberof_recompute_task(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb = ldb_module_get_ctx(module); - static const char *attrs[] = { DB_NAME, DB_MEMBEROF, NULL }; + static const char *attrs[] = { DB_FQNAME, DB_MEMBEROF, NULL }; static const char *filter = "(objectclass=user)"; struct mbof_rcmp_context *ctx; struct ldb_request *src_req; @@ -3956,7 +3959,7 @@ static int mbof_rcmp_usr_callback(struct ldb_request *req, struct mbof_member *usr; hash_value_t value; hash_key_t key; - const char *name; + const char *fqname; int ret; ctx = talloc_get_type(req->context, struct mbof_rcmp_context); @@ -3983,9 +3986,9 @@ static int mbof_rcmp_usr_callback(struct ldb_request *req, usr->status = MBOF_USER; usr->dn = talloc_steal(usr, ares->message->dn); - name = ldb_msg_find_attr_as_string(ares->message, DB_NAME, NULL); - if (name) { - usr->name = talloc_steal(usr, name); + fqname = ldb_msg_find_attr_as_string(ares->message, DB_FQNAME, NULL); + if (fqname) { + usr->fqname = talloc_steal(usr, fqname); } if (ldb_msg_find_element(ares->message, DB_MEMBEROF)) { @@ -4026,7 +4029,7 @@ static int mbof_rcmp_search_groups(struct mbof_rcmp_context *ctx) { struct ldb_context *ldb = ldb_module_get_ctx(ctx->module); static const char *attrs[] = { DB_MEMBEROF, DB_MEMBERUID, - DB_NAME, DB_MEMBER, NULL }; + DB_MEMBER, NULL }; static const char *filter = "(objectclass=group)"; struct ldb_request *req; int ret; @@ -4059,7 +4062,7 @@ static int mbof_rcmp_grp_callback(struct ldb_request *req, struct mbof_member *grp; hash_value_t value; hash_key_t key; - const char *name; + const char *fqname; int i, j; int ret; @@ -4088,10 +4091,11 @@ static int mbof_rcmp_grp_callback(struct ldb_request *req, grp->status = MBOF_GROUP_TO_DO; grp->dn = talloc_steal(grp, ares->message->dn); - grp->name = ldb_msg_find_attr_as_string(ares->message, DB_NAME, NULL); - name = ldb_msg_find_attr_as_string(ares->message, DB_NAME, NULL); - if (name) { - grp->name = talloc_steal(grp, name); + grp->fqname = ldb_msg_find_attr_as_string(ares->message, + DB_FQNAME, NULL); + fqname = ldb_msg_find_attr_as_string(ares->message, DB_FQNAME, NULL); + if (fqname) { + grp->fqname = talloc_steal(grp, fqname); } if (ldb_msg_find_element(ares->message, DB_MEMBEROF)) { @@ -4276,7 +4280,7 @@ static int mbof_member_update(struct mbof_rcmp_context *ctx, if (mem->status == MBOF_USER) { /* add corresponding memuid to the group */ - ret = mbof_add_memuid(parent, mem->name); + ret = mbof_add_memuid(parent, mem->fqname); if (ret != LDB_SUCCESS) { return ret; } @@ -4343,7 +4347,7 @@ static bool mbof_member_iter(hash_entry_t *item, void *user_data) if (mem->status == MBOF_USER) { /* add corresponding memuid to the group */ parent = (struct mbof_member *)item->value.ptr; - ret = mbof_add_memuid(parent, mem->name); + ret = mbof_add_memuid(parent, mem->fqname); if (ret != LDB_SUCCESS) { mem->status = MBOF_ITER_ERROR; return false; diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index b1bfa3ffe..cfbead882 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -332,6 +332,14 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) int dp_err = DP_ERR_FATAL; int ret; int auth_timeout; + char *name; + TALLOC_CTX *tmpctx; + + tmpctx = talloc_new(NULL); + if (tmpctx == NULL) { + ret = ENOMEM; + goto done; + } ret = sdap_cli_connect_recv(req, state, NULL, &state->sh, NULL); talloc_zfree(req); @@ -355,7 +363,13 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) attrs[0] = SYSDB_ORIG_DN; attrs[1] = NULL; - ret = sysdb_search_user_by_name(state, be_ctx->domain, state->pd->user, + name = sss_ioname2internal(tmpctx, be_ctx->domain, state->pd->user); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_search_user_by_name(state, be_ctx->domain, name, attrs, &user_msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_name failed.\n"); diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 72a620ef0..9285a79dc 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -402,7 +402,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *username, + const char *pd_username, struct hbac_request_element **user_element); static errno_t @@ -506,7 +506,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *username, + const char *pd_username, struct hbac_request_element **user_element) { errno_t ret; @@ -528,7 +528,11 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, goto done; } - users->name = username; + users->name = sss_ioname2internal(tmp_ctx, domain, pd_username); + if (users->name == NULL) { + ret = ENOMEM; + goto done; + } /* Read the originalMemberOf attribute * This will give us the list of both POSIX and diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 1d233cd52..7bce94a63 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -1361,7 +1361,7 @@ done: static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - size_t ngroups, char **groups, + size_t ngroups, char **fq_groups, struct ldb_dn ***_dn_list, char ***_missing_groups) { @@ -1393,14 +1393,14 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, parent_domain = (dom->parent == NULL) ? dom : dom->parent; for (c = 0; c < ngroups; c++) { - obj_domain = find_domain_by_object_name(parent_domain, groups[c]); + obj_domain = find_domain_by_object_name(parent_domain, fq_groups[c]); if (obj_domain == NULL) { DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_object_name failed.\n"); ret = ENOMEM; goto done; } - ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, groups[c], NULL, + ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, fq_groups[c], NULL, &msg); if (ret == EOK) { dn_list[n_dns] = ldb_dn_copy(dn_list, msg->dn); @@ -1412,7 +1412,7 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, n_dns++; } else if (ret == ENOENT) { missing_groups[n_missing] = talloc_strdup(missing_groups, - groups[c]); + fq_groups[c]); if (missing_groups[n_missing] == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; @@ -1868,9 +1868,19 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, } if (name == NULL) { - /* we always use the fully qualified name for subdomain users */ - name = sss_tc_fqname(tmp_ctx, dom->names, dom, - attrs->a.user.pw_name); + char *domname; + char *shortname; + ret = sss_parse_name(tmp_ctx, dom->names, + attrs->a.user.pw_name, + &domname, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse user name.\n"); + goto done; + } + + name = sss_create_internal_fqname(tmp_ctx, shortname, + domname ? domname + : dom->name); if (!name) { DEBUG(SSSDBG_OP_FAILURE, "failed to format user name.\n"); ret = ENOMEM; @@ -2129,18 +2139,27 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, type = SYSDB_MEMBER_GROUP; if (name == NULL) { - name = attrs->a.group.gr_name; - } + char *domname; + char *shortname; + ret = sss_parse_name(tmp_ctx, dom->names, + attrs->a.group.gr_name, + &domname, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse group name.\n"); + goto done; + } - if (IS_SUBDOMAIN(dom)) { - /* we always use the fully qualified name for subdomain users */ - name = sss_get_domain_name(tmp_ctx, name, dom); - if (!name) { - DEBUG(SSSDBG_OP_FAILURE, "failed to format user name,\n"); + name = sss_create_internal_fqname(tmp_ctx, shortname, + domname ? domname + : dom->name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to format group name.\n"); ret = ENOMEM; goto done; } } + DEBUG(SSSDBG_TRACE_FUNC, "Processing group %s\n", name); ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs, name); diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 472985d4a..5e6a4e9d4 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -913,7 +913,7 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, SYSDB_GHOST, SYSDB_HOMEDIR, NULL }; - char *name; + char *fq_name; if (ar->filter_type == BE_FILTER_SECID) { ret = sysdb_search_object_by_sid(mem_ctx, dom, ar->filter_value, attrs, @@ -986,24 +986,24 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, goto done; } } else if (ar->filter_type == BE_FILTER_NAME) { - name = sss_get_domain_name(mem_ctx, ar->filter_value, dom); - if (name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sss_get_domain_name failed\n"); + /* is ar->filter_value already internal fq name? */ + fq_name = sss_ioname2internal(mem_ctx, dom, ar->filter_value); + if (fq_name == NULL) { ret = ENOMEM; goto done; } switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_GROUP: - ret = sysdb_search_group_by_name(mem_ctx, dom, name, attrs, &msg); + ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name, attrs, &msg); break; case BE_REQ_INITGROUPS: case BE_REQ_USER: case BE_REQ_USER_AND_GROUP: - ret = sysdb_search_user_by_name(mem_ctx, dom, name, attrs, &msg); + ret = sysdb_search_user_by_name(mem_ctx, dom, fq_name, attrs, &msg); if (ret == ENOENT && (ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_USER_AND_GROUP) { - ret = sysdb_search_group_by_name(mem_ctx, dom, name, + ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name, attrs, &msg); } break; diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 7657b4ded..f155f7b7c 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -331,6 +331,8 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, size_t password_len; size_t fa2_len = 0; int ret = EOK; + TALLOC_CTX *tmp_ctx; + char *name; switch(pd->cmd) { case SSS_CMD_RENEW: @@ -380,7 +382,22 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, return; } - ret = sysdb_cache_password_ex(domain, pd->user, password, + /* Fixme: tmp_ctx should not be used like this */ + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory.\n"); + return; + } + name = sss_ioname2internal(tmp_ctx, domain, pd->user); + if (name == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, + "failed to parse name while storing offline creds.\n"); + talloc_free(tmp_ctx); + return; + } + talloc_free(tmp_ctx); + + ret = sysdb_cache_password_ex(domain, name, password, sss_authtok_get_type(pd->authtok), fa2_len); if (ret) { DEBUG(SSSDBG_OP_FAILURE, diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index fcdc4028e..1a0967704 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -1562,15 +1562,9 @@ sdap_get_primary_name(TALLOC_CTX *memctx, return EINVAL; } - name = sss_get_domain_name(memctx, orig_name, dom); - if (name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to format original name [%s]\n", orig_name); - return ENOMEM; - } - DEBUG(SSSDBG_TRACE_FUNC, "Processing object %s\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Processing object %s\n", orig_name); - *_primary_name = name; + *_primary_name = talloc_steal(memctx, name); return EOK; } diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 09bc0d654..801963205 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -305,6 +305,7 @@ errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, struct sss_domain_info *dom, + bool use_internal_fqname, struct sysdb_attrs *attrs); struct tevent_req * diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 7e979c3c4..0c96c0ddc 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -342,7 +342,7 @@ done: static errno_t sdap_store_group_with_gid(struct sss_domain_info *domain, - const char *name, + const char *name, /* internal fqname */ gid_t gid, struct sysdb_attrs *group_attrs, uint64_t cache_timeout, @@ -738,7 +738,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, goto done; } - ret = sdap_save_all_names(group_name, attrs, dom, group_attrs); + ret = sdap_save_all_names(group_name, attrs, dom, true, group_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save group names\n"); goto done; @@ -805,7 +805,7 @@ are_sids_from_same_dom(const char *sid1, const char *sid2, bool *_result) static errno_t retain_extern_members(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - const char *group_name, + const char *group_fqname, const char *group_sid, char ***_userdns, size_t *_nuserdns) @@ -823,7 +823,7 @@ retain_extern_members(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = sysdb_get_sids_of_members(tmp_ctx, dom, group_name, &sids, &dns, &n); + ret = sysdb_get_sids_of_members(tmp_ctx, dom, group_fqname, &sids, &dns, &n); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_TRACE_ALL, @@ -2414,6 +2414,7 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, errno_t ret, sret; struct ldb_message_element *el; const char *username; + char *gh_name; char *clean_orig_dn; const char *original_dn; struct sss_domain_info *user_dom; @@ -2488,6 +2489,13 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, continue; } + /* We want ghost users in the format name@domain */ + gh_name = talloc_asprintf(tmp_ctx, "%s@%s", username, user_dom->name); + if (gh_name == NULL) { + ret = ENOMEM; + goto done; + } + /* Check for the specified origDN in the sysdb */ filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, @@ -2533,7 +2541,7 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, key.type = HASH_KEY_STRING; key.str = talloc_steal(ghosts, discard_const(original_dn)); value.type = HASH_VALUE_PTR; - value.ptr = talloc_steal(ghosts, discard_const(username)); + value.ptr = talloc_steal(ghosts, gh_name); ret = hash_enter(ghosts, &key, &value); if (ret != HASH_SUCCESS) { talloc_free(key.str); diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 8d45c61ab..91a6d7be9 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -68,7 +68,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, mi = 0; for (i=0; groupnames[i]; i++) { - tmp_name = sss_get_domain_name(tmp_ctx, groupnames[i], domain); + tmp_name = sss_create_internal_fqname(tmp_ctx, groupnames[i], domain->name); if (tmp_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Failed to format original name [%s]\n", groupnames[i]); diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index e210db978..bd0e766d2 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -927,7 +927,12 @@ static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq) /* This is a new group. For now, we will store it under the name * of its SID. When a direct lookup of the group or its GID occurs, * it will replace this temporary entry. */ - name = sid; + name = sss_create_internal_fqname(tmp_ctx, sid, domain->name); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + ret = sysdb_add_incomplete_group(domain, name, gid, NULL, sid, NULL, false, now); if (ret != EOK) { diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index e50f25087..e2ce29396 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -121,7 +121,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); - ret = sdap_save_all_names(name, attrs, dom, + ret = sdap_save_all_names(name, attrs, dom, false, netgroup_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save netgroup names\n"); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 25304d4bf..45bd898e5 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -466,7 +466,7 @@ int sdap_save_user(TALLOC_CTX *memctx, cache_timeout = dom->user_timeout; - ret = sdap_save_all_names(user_name, attrs, dom, user_attrs); + ret = sdap_save_all_names(user_name, attrs, dom, true, user_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save user names\n"); goto done; diff --git a/src/providers/ldap/sdap_utils.c b/src/providers/ldap/sdap_utils.c index 9da46ea70..cf48d2541 100644 --- a/src/providers/ldap/sdap_utils.c +++ b/src/providers/ldap/sdap_utils.c @@ -77,10 +77,11 @@ errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, struct sss_domain_info *dom, + bool use_internal_fqname, struct sysdb_attrs *attrs) { const char **aliases = NULL; - const char *domname; + const char *sysdb_alias; errno_t ret; TALLOC_CTX *tmp_ctx; int i; @@ -100,14 +101,20 @@ sdap_save_all_names(const char *name, } for (i = 0; aliases[i]; i++) { - domname = sss_get_domain_name(tmp_ctx, aliases[i], dom); - if (domname == NULL) { + if (use_internal_fqname) { + sysdb_alias = sss_create_internal_fqname(tmp_ctx, aliases[i], + dom->name); + } else { + sysdb_alias = sss_get_domain_name(tmp_ctx, aliases[i], dom); + } + + if (sysdb_alias == NULL) { ret = ENOMEM; goto done; } if (lowercase) { - ret = sysdb_attrs_add_lc_name_alias(attrs, domname); + ret = sysdb_attrs_add_lc_name_alias(attrs, sysdb_alias); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Failed to add lower-cased version " "of alias [%s] into the " @@ -115,7 +122,7 @@ sdap_save_all_names(const char *name, goto done; } } else { - ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, domname); + ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, sysdb_alias); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Failed to add alias [%s] into the " "attribute list\n", aliases[i]); diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index f8b8cbdf2..d74040526 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -44,7 +44,7 @@ delete_user(struct sss_domain_info *domain, static int get_pw_name(struct proxy_id_ctx *ctx, struct sss_domain_info *dom, - const char *name) + const char *i_name) { TALLOC_CTX *tmpctx; struct passwd *pwd; @@ -56,14 +56,31 @@ static int get_pw_name(struct proxy_id_ctx *ctx, bool del_user; struct ldb_result *cached_pwd = NULL; const char *real_name = NULL; + char *shortname; + char *shortname_or_alias; + char *name_or_alias; + char *domname; - DEBUG(SSSDBG_TRACE_FUNC, "Searching user by name (%s)\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Searching user by name (%s)\n", i_name); tmpctx = talloc_new(NULL); if (!tmpctx) { return ENOMEM; } + ret = sss_parse_name(tmpctx, dom->names, i_name, + &domname, &shortname_or_alias); + if (ret != EOK) { + goto done; + } + + name_or_alias = sss_create_internal_fqname(tmpctx, shortname_or_alias, + domname ? domname : dom->name); + if (name_or_alias == NULL) { + ret = ENOMEM; + goto done; + } + pwd = talloc_zero(tmpctx, struct passwd); if (!pwd) { ret = ENOMEM; @@ -79,7 +96,7 @@ static int get_pw_name(struct proxy_id_ctx *ctx, /* FIXME: should we move this call outside the transaction to keep the * transaction as short as possible ? */ - status = ctx->ops.getpwnam_r(name, pwd, buffer, buflen, &ret); + status = ctx->ops.getpwnam_r(i_name, pwd, buffer, buflen, &ret); ret = handle_getpw_result(status, pwd, dom, &del_user); if (ret) { DEBUG(SSSDBG_OP_FAILURE, @@ -88,7 +105,7 @@ static int get_pw_name(struct proxy_id_ctx *ctx, } if (del_user) { - ret = delete_user(dom, name, 0); + ret = delete_user(dom, name_or_alias, 0); goto done; } @@ -124,24 +141,36 @@ static int get_pw_name(struct proxy_id_ctx *ctx, goto done; } - real_name = pwd->pw_name; + ret = sss_parse_name(tmpctx, dom->names, pwd->pw_name, + NULL, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sss_parse_name failed [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + real_name = sss_create_internal_fqname(tmpctx, shortname, dom->name); + if (real_name == NULL) { + ret = ENOMEM; + goto done; + } } if (del_user) { - ret = delete_user(dom, name, uid); + ret = delete_user(dom, name_or_alias, uid); goto done; } /* Both lookups went fine, we can save the user now */ ret = save_user(dom, !dom->case_sensitive, pwd, - real_name, name, dom->user_timeout); + real_name, name_or_alias, dom->user_timeout); done: talloc_zfree(tmpctx); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "proxy -> getpwnam_r failed for '%s' <%d>: %s\n", - name, ret, strerror(ret)); + i_name, ret, strerror(ret)); } return ret; } @@ -315,6 +344,7 @@ static int get_pw_uid(struct proxy_id_ctx *ctx, size_t buflen; bool del_user = false; int ret; + char *name; DEBUG(SSSDBG_TRACE_FUNC, "Searching user by uid (%"SPRIuid")\n", uid); @@ -349,8 +379,14 @@ static int get_pw_uid(struct proxy_id_ctx *ctx, goto done; } + name = sss_ioname2internal(tmpctx, dom, pwd->pw_name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse name '%s'\n", + pwd->pw_name); + goto done; + } ret = save_user(dom, !dom->case_sensitive, pwd, - pwd->pw_name, NULL, dom->user_timeout); + name, NULL, dom->user_timeout); done: talloc_zfree(tmpctx); @@ -379,6 +415,7 @@ static int enum_users(TALLOC_CTX *mem_ctx, int ret; errno_t sret; bool again; + char *name; DEBUG(SSSDBG_TRACE_LIBS, "Enumerating users\n"); @@ -472,8 +509,15 @@ static int enum_users(TALLOC_CTX *mem_ctx, break; } + name = sss_ioname2internal(tmpctx, dom, pwd->pw_name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse name '%s'\n", + pwd->pw_name); + goto done; + } + ret = save_user(dom, !dom->case_sensitive, pwd, - pwd->pw_name, NULL, dom->user_timeout); + name, NULL, dom->user_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -534,7 +578,7 @@ static errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb, struct group *grp, time_t now); static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom, - struct group *grp, const char *real_name, + struct group *grp, const char *real_name, /* internal fqname */ const char *alias, uint64_t cache_timeout) { errno_t ret, sret; @@ -793,6 +837,7 @@ static int get_gr_name(struct proxy_id_ctx *ctx, gid_t gid; struct ldb_result *cached_grp = NULL; const char *real_name = NULL; + char *alias; DEBUG(SSSDBG_FUNC_DATA, "Searching group by name (%s)\n", name); @@ -873,7 +918,13 @@ static int get_gr_name(struct proxy_id_ctx *ctx, goto done; } - real_name = grp->gr_name; + real_name = sss_ioname2internal(tmpctx, dom, grp->gr_name); + if (real_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to parse name '%s'\n", + grp->gr_name); + ret = ENOMEM; + goto done; + } } if (delete_group) { @@ -888,6 +939,13 @@ static int get_gr_name(struct proxy_id_ctx *ctx, goto done; } + alias = sss_ioname2internal(tmpctx, dom, name); + if (alias == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to parse name %s\n", name); + ret = ENOMEM; + goto done; + } ret = save_group(sysdb, dom, grp, real_name, name, dom->group_timeout); if (ret) { DEBUG(SSSDBG_OP_FAILURE, @@ -920,6 +978,7 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx, size_t buflen = 0; bool delete_group = false; int ret; + char *name; DEBUG(SSSDBG_TRACE_FUNC, "Searching group by gid (%"SPRIgid")\n", gid); @@ -966,7 +1025,13 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx, goto done; } - ret = save_group(sysdb, dom, grp, grp->gr_name, NULL, dom->group_timeout); + name = sss_ioname2internal(tmpctx, dom, grp->gr_name); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + + ret = save_group(sysdb, dom, grp, name, NULL, dom->group_timeout); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Cannot save user [%d]: %s\n", ret, strerror(ret)); @@ -1000,6 +1065,7 @@ static int enum_groups(TALLOC_CTX *mem_ctx, int ret; errno_t sret; bool again; + char *name; DEBUG(SSSDBG_TRACE_LIBS, "Enumerating groups\n"); @@ -1091,7 +1157,13 @@ static int enum_groups(TALLOC_CTX *mem_ctx, break; } - ret = save_group(sysdb, dom, grp, grp->gr_name, + name = sss_ioname2internal(tmpctx, dom, grp->gr_name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to parse group name." + "Ignoring\n"); + ret = ENOMEM; + } + ret = save_group(sysdb, dom, grp, name, NULL, dom->group_timeout); if (ret) { /* Do not fail completely on errors. diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index d6ac9dc28..b1d4345a2 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -350,7 +350,7 @@ static int fill_pwent(struct sss_packet *packet, size_t rsize, rp, blen; int fq_len = 0; int i, ret, num; - bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames); + bool add_domain = dom->fqnames; const char *domain = dom->name; bool packet_initialized = false; int ncret; @@ -2734,6 +2734,8 @@ void nss_update_gr_memcache(struct nss_ctx *nctx) #define MNUM_ROFFSET sizeof(uint32_t) #define STRS_ROFFSET 2*sizeof(uint32_t) +/* member can be from memberuid or ghost attribute. Both are stored + * in the internal fqname format (name@domain) */ static int parse_member(TALLOC_CTX *mem_ctx, struct sss_domain_info *group_dom, const char *member, struct sss_domain_info **_member_dom, struct sized_string *_name, bool *_add_domain) @@ -2744,40 +2746,51 @@ static int parse_member(TALLOC_CTX *mem_ctx, struct sss_domain_info *group_dom, const char *use_member; struct sss_domain_info *member_dom; bool add_domain; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } - ret = sss_parse_name(mem_ctx, group_dom->names, member, &domname, &username); + ret = sss_parse_internal_fqname(tmp_ctx, member, &username, &domname); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Could not parse [%s] into " - "name-value components.\n", member); - return ret; + "shortname and domain name components.\n", member); + goto done; } - add_domain = (!IS_SUBDOMAIN(group_dom) && group_dom->fqnames); - use_member = member; - member_dom = group_dom; + add_domain = group_dom->fqnames; + use_member = username; + member_dom = find_domain_by_name(group_dom, domname, true); + if (member_dom == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, "Could not find domain '%s'\n", domname); + ret = ERR_DOMAIN_NOT_FOUND; + goto done; + } - if (IS_SUBDOMAIN(group_dom) == false && domname != NULL) { + if (IS_SUBDOMAIN(group_dom) == false && IS_SUBDOMAIN(member_dom) == true) { /* The group is stored in the parent domain, but the member comes from. - * a subdomain. No need to add the domain component, it's already - * present in the memberuid/ghost attribute - */ - add_domain = false; + * a subdomain. */ + add_domain = true; } - if (IS_SUBDOMAIN(group_dom) == true && domname == NULL) { + if (IS_SUBDOMAIN(group_dom) == true && IS_SUBDOMAIN(member_dom) == false) { /* The group is stored in a subdomain, but the member comes * from the parent domain. Need to add the domain component * of the parent domain */ add_domain = true; - use_member = username; - member_dom = group_dom->parent; } to_sized_string(_name, use_member); *_add_domain = add_domain; *_member_dom = member_dom; - return EOK; + + ret = EOK; +done: + talloc_free(tmp_ctx); + return ret; } static int fill_members(struct sss_packet *packet, @@ -2842,7 +2855,8 @@ static int fill_members(struct sss_packet *packet, } } - ret = parse_member(tmp_ctx, dom, tmpstr, &member_dom, &name, &add_domain); + ret = parse_member(tmp_ctx, dom, tmpstr, &member_dom, &name, + &add_domain); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Could not process member %s, skipping\n", tmpstr); @@ -2923,7 +2937,7 @@ static int fill_grent(struct sss_packet *packet, int i = 0; int ret, num, memnum; size_t rzero, rsize; - bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames); + bool add_domain = dom->fqnames; const char *domain = dom->name; TALLOC_CTX *tmp_ctx = NULL; @@ -4594,26 +4608,21 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx) goto done; } - /* For subdomains a fully qualified name is needed for - * sysdb_search_user_by_name and sysdb_search_group_by_name. */ - if (IS_SUBDOMAIN(dom)) { - sysdb_name = sss_tc_fqname(cmdctx, dom->names, dom, name); - if (sysdb_name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n"); - ret = ENOMEM; - goto done; - } + sysdb_name = sss_ioname2internal(cmdctx, dom, name); + if (sysdb_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse name '%s'.\n", name); + ret = ENOMEM; + goto done; } - /* verify this name has not yet been negatively cached, as user * and groupm, or has been permanently filtered */ ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout, - dom, name); + dom, sysdb_name); if (ret == EEXIST) { ret = sss_ncache_check_group(nctx->ncache, nctx->neg_timeout, - dom, name); + dom, sysdb_name); if (ret == EEXIST) { /* if neg cached, return we didn't find it */ DEBUG(SSSDBG_TRACE_FUNC, @@ -4685,9 +4694,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx) } } } else { - ret = sysdb_search_user_by_name(cmdctx, dom, - sysdb_name ? sysdb_name : name, - attrs, &msg); + ret = sysdb_search_user_by_name(cmdctx, dom, sysdb_name, attrs, + &msg); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to make request to our cache!\n"); @@ -4699,8 +4707,7 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx) user_found = true; } else { talloc_free(msg); - ret = sysdb_search_group_by_name(cmdctx, dom, - sysdb_name ? sysdb_name : name, + ret = sysdb_search_group_by_name(cmdctx, dom, sysdb_name, attrs, &msg); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -4736,13 +4743,13 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx) if (dctx->res->count == 0 && !dctx->check_provider) { if (cmdctx->cmd == SSS_NSS_GETSIDBYNAME || cmdctx->cmd == SSS_NSS_GETORIGBYNAME) { - ret = sss_ncache_set_user(nctx->ncache, false, dom, name); + ret = sss_ncache_set_user(nctx->ncache, false, dom, sysdb_name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n", name, dom->name); } - ret = sss_ncache_set_group(nctx->ncache, false, dom, name); + ret = sss_ncache_set_group(nctx->ncache, false, dom, sysdb_name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n", name, dom->name); @@ -4766,7 +4773,7 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx) req_name = NULL; req_id = cmdctx->id; } else { - req_name = name; + req_name = sysdb_name; req_id = 0; } if (user_found) { diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index 64c02e81c..e5b45a72f 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -583,6 +583,8 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx) ret = sysdb_search_user_by_uid(tmp_ctx, pr_ctx->dom, pwd->pw_uid, attrs, &msg); if (ret == ENOENT) { + char *name; + if (pwd->pw_gid == 0 && !pr_ctx->dom->mpg) { DEBUG(SSSDBG_CRIT_FAILURE, "Primary group RID from the PAC " "cannot be translated into a GID for " @@ -598,6 +600,12 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx) goto done; } + name = sss_ioname2internal(tmp_ctx, pr_ctx->dom, pwd->pw_name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to format name for '%s'.\n", + pwd->pw_name); + goto done; + } ret = sysdb_store_user(pr_ctx->dom, pwd->pw_name, NULL, pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos, pwd->pw_dir, @@ -636,7 +644,7 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx) struct sss_domain_info *dom = pr_ctx->dom; struct tevent_req *req; errno_t ret; - char *dom_name = NULL; + char *sysdb_name = NULL; struct ldb_message *msg; req = tevent_req_create(pr_ctx, &state, struct pac_save_memberships_state); @@ -646,14 +654,14 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx) state->sid_iter = 0; - dom_name = sss_get_domain_name(state, pr_ctx->user_name, dom); - if (dom_name == NULL) { + sysdb_name = sss_ioname2internal(state, dom, pr_ctx->user_name); + if (sysdb_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_sprintf failed.\n"); ret = ENOMEM; goto done; } - ret = sysdb_search_user_by_name(state, dom, dom_name, NULL, &msg); + ret = sysdb_search_user_by_name(state, dom, sysdb_name, NULL, &msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_name failed " \ "[%d][%s].\n", ret, strerror(ret)); @@ -676,7 +684,7 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx) } done: - talloc_free(dom_name); + talloc_free(sysdb_name); if (ret != EOK && ret != EAGAIN) { tevent_req_error(req, ret); tevent_req_post(req, pr_ctx->cctx->ev); diff --git a/src/responder/pam/pam_LOCAL_domain.c b/src/responder/pam/pam_LOCAL_domain.c index 4b076146c..0966bcb0c 100644 --- a/src/responder/pam/pam_LOCAL_domain.c +++ b/src/responder/pam/pam_LOCAL_domain.c @@ -73,6 +73,12 @@ static void prepare_reply(struct LOCAL_request *lreq) static void do_successful_login(struct LOCAL_request *lreq) { int ret; + char *name; + TALLOC_CTX *tmpctx; + + tmpctx = talloc_new(NULL); + NULL_CHECK_OR_JUMP(tmpctx, ("talloc_new failed.\n"), + lreq->error, ENOMEM, done); lreq->mod_attrs = sysdb_new_attrs(lreq); NULL_CHECK_OR_JUMP(lreq->mod_attrs, ("sysdb_new_attrs failed.\n"), @@ -87,13 +93,16 @@ static void do_successful_login(struct LOCAL_request *lreq) NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); - ret = sysdb_set_user_attr(lreq->domain, - lreq->preq->pd->user, + name = sss_ioname2internal(tmpctx, lreq->domain, lreq->preq->pd->user); + NULL_CHECK_OR_JUMP(name, ("sss_ioname2internal failed.\n"), + lreq->error, ENOMEM, done); + ret = sysdb_set_user_attr(lreq->domain, name, lreq->mod_attrs, SYSDB_MOD_REP); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), lreq->error, ret, done); done: + talloc_free(tmpctx); return; } @@ -102,6 +111,12 @@ static void do_failed_login(struct LOCAL_request *lreq) int ret; int failedLoginAttempts; struct pam_data *pd; + char *name; + TALLOC_CTX *tmpctx; + + tmpctx = talloc_new(NULL); + NULL_CHECK_OR_JUMP(tmpctx, ("talloc_new failed.\n"), + lreq->error, ENOMEM, done); pd = lreq->preq->pd; pd->pam_status = PAM_AUTH_ERR; @@ -128,13 +143,16 @@ static void do_failed_login(struct LOCAL_request *lreq) NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); - ret = sysdb_set_user_attr(lreq->domain, - lreq->preq->pd->user, + name = sss_ioname2internal(tmpctx, lreq->domain, lreq->preq->pd->user); + NULL_CHECK_OR_JUMP(name, ("sss_ioname2internal failed.\n"), + lreq->error, ENOMEM, done); + ret = sysdb_set_user_attr(lreq->domain, name, lreq->mod_attrs, SYSDB_MOD_REP); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), lreq->error, ret, done); done: + talloc_free(tmpctx); return; } @@ -161,9 +179,15 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq) char *salt; char *new_hash; struct pam_data *pd; + char *name; + TALLOC_CTX *tmpctx; pd = lreq->preq->pd; + tmpctx = talloc_new(NULL); + NULL_CHECK_OR_JUMP(tmpctx, ("talloc_new failed.\n"), + lreq->error, ENOMEM, done); + ret = sss_authtok_get_password(pd->newauthtok, &password, NULL); if (ret) { /* TODO: should we allow null passwords via a config option ? */ @@ -197,13 +221,16 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq) NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); - ret = sysdb_set_user_attr(lreq->domain, - lreq->preq->pd->user, + name = sss_ioname2internal(tmpctx, lreq->domain, lreq->preq->pd->user); + NULL_CHECK_OR_JUMP(name, ("sss_ioname2internal failed.\n"), + lreq->error, ENOMEM, done); + ret = sysdb_set_user_attr(lreq->domain, name, lreq->mod_attrs, SYSDB_MOD_REP); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), lreq->error, ret, done); done: + talloc_free(tmpctx); sss_authtok_set_empty(pd->newauthtok); } diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index b9fd35325..b497b8247 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -45,10 +45,10 @@ enum pam_verbosity { static errno_t pam_null_last_online_auth_with_curr_token(struct sss_domain_info *domain, - const char *username); + const char *pd_username); static errno_t pam_get_last_online_auth_with_curr_token(struct sss_domain_info *domain, - const char *name, + const char *pd_name, uint64_t *_value); static void pam_reply(struct pam_auth_req *preq); @@ -430,44 +430,61 @@ static errno_t set_last_login(struct pam_auth_req *preq) { struct sysdb_attrs *attrs; errno_t ret; + char *name; + TALLOC_CTX *tmpctx; + + tmpctx = talloc_new(NULL); + if (tmpctx == NULL) { + ret = ENOMEM; + goto done; + } attrs = sysdb_new_attrs(preq); if (!attrs) { ret = ENOMEM; - goto fail; + goto done; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_ONLINE_AUTH, time(NULL)); if (ret != EOK) { - goto fail; + goto done; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_ONLINE_AUTH_WITH_CURR_TOKEN, time(NULL)); if (ret != EOK) { - goto fail; + goto done; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_LOGIN, time(NULL)); if (ret != EOK) { - goto fail; + goto done; + } + + name = sss_ioname2internal(tmpctx, preq->domain, preq->pd->user); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse name '%s'.\n", + preq->pd->user); + ret = ENOMEM; + goto done; } - ret = sysdb_set_user_attr(preq->domain, preq->pd->user, attrs, + ret = sysdb_set_user_attr(preq->domain, name, attrs, SYSDB_MOD_REP); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "set_last_login failed.\n"); preq->pd->pam_status = PAM_SYSTEM_ERR; - goto fail; + goto done; } else { preq->pd->last_auth_saved = true; } preq->callback(preq); - return EOK; + ret = EOK; -fail: +done: + talloc_free(tmpctx); return ret; } @@ -1678,7 +1695,7 @@ static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, } static errno_t pam_is_last_online_login_fresh(struct sss_domain_info *domain, - const char* user, + const char* pd_user, int cached_auth_timeout, bool *_result) { @@ -1686,7 +1703,7 @@ static errno_t pam_is_last_online_login_fresh(struct sss_domain_info *domain, bool result; uint64_t last_login; - ret = pam_get_last_online_auth_with_curr_token(domain, user, &last_login); + ret = pam_get_last_online_auth_with_curr_token(domain, pd_user, &last_login); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "sysdb_get_last_online_auth_with_curr_token failed: %s:[%d]\n", @@ -1737,7 +1754,7 @@ static bool pam_is_authtok_cachable(struct sss_auth_token *authtok) static bool pam_can_user_cache_auth(struct sss_domain_info *domain, int pam_cmd, struct sss_auth_token *authtok, - const char* user, + const char* pd_user, bool cached_auth_failed) { errno_t ret; @@ -1749,7 +1766,7 @@ static bool pam_can_user_cache_auth(struct sss_domain_info *domain, && pam_is_authtok_cachable(authtok) && pam_is_cmd_cachable(pam_cmd)) { - ret = pam_is_last_online_login_fresh(domain, user, + ret = pam_is_last_online_login_fresh(domain, pd_user, domain->cached_auth_timeout, &result); if (ret != EOK) { @@ -1939,12 +1956,13 @@ struct sss_cmd_table *get_pam_cmds(void) errno_t pam_set_last_online_auth_with_curr_token(struct sss_domain_info *domain, - const char *username, + const char *pd_username, uint64_t value) { TALLOC_CTX *tmp_ctx; struct sysdb_attrs *attrs; int ret; + char *name; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -1963,7 +1981,13 @@ pam_set_last_online_auth_with_curr_token(struct sss_domain_info *domain, value); if (ret != EOK) { goto done; } - ret = sysdb_set_user_attr(domain, username, attrs, SYSDB_MOD_REP); + name = sss_ioname2internal(tmp_ctx, domain, pd_username); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_set_user_attr(domain, name, attrs, SYSDB_MOD_REP); if (ret != EOK) { goto done; } done: @@ -1977,14 +2001,14 @@ done: static errno_t pam_null_last_online_auth_with_curr_token(struct sss_domain_info *domain, - const char *username) + const char *pd_username) { - return pam_set_last_online_auth_with_curr_token(domain, username, 0); + return pam_set_last_online_auth_with_curr_token(domain, pd_username, 0); } static errno_t pam_get_last_online_auth_with_curr_token(struct sss_domain_info *domain, - const char *name, + const char *pd_name, uint64_t *_value) { TALLOC_CTX *tmp_ctx = NULL; @@ -1992,8 +2016,9 @@ pam_get_last_online_auth_with_curr_token(struct sss_domain_info *domain, struct ldb_message *ldb_msg; uint64_t value; errno_t ret; + char *name; - if (name == NULL || *name == '\0') { + if (pd_name == NULL || *pd_name == '\0') { DEBUG(SSSDBG_CRIT_FAILURE, "Missing user name.\n"); ret = EINVAL; goto done; @@ -2011,6 +2036,12 @@ pam_get_last_online_auth_with_curr_token(struct sss_domain_info *domain, goto done; } + name = sss_ioname2internal(tmp_ctx, domain, pd_name); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + ret = sysdb_search_user_by_name(tmp_ctx, domain, name, attrs, &ldb_msg); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, diff --git a/src/tests/cmocka/test_ldap_id_cleanup.c b/src/tests/cmocka/test_ldap_id_cleanup.c index e40f2b6dd..fc6ddd274 100644 --- a/src/tests/cmocka/test_ldap_id_cleanup.c +++ b/src/tests/cmocka/test_ldap_id_cleanup.c @@ -182,16 +182,42 @@ static void test_id_cleanup_exp_group(void **state) errno_t ret; struct ldb_message *msg; struct sdap_domain sdom; - const char *special_grp = "special_gr*o/u\\p(2016)"; - const char *empty_special_grp = "empty_gr*o/u\\p(2016)"; - const char *empty_grp = "empty_grp"; - const char *grp = "grp"; + char *special_grp; + char *empty_special_grp; + char *empty_grp; + char *grp; + char *test_user; + char *test_user2; /* This timeout can be bigger because we will call invalidate_group * to expire entries without waiting. */ const uint64_t CACHE_TIMEOUT = 30; struct sysdb_test_ctx *test_ctx = talloc_get_type_abort(*state, struct sysdb_test_ctx); + special_grp = sss_create_internal_fqname(test_ctx, + "special_gr*o/u\\p(2016)", + test_ctx->domain->name); + assert_non_null(special_grp); + + empty_special_grp = sss_create_internal_fqname(test_ctx, + "empty_gr*o/u\\p(2016)", + test_ctx->domain->name); + assert_non_null(empty_special_grp); + + empty_grp = sss_create_internal_fqname(test_ctx, "empty_grp", + test_ctx->domain->name); + assert_non_null(empty_grp); + + grp = sss_create_internal_fqname(test_ctx, "grp", test_ctx->domain->name); + assert_non_null(grp); + + test_user = sss_create_internal_fqname(test_ctx, "test_user", + test_ctx->domain->name); + assert_non_null(test_user); + test_user2 = sss_create_internal_fqname(test_ctx, "test_user2", + test_ctx->domain->name); + assert_non_null(test_user2); + ret = sysdb_store_group(test_ctx->domain, special_grp, 10002, NULL, CACHE_TIMEOUT, 0); assert_int_equal(ret, EOK); @@ -208,13 +234,13 @@ static void test_id_cleanup_exp_group(void **state) 10005, NULL, CACHE_TIMEOUT, 0); assert_int_equal(ret, EOK); - ret = sysdb_store_user(test_ctx->domain, "test_user", NULL, + ret = sysdb_store_user(test_ctx->domain, test_user, NULL, 10001, 10002, "Test user", NULL, NULL, NULL, NULL, NULL, 0, 0); assert_int_equal(ret, EOK); - ret = sysdb_store_user(test_ctx->domain, "test_user2", NULL, + ret = sysdb_store_user(test_ctx->domain, test_user2, NULL, 10002, 10004, "Test user", NULL, NULL, NULL, NULL, NULL, 0, 0); diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c index f05b55e46..b4e716a22 100644 --- a/src/tests/cmocka/test_nss_srv.c +++ b/src/tests/cmocka/test_nss_srv.c @@ -368,7 +368,7 @@ void test_nss_getpwnam(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuser", 123, 456, "test user", + "testuser@"TEST_DOM_NAME, 123, 456, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -430,10 +430,14 @@ void test_nss_getpwnam_neg(void **state) static int test_nss_getpwnam_search_acct_cb(void *pvt) { errno_t ret; + char *fqname; struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); + fqname = sss_create_internal_fqname(ctx->tctx, "testuser_search", + ctx->tctx->dom->name); + assert_non_null(fqname); ret = sysdb_add_user(ctx->tctx->dom, - "testuser_search", 567, 890, "test search", + fqname, 567, 890, "test search", "/home/testsearch", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -501,7 +505,8 @@ static int test_nss_getpwnam_update_acct_cb(void *pvt) struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); ret = sysdb_store_user(ctx->tctx->dom, - "testuser_update", NULL, 10, 11, "test user", + "testuser_update@"TEST_DOM_NAME, + NULL, 10, 11, "test user", "/home/testuser", "/bin/ksh", NULL, NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -532,10 +537,15 @@ void test_nss_getpwnam_update(void **state) errno_t ret; struct ldb_result *res; const char *shell; + char *username; + username = sss_create_internal_fqname(nss_test_ctx, + "testuser_update", + nss_test_ctx->tctx->dom->name); + assert_non_null(username); /* Prime the cache with a valid but expired user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuser_update", 10, 11, "test user", + username, 10, 11, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 1, 1); assert_int_equal(ret, EOK); @@ -562,7 +572,7 @@ void test_nss_getpwnam_update(void **state) /* Check the user was updated in the cache */ ret = sysdb_getpwnam(nss_test_ctx, nss_test_ctx->tctx->dom, - "testuser_update", &res); + username , &res); assert_int_equal(ret, EOK); assert_int_equal(res->count, 1); @@ -599,7 +609,8 @@ void test_nss_getpwnam_fqdn(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuser_fqdn", 124, 457, "test user", + "testuser_fqdn@"TEST_DOM_NAME, + 124, 457, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -646,7 +657,7 @@ void test_nss_getpwnam_space(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "space user", 225, 558, "space user", + "space user@"TEST_DOM_NAME, 225, 558, "space user", "/home/testuser", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -761,7 +772,8 @@ void test_nss_getpwnam_fqdn_fancy(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuser_fqdn_fancy", 125, 458, "test user", + "testuser_fqdn_fancy@"TEST_DOM_NAME, + 125, 458, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -810,7 +822,8 @@ void test_nss_getpwuid(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuser1", 101, 401, "test user1", + "testuser1@"TEST_DOM_NAME, + 101, 401, "test user1", "/home/testuser1", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -877,7 +890,8 @@ static int test_nss_getpwuid_search_acct_cb(void *pvt) struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); ret = sysdb_add_user(ctx->tctx->dom, - "exampleuser_search", 107, 987, "example search", + "exampleuser_search@"TEST_DOM_NAME, + 107, 987, "example search", "/home/examplesearch", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -946,7 +960,8 @@ static int test_nss_getpwuid_update_acct_cb(void *pvt) struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); ret = sysdb_store_user(ctx->tctx->dom, - "exampleuser_update", NULL, 109, 11000, "example user", + "exampleuser_update@"TEST_DOM_NAME, + NULL, 109, 11000, "example user", "/home/exampleuser", "/bin/ksh", NULL, NULL, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -980,7 +995,8 @@ void test_nss_getpwuid_update(void **state) /* Prime the cache with a valid but expired user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "exampleuser_update", 109, 11000, "example user", + "exampleuser_update@"TEST_DOM_NAME, + 109, 11000, "example user", "/home/exampleuser", "/bin/sh", NULL, NULL, 1, 1); assert_int_equal(ret, EOK); @@ -1110,7 +1126,7 @@ void test_nss_getgrnam_no_members(void **state) /* Prime the cache with a valid group */ ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testgroup", 1123, + "testgroup@"TEST_DOM_NAME, 1123, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -1164,29 +1180,33 @@ void test_nss_getgrnam_members(void **state) /* Prime the cache with a valid group and some members */ ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testgroup_members", 1124, + "testgroup_members@"TEST_DOM_NAME, 1124, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testmember1", 2001, 456, "test member1", + "testmember1@"TEST_DOM_NAME, + 2001, 456, "test member1", "/home/testmember2", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testmember2", 2002, 456, "test member2", + "testmember2@"TEST_DOM_NAME, + 2002, 456, "test member2", "/home/testmember2", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testgroup_members", "testmember1", + "testgroup_members@"TEST_DOM_NAME, + "testmember1@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testgroup_members", "testmember2", + "testgroup_members@"TEST_DOM_NAME, + "testmember2@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -1292,44 +1312,58 @@ static int test_nss_getgrnam_members_check_subdom(uint32_t status, void test_nss_getgrnam_members_subdom(void **state) { errno_t ret; + char *submember1; + char *submember2; + char *testsubdomgroup; + + submember1 = sss_create_internal_fqname(nss_test_ctx, "submember1", + nss_test_ctx->subdom->name); + submember2 = sss_create_internal_fqname(nss_test_ctx, "submember2", + nss_test_ctx->subdom->name); + testsubdomgroup = sss_create_internal_fqname(nss_test_ctx, + "testsubdomgroup", + nss_test_ctx->subdom->name); + assert_non_null(submember1); + assert_non_null(submember2); + assert_non_null(testsubdomgroup); nss_test_ctx->tctx->dom->fqnames = true; /* Add a group from a subdomain and two members from the same subdomain */ ret = sysdb_add_group(nss_test_ctx->subdom, - "testsubdomgroup@"TEST_SUBDOM_NAME, + testsubdomgroup, 2124, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->subdom, - "submember1@"TEST_SUBDOM_NAME, + submember1, 4001, 456, "test subdomain member1", "/home/submember1", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->subdom, - "submember2@"TEST_SUBDOM_NAME, + submember2, 2002, 456, "test subdomain member2", "/home/submember2", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->subdom, - "testsubdomgroup@"TEST_SUBDOM_NAME, - "submember1@"TEST_SUBDOM_NAME, + testsubdomgroup, + submember1, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->subdom, - "testsubdomgroup@"TEST_SUBDOM_NAME, - "submember2@"TEST_SUBDOM_NAME, + testsubdomgroup, + submember2, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); - mock_input_user_or_group("testsubdomgroup@"TEST_SUBDOM_NAME); + mock_input_user_or_group(testsubdomgroup); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETGRNAM); mock_fill_group_with_members(2); @@ -1494,16 +1528,19 @@ void test_nss_getgrnam_mix_subdom(void **state) errno_t ret; const char *group_strdn = NULL; const char *add_groups[] = { NULL, NULL }; + char *testmember1_fqname = sss_create_internal_fqname(nss_test_ctx, + "testmember1", + TEST_DOM_NAME); - /* Add a subdomain user to a parent domain group */ + /* Add a parent domain user to a subdomain group */ group_strdn = sysdb_group_strdn(nss_test_ctx, nss_test_ctx->subdom->name, - "testsubdomgroup@"TEST_SUBDOM_NAME); + "testsubdomgroup"); assert_non_null(group_strdn); add_groups[0] = group_strdn; ret = sysdb_update_members_dn(nss_test_ctx->tctx->dom, - "testmember1", + testmember1_fqname, SYSDB_MEMBER_USER, add_groups, NULL); assert_int_equal(ret, EOK); @@ -1557,7 +1594,7 @@ void test_nss_getgrnam_space(void **state) /* Prime the cache with a valid group */ ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "space group", 2123, + "space group@"TEST_DOM_NAME, 2123, NULL, 300, 0); assert_int_equal(ret, EOK); @@ -1860,7 +1897,11 @@ void test_nss_getorigbyname(void **state) { errno_t ret; struct sysdb_attrs *attrs; + char *fqname; + fqname = sss_create_internal_fqname(nss_test_ctx, "testuserorig", + nss_test_ctx->tctx->dom->name); + assert_non_null(fqname); attrs = sysdb_new_attrs(nss_test_ctx); assert_non_null(attrs); @@ -1876,7 +1917,7 @@ void test_nss_getorigbyname(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuserorig", 1234, 5689, "test user orig", + fqname, 1234, 5689, "test user orig", "/home/testuserorig", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); @@ -1966,6 +2007,11 @@ void test_nss_getorigbyname_extra_attrs(void **state) { errno_t ret; struct sysdb_attrs *attrs; + char *fqname; + + fqname = sss_create_internal_fqname(nss_test_ctx, "testuserorigextra", + nss_test_ctx->tctx->dom->name); + assert_non_null(fqname); attrs = sysdb_new_attrs(nss_test_ctx); assert_non_null(attrs); @@ -1991,7 +2037,7 @@ void test_nss_getorigbyname_extra_attrs(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuserorigextra", 2345, 6789, + fqname, 2345, 6789, "test user orig extra", "/home/testuserorigextra", "/bin/sh", NULL, attrs, 300, 0); @@ -2092,6 +2138,11 @@ void test_nss_getorigbyname_multi_value_attrs(void **state) { errno_t ret; struct sysdb_attrs *attrs; + char *fqname; + + fqname = sss_create_internal_fqname(nss_test_ctx, "testuserorigmulti", + nss_test_ctx->tctx->dom->name); + assert_non_null(fqname); attrs = sysdb_new_attrs(nss_test_ctx); assert_non_null(attrs); @@ -2117,7 +2168,7 @@ void test_nss_getorigbyname_multi_value_attrs(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testuserorigmulti", 3456, 7890, + fqname, 3456, 7890, "test user orig multi value", "/home/testuserorigextra", "/bin/sh", NULL, attrs, 300, 0); @@ -2162,6 +2213,11 @@ void test_nss_getpwnam_upn(void **state) { errno_t ret; struct sysdb_attrs *attrs; + char *upnuser; + + upnuser = sss_create_internal_fqname(nss_test_ctx, "upnuser", + nss_test_ctx->tctx->dom->name); + assert_non_null(upnuser); attrs = sysdb_new_attrs(nss_test_ctx); assert_non_null(attrs); @@ -2171,7 +2227,7 @@ void test_nss_getpwnam_upn(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "upnuser", 34567, 45678, "up user", + upnuser, 34567, 45678, "up user", "/home/upnuser", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); @@ -2256,28 +2312,31 @@ void test_nss_initgroups(void **state) assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testinitgr", 321, 654, "test initgroups", + "testinitgr@"TEST_DOM_NAME, + 321, 654, "test initgroups", "/home/testinitgr", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_gr1", 3211, + "testinitgr_gr1@"TEST_DOM_NAME, 3211, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_gr2", 3212, + "testinitgr_gr2@"TEST_DOM_NAME, 3212, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_gr1", "testinitgr", + "testinitgr_gr1@"TEST_DOM_NAME, + "testinitgr@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_gr2", "testinitgr", + "testinitgr_gr2@"TEST_DOM_NAME, + "testinitgr@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2355,28 +2414,31 @@ static int test_nss_initgr_search_acct_cb(void *pvt) assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testinitgr_srch", 421, 654, "test initgroups", + "testinitgr_srch@"TEST_DOM_NAME, + 421, 654, "test initgroups", "/home/testinitgr", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_srch_gr1", 4211, + "testinitgr_srch_gr1@"TEST_DOM_NAME, 4211, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_srch_gr2", 4212, + "testinitgr_srch_gr2@"TEST_DOM_NAME, 4212, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_srch_gr1", "testinitgr_srch", + "testinitgr_srch_gr1@"TEST_DOM_NAME, + "testinitgr_srch@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_srch_gr2", "testinitgr_srch", + "testinitgr_srch_gr2@"TEST_DOM_NAME, + "testinitgr_srch@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2438,18 +2500,18 @@ static int test_nss_initgr_update_acct_cb(void *pvt) assert_int_equal(ret, EOK); ret = sysdb_set_user_attr(nss_test_ctx->tctx->dom, - "testinitgr_update", + "testinitgr_update@"TEST_DOM_NAME, attrs, SYSDB_MOD_REP); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_check_gr2", 5212, + "testinitgr_check_gr2@"TEST_DOM_NAME, 5212, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_check_gr2", - "testinitgr_update", + "testinitgr_check_gr2@"TEST_DOM_NAME, + "testinitgr_update@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2478,18 +2540,20 @@ void test_nss_initgr_update(void **state) assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testinitgr_update", 521, 654, "test initgroups", + "testinitgr_update@"TEST_DOM_NAME, + 521, 654, "test initgroups", "/home/testinitgr", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_update_gr1", 5211, + "testinitgr_update_gr1@"TEST_DOM_NAME, 5211, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_update_gr1", "testinitgr_update", + "testinitgr_update_gr1@"TEST_DOM_NAME, + "testinitgr_update@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2523,18 +2587,18 @@ static int test_nss_initgr_update_acct_2expire_attributes_cb(void *pvt) assert_int_equal(ret, EOK); ret = sysdb_set_user_attr(nss_test_ctx->tctx->dom, - "testinitgr_2attr", + "testinitgr_2attr@"TEST_DOM_NAME, attrs, SYSDB_MOD_REP); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_2attr_gr12", 5222, + "testinitgr_2attr_gr12@"TEST_DOM_NAME, 5222, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_2attr_gr12", - "testinitgr_2attr", + "testinitgr_2attr_gr12@"TEST_DOM_NAME, + "testinitgr_2attr@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2575,18 +2639,20 @@ void test_nss_initgr_update_two_expire_attributes(void **state) assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testinitgr_2attr", 522, 655, "test initgroups2", + "testinitgr_2attr@"TEST_DOM_NAME, + 522, 655, "test initgroups2", "/home/testinitgr_2attr", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group(nss_test_ctx->tctx->dom, - "testinitgr_2attr_gr11", 5221, + "testinitgr_2attr_gr11@"TEST_DOM_NAME, 5221, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->dom, - "testinitgr_2attr_gr11", "testinitgr_2attr", + "testinitgr_2attr_gr11@"TEST_DOM_NAME, + "testinitgr_2attr@"TEST_DOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); @@ -2749,7 +2815,8 @@ static void test_nss_getnamebysid(void **state) /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testsiduser", 12345, 6890, "test sid user", + "testsiduser@"TEST_DOM_NAME, + 12345, 6890, "test sid user", "/home/testsiduser", "/bin/sh", NULL, attrs, 300, 0); assert_int_equal(ret, EOK); @@ -2838,7 +2905,8 @@ static int test_nss_getnamebysid_update_acct_cb(void *pvt) errno_t ret; struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); - ret = sysdb_store_user(ctx->tctx->dom, "testsidbyname_update", NULL, + ret = sysdb_store_user(ctx->tctx->dom, + "testsidbyname_update@"TEST_DOM_NAME, NULL, 123456, 789, "test user", "/home/testsidbyname_update", "/bin/ksh", NULL, NULL, NULL, 300, 0); @@ -2867,7 +2935,8 @@ void test_nss_getnamebysid_update(void **state) /* Prime the cache with a valid but expired user */ ret = sysdb_add_user(nss_test_ctx->tctx->dom, - "testsidbyname_update", 123456, 789, "test user", + "testsidbyname_update@"TEST_DOM_NAME, + 123456, 789, "test user", "/home/testsidbyname_update", "/bin/sh", NULL, attrs, 1, 1); assert_int_equal(ret, EOK); diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index 75411feee..24ecc5a4a 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -1034,7 +1034,8 @@ void test_pam_offline_auth_success(void **state) { int ret; - ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345"); + ret = sysdb_cache_password(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345"); assert_int_equal(ret, EOK); mock_input_pam(pam_test_ctx, "pamuser", "12345", NULL); @@ -1058,7 +1059,7 @@ void test_pam_offline_auth_wrong_pw(void **state) { int ret; - ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345"); + ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser@"TEST_DOM_NAME, "12345"); assert_int_equal(ret, EOK); mock_input_pam(pam_test_ctx, "pamuser", "11111", NULL); @@ -1082,7 +1083,8 @@ void test_pam_offline_auth_success_2fa(void **state) { int ret; - ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345"); + ret = sysdb_cache_password(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345"); assert_int_equal(ret, EOK); mock_input_pam(pam_test_ctx, "pamuser", "12345", "abcde"); @@ -1106,7 +1108,8 @@ void test_pam_offline_auth_failed_2fa(void **state) { int ret; - ret = sysdb_cache_password(pam_test_ctx->tctx->dom, "pamuser", "12345"); + ret = sysdb_cache_password(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345"); assert_int_equal(ret, EOK); mock_input_pam(pam_test_ctx, "pamuser", "11111", "abcde"); @@ -1130,7 +1133,8 @@ void test_pam_offline_auth_success_2fa_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1155,7 +1159,8 @@ void test_pam_offline_auth_failed_2fa_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1180,7 +1185,8 @@ void test_pam_offline_auth_success_pw_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1205,7 +1211,8 @@ void test_pam_offline_auth_failed_pw_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", "12345", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1230,7 +1237,8 @@ void test_pam_offline_auth_success_combined_pw_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345678", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1255,7 +1263,8 @@ void test_pam_offline_auth_failed_combined_pw_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345678", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); @@ -1280,7 +1289,8 @@ void test_pam_offline_auth_failed_wrong_2fa_size_with_cached_2fa(void **state) { int ret; - ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, "pamuser", + ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom, + "pamuser@"TEST_DOM_NAME, "12345678", SSS_AUTHTOK_TYPE_2FA, 5); assert_int_equal(ret, EOK); diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c index 842f94a72..76c7e845c 100644 --- a/src/tests/cmocka/test_responder_cache_req.c +++ b/src/tests/cmocka/test_responder_cache_req.c @@ -173,7 +173,7 @@ static void cache_req_group_by_id_test_done(struct tevent_req *req) static void prepare_concrete_user(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char* user_name, + const char* user_shortname, int user_id, int group_id, uint64_t timeout, @@ -181,6 +181,10 @@ static void prepare_concrete_user(TALLOC_CTX *mem_ctx, { struct sysdb_attrs *attrs; errno_t ret; + char *name; + + name = sss_create_internal_fqname(mem_ctx, user_shortname, domain->name); + assert_non_null(name); attrs = sysdb_new_attrs(mem_ctx); assert_non_null(attrs); @@ -188,7 +192,7 @@ static void prepare_concrete_user(TALLOC_CTX *mem_ctx, ret = sysdb_attrs_add_string(attrs, SYSDB_UPN, TEST_UPN); assert_int_equal(ret, EOK); - ret = sysdb_store_user(domain, user_name, "pwd", + ret = sysdb_store_user(domain, name, "pwd", user_id, group_id, NULL, NULL, NULL, "cn=test-user,dc=test", attrs, NULL, timeout, transaction_time); @@ -209,9 +213,12 @@ static void run_user_by_name(struct cache_req_test_ctx *test_ctx, int cache_refresh_percent, errno_t exp_ret) { + char *name; + + name = sss_create_internal_fqname(test_ctx, TEST_USER_NAME, domain->name); run_cache_req(test_ctx, cache_req_user_by_name_send, cache_req_user_by_name_test_done, domain, - cache_refresh_percent, TEST_USER_NAME, exp_ret); + cache_refresh_percent, name, exp_ret); } static void run_user_by_upn(struct cache_req_test_ctx *test_ctx, @@ -270,8 +277,12 @@ static void prepare_group(TALLOC_CTX *mem_ctx, time_t transaction_time) { errno_t ret; + char *name; + + name = sss_create_internal_fqname(mem_ctx, TEST_GROUP_NAME, domain->name); + assert_non_null(name); - ret = sysdb_store_group(domain, TEST_GROUP_NAME, TEST_GROUP_ID, NULL, + ret = sysdb_store_group(domain, name, TEST_GROUP_ID, NULL, timeout, transaction_time); assert_int_equal(ret, EOK); } @@ -281,9 +292,13 @@ static void run_group_by_name(struct cache_req_test_ctx *test_ctx, int cache_refresh_percent, errno_t exp_ret) { + char *name; + + name = sss_create_internal_fqname(test_ctx, TEST_GROUP_NAME, + domain->name); run_cache_req(test_ctx, cache_req_group_by_name_send, cache_req_group_by_name_test_done, domain, - cache_refresh_percent, TEST_GROUP_NAME, exp_ret); + cache_refresh_percent, name, exp_ret); } static void run_group_by_id(struct cache_req_test_ctx *test_ctx, @@ -469,7 +484,8 @@ void test_user_by_name_multiple_domains_parse(void **state) struct sss_domain_info *domain = NULL; TALLOC_CTX *req_mem_ctx = NULL; struct tevent_req *req = NULL; - const char *name = TEST_USER_NAME; + char *name_a; + char *name_d; const char *fqn = NULL; errno_t ret; @@ -480,7 +496,11 @@ void test_user_by_name_multiple_domains_parse(void **state) "responder_cache_req_test_a", true); assert_non_null(domain); - ret = sysdb_store_user(domain, name, "pwd", 2000, 1000, + name_a = sss_create_internal_fqname(test_ctx, TEST_USER_NAME, + domain->name); + assert_non_null(name_a); + + ret = sysdb_store_user(domain, name_a, "pwd", 1000, 1000, NULL, NULL, NULL, "cn=test-user,dc=test", NULL, NULL, 1000, time(NULL)); assert_int_equal(ret, EOK); @@ -494,12 +514,12 @@ void test_user_by_name_multiple_domains_parse(void **state) prepare_user(test_ctx, domain, 1000, time(NULL)); /* Append domain name to the username. */ - fqn = talloc_asprintf(test_ctx, "%s@%s", name, + fqn = talloc_asprintf(test_ctx, "%s@%s", TEST_USER_NAME, "responder_cache_req_test_d"); assert_non_null(fqn); /* Mock values. */ - mock_parse_inp(name, "responder_cache_req_test_d", ERR_OK); + mock_parse_inp(TEST_USER_NAME, "responder_cache_req_test_d", ERR_OK); /* Test. */ @@ -520,7 +540,7 @@ void test_user_by_name_multiple_domains_parse(void **state) check_user(test_ctx, domain); assert_non_null(test_ctx->name); - assert_string_equal(name, test_ctx->name); + assert_string_equal(name_d, test_ctx->name); } void test_user_by_name_cache_valid(void **state) @@ -540,7 +560,6 @@ void test_user_by_name_cache_valid(void **state) void test_user_by_name_cache_expired(void **state) { struct cache_req_test_ctx *test_ctx = NULL; - test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx); /* Setup user. */ @@ -970,7 +989,8 @@ void test_group_by_name_multiple_domains_parse(void **state) struct sss_domain_info *domain = NULL; TALLOC_CTX *req_mem_ctx = NULL; struct tevent_req *req = NULL; - const char *name = TEST_GROUP_NAME; + const char *shortname = TEST_GROUP_NAME; + char *name_a; const char *fqn = NULL; errno_t ret; @@ -980,8 +1000,10 @@ void test_group_by_name_multiple_domains_parse(void **state) domain = find_domain_by_name(test_ctx->tctx->dom, "responder_cache_req_test_a", true); assert_non_null(domain); + name_a = sss_create_internal_fqname(test_ctx, shortname, domain->name); + assert_int_equal(ret, EOK); - ret = sysdb_store_group(domain, name, 2000, NULL, + ret = sysdb_store_group(domain, name_a, 2000, NULL, 1000, time(NULL)); assert_int_equal(ret, EOK); @@ -994,7 +1016,7 @@ void test_group_by_name_multiple_domains_parse(void **state) prepare_group(test_ctx, domain, 1000, time(NULL)); /* Append domain name to the username. */ - fqn = talloc_asprintf(test_ctx, "%s@%s", name, + fqn = talloc_asprintf(test_ctx, "%s@%s", shortname, "responder_cache_req_test_d"); assert_non_null(fqn); @@ -1002,7 +1024,7 @@ void test_group_by_name_multiple_domains_parse(void **state) req_mem_ctx = talloc_new(global_talloc_context); check_leaks_push(req_mem_ctx); - mock_parse_inp(name, "responder_cache_req_test_d", ERR_OK); + mock_parse_inp(TEST_USER_NAME, "responder_cache_req_test_d", ERR_OK); req = cache_req_group_by_name_send(req_mem_ctx, test_ctx->tctx->ev, test_ctx->rctx, test_ctx->ncache, 10, 0, @@ -1018,7 +1040,7 @@ void test_group_by_name_multiple_domains_parse(void **state) check_group(test_ctx, domain); assert_non_null(test_ctx->name); - assert_string_equal(name, test_ctx->name); + assert_string_equal(TEST_USER_NAME, test_ctx->name); } void test_group_by_name_cache_valid(void **state) @@ -1402,7 +1424,8 @@ void test_users_by_filter_filter_old(void **state) /* This user was updated in distant past, so it wont't be reported by * the filter search */ - ret = sysdb_store_user(test_ctx->tctx->dom, TEST_USER_NAME2, "pwd", 1001, 1001, + ret = sysdb_store_user(test_ctx->tctx->dom, + TEST_USER_NAME2"@"TEST_DOM_NAME, "pwd", 1001, 1001, NULL, NULL, NULL, "cn="TEST_USER_NAME2",dc=test", NULL, NULL, 1000, 1); assert_int_equal(ret, EOK); diff --git a/src/tests/cmocka/test_sysdb_views.c b/src/tests/cmocka/test_sysdb_views.c index 8ec9b53fb..b8cb453b0 100644 --- a/src/tests/cmocka/test_sysdb_views.c +++ b/src/tests/cmocka/test_sysdb_views.c @@ -150,6 +150,7 @@ static void test_sysdb_store_override(void **state) struct ldb_message **msgs; struct sysdb_attrs *attrs; size_t count; + char *name; const char override_dn_str[] = SYSDB_OVERRIDE_ANCHOR_UUID "=" \ TEST_ANCHOR_PREFIX TEST_USER_SID "," TEST_VIEW_CONTAINER; @@ -157,14 +158,17 @@ static void test_sysdb_store_override(void **state) struct sysdb_test_ctx); test_ctx->domain->mpg = false; + name = sss_create_internal_fqname(test_ctx, TEST_USER_NAME, + test_ctx->domain->name); + assert_non_null(name); - ret = sysdb_store_user(test_ctx->domain, TEST_USER_NAME, NULL, + ret = sysdb_store_user(test_ctx->domain, name, NULL, TEST_USER_UID, TEST_USER_GID, TEST_USER_GECOS, TEST_USER_HOMEDIR, TEST_USER_SHELL, NULL, NULL, NULL, 0,0); assert_int_equal(ret, EOK); - ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, TEST_USER_NAME, + ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, name, NULL, &msg); assert_int_equal(ret, EOK); assert_non_null(msg); @@ -378,6 +382,7 @@ void test_sysdb_delete_view_tree(void **state) struct sysdb_attrs *attrs; size_t count; struct ldb_dn *views_dn; + char *name; struct sysdb_test_ctx *test_ctx = talloc_get_type_abort(*state, struct sysdb_test_ctx); @@ -387,13 +392,17 @@ void test_sysdb_delete_view_tree(void **state) ret = sysdb_update_view_name(test_ctx->domain->sysdb, TEST_VIEW_NAME); assert_int_equal(ret, EOK); - ret = sysdb_store_user(test_ctx->domain, TEST_USER_NAME, NULL, + name = sss_create_internal_fqname(test_ctx, TEST_USER_NAME, + test_ctx->domain->name); + assert_non_null(name); + + ret = sysdb_store_user(test_ctx->domain, name, NULL, TEST_USER_UID, TEST_USER_GID, TEST_USER_GECOS, TEST_USER_HOMEDIR, TEST_USER_SHELL, NULL, NULL, NULL, 0,0); assert_int_equal(ret, EOK); - ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, TEST_USER_NAME, + ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, name, NULL, &msg); assert_int_equal(ret, EOK); assert_non_null(msg); @@ -436,6 +445,7 @@ void test_sysdb_invalidate_overrides(void **state) struct ldb_message *msg; struct sysdb_attrs *attrs; struct ldb_dn *views_dn; + char *name; const char *user_attrs[] = { SYSDB_NAME, SYSDB_CACHE_EXPIRE, SYSDB_OVERRIDE_DN, @@ -445,17 +455,21 @@ void test_sysdb_invalidate_overrides(void **state) struct sysdb_test_ctx); test_ctx->domain->mpg = false; + name = sss_create_internal_fqname(test_ctx, TEST_USER_NAME, + test_ctx->domain->name); + assert_non_null(name); + ret = sysdb_update_view_name(test_ctx->domain->sysdb, TEST_VIEW_NAME); assert_int_equal(ret, EOK); - ret = sysdb_store_user(test_ctx->domain, TEST_USER_NAME, NULL, + ret = sysdb_store_user(test_ctx->domain, name, NULL, TEST_USER_UID, TEST_USER_GID, TEST_USER_GECOS, TEST_USER_HOMEDIR, TEST_USER_SHELL, NULL, NULL, NULL, 10,0); assert_int_equal(ret, EOK); - ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, TEST_USER_NAME, + ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, name, NULL, &msg); assert_int_equal(ret, EOK); assert_non_null(msg); @@ -478,7 +492,7 @@ void test_sysdb_invalidate_overrides(void **state) ret = sysdb_delete_view_tree(test_ctx->domain->sysdb, TEST_VIEW_NAME); assert_int_equal(ret, EOK); - ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, TEST_USER_NAME, + ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, name, user_attrs, &msg); assert_int_equal(ret, EOK); assert_non_null(msg); @@ -488,7 +502,7 @@ void test_sysdb_invalidate_overrides(void **state) ret = sysdb_invalidate_overrides(test_ctx->domain->sysdb); assert_int_equal(ret, EOK); - ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, TEST_USER_NAME, + ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, name, user_attrs, &msg); assert_int_equal(ret, EOK); assert_non_null(msg); @@ -496,7 +510,7 @@ void test_sysdb_invalidate_overrides(void **state) 1); assert_null(ldb_msg_find_attr_as_string(msg, SYSDB_OVERRIDE_DN, NULL)); - ret = sysdb_delete_user(test_ctx->domain, TEST_USER_NAME, 0); + ret = sysdb_delete_user(test_ctx->domain, name, 0); assert_int_equal(ret, EOK); } @@ -542,19 +556,23 @@ static void enum_test_add_users(struct sysdb_test_ctx *test_ctx, int i; int ret; struct sysdb_attrs *attrs; + char *name = NULL; for (i = 0; usernames[i] != NULL; i++) { attrs = talloc(test_ctx, struct sysdb_attrs); assert_non_null(attrs); - - ret = sysdb_store_user(test_ctx->domain, usernames[i], + name = sss_create_internal_fqname(test_ctx, usernames[i], + test_ctx->domain->name); + assert_non_null(name); + ret = sysdb_store_user(test_ctx->domain, name, NULL, 0, 0, usernames[i], "/", "/bin/sh", NULL, NULL, NULL, 1, 1234 + i); assert_int_equal(ret, EOK); - enum_test_user_override(test_ctx, usernames[i]); + enum_test_user_override(test_ctx, name); talloc_free(attrs); + talloc_free(name); } } @@ -779,16 +797,19 @@ static void enum_test_add_groups(struct sysdb_test_ctx *test_ctx, int i; int ret; struct sysdb_attrs *attrs; + char *gr_name; for (i = 0; groupnames[i] != NULL; i++) { attrs = talloc(test_ctx, struct sysdb_attrs); assert_non_null(attrs); - ret = sysdb_store_group(test_ctx->domain, groupnames[i], + gr_name = sss_create_internal_fqname(test_ctx, groupnames[i], + test_ctx->domain->name); + ret = sysdb_store_group(test_ctx->domain, gr_name, 0, NULL, 1, 1234 + i); assert_int_equal(ret, EOK); - enum_test_group_override(test_ctx, groupnames[i], + enum_test_group_override(test_ctx, gr_name, TEST_GID_OVERRIDE_BASE + i); talloc_free(attrs); } diff --git a/src/tests/simple_access-tests.c b/src/tests/simple_access-tests.c index a7d6a5278..b968b3570 100644 --- a/src/tests/simple_access-tests.c +++ b/src/tests/simple_access-tests.c @@ -159,38 +159,65 @@ void setup_simple_group(void) setup_simple(); + char *u1; + char *u2; + char *u3; + char *g1; + char *g2; + char *pvt; + + u1 = sss_create_internal_fqname(test_ctx, "u1", + test_ctx->ctx->domain->name); + u2 = sss_create_internal_fqname(test_ctx, "u2", + test_ctx->ctx->domain->name); + u3 = sss_create_internal_fqname(test_ctx, "u3", + test_ctx->ctx->domain->name); + g1 = sss_create_internal_fqname(test_ctx, "g1", + test_ctx->ctx->domain->name); + g2 = sss_create_internal_fqname(test_ctx, "g2", + test_ctx->ctx->domain->name); + pvt = sss_create_internal_fqname(test_ctx, "pvt", + test_ctx->ctx->domain->name); + + fail_if(u1 == NULL, "sss_create_internal_fqname failed"); + fail_if(u2 == NULL, "sss_create_internal_fqname failed"); + fail_if(u3 == NULL, "sss_create_internal_fqname failed"); + fail_if(g1 == NULL, "sss_create_internal_fqname failed"); + fail_if(g2 == NULL, "sss_create_internal_fqname failed"); + fail_if(pvt == NULL, "sss_create_internal_fqname failed"); + /* Add test users u1 and u2 that would be members of test groups * g1 and g2 respectively */ - ret = sysdb_add_group(test_ctx->ctx->domain, "pvt", 999, NULL, 0, 0); + ret = sysdb_add_group(test_ctx->ctx->domain, pvt, 999, NULL, 0, 0); fail_if(ret != EOK, "Could not add private group %s", strerror(ret)); ret = sysdb_store_user(test_ctx->ctx->domain, - "u1", NULL, 123, 999, "u1", "/home/u1", + u1, NULL, 123, 999, "u1", "/home/u1", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_if(ret != EOK, "Could not add u1"); ret = sysdb_store_user(test_ctx->ctx->domain, - "u2", NULL, 456, 999, "u1", "/home/u1", + u2, NULL, 456, 999, "u1", "/home/u1", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_if(ret != EOK, "Could not add u2"); ret = sysdb_store_user(test_ctx->ctx->domain, - "u3", NULL, 789, 999, "u1", "/home/u1", + u3, NULL, 789, 999, "u1", "/home/u1", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_if(ret != EOK, "Could not add u3"); - ret = sysdb_add_group(test_ctx->ctx->domain, "g1", 321, NULL, 0, 0); + ret = sysdb_add_group(test_ctx->ctx->domain, g1, 321, NULL, 0, 0); fail_if(ret != EOK, "Could not add g1"); - ret = sysdb_add_group(test_ctx->ctx->domain, "g2", 654, NULL, 0, 0); + ret = sysdb_add_group(test_ctx->ctx->domain, g2, 654, NULL, 0, 0); fail_if(ret != EOK, "Could not add g2"); ret = sysdb_add_group_member(test_ctx->ctx->domain, - "g1", "u1", SYSDB_MEMBER_USER, false); + g1, u1, SYSDB_MEMBER_USER, false); fail_if(ret != EOK, "Could not add u1 to g1"); ret = sysdb_add_group_member(test_ctx->ctx->domain, - "g2", "u2", SYSDB_MEMBER_USER, false); + g2, u2, SYSDB_MEMBER_USER, false); fail_if(ret != EOK, "Could not add u2 to g2"); } @@ -198,17 +225,45 @@ void teardown_simple_group(void) { errno_t ret; - ret = sysdb_delete_user(test_ctx->ctx->domain, "u1", 0); + char *u1; + char *u2; + char *u3; + char *g1; + char *g2; + char *pvt; + + u1 = sss_create_internal_fqname(test_ctx, "u1", + test_ctx->ctx->domain->name); + u2 = sss_create_internal_fqname(test_ctx, "u2", + test_ctx->ctx->domain->name); + u3 = sss_create_internal_fqname(test_ctx, "u3", + test_ctx->ctx->domain->name); + g1 = sss_create_internal_fqname(test_ctx, "g1", + test_ctx->ctx->domain->name); + g2 = sss_create_internal_fqname(test_ctx, "g2", + test_ctx->ctx->domain->name); + pvt = sss_create_internal_fqname(test_ctx, "pvt", + test_ctx->ctx->domain->name); + + fail_if(u1 == NULL, "sss_create_internal_fqname failed"); + fail_if(u2 == NULL, "sss_create_internal_fqname failed"); + fail_if(u3 == NULL, "sss_create_internal_fqname failed"); + fail_if(g1 == NULL, "sss_create_internal_fqname failed"); + fail_if(g2 == NULL, "sss_create_internal_fqname failed"); + fail_if(pvt == NULL, "sss_create_internal_fqname failed"); + + + ret = sysdb_delete_user(test_ctx->ctx->domain, u1, 0); fail_if(ret != EOK, "Could not delete u1"); - ret = sysdb_delete_user(test_ctx->ctx->domain, "u2", 0); + ret = sysdb_delete_user(test_ctx->ctx->domain, u2, 0); fail_if(ret != EOK, "Could not delete u2"); - ret = sysdb_delete_user(test_ctx->ctx->domain, "u3", 0); + ret = sysdb_delete_user(test_ctx->ctx->domain, u3, 0); fail_if(ret != EOK, "Could not delete u3"); - ret = sysdb_delete_group(test_ctx->ctx->domain, "g1", 0); + ret = sysdb_delete_group(test_ctx->ctx->domain, g1, 0); fail_if(ret != EOK, "Could not delete g1"); - ret = sysdb_delete_group(test_ctx->ctx->domain, "g2", 0); + ret = sysdb_delete_group(test_ctx->ctx->domain, g2, 0); fail_if(ret != EOK, "Could not delete g2"); - ret = sysdb_delete_group(test_ctx->ctx->domain, "pvt", 0); + ret = sysdb_delete_group(test_ctx->ctx->domain, pvt, 0); fail_if(ret != EOK, "Could not delete pvt"); teardown_simple(); diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index d64e31cfb..0477660f3 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -44,6 +44,7 @@ #define TEST_ATTR_ADD_VALUE "test_attr_add_value" #define CUSTOM_TEST_CONTAINER "custom_test_container" #define CUSTOM_TEST_OBJECT "custom_test_object" +#define TEST_DOM_NAME "local" #define ASQ_TEST_USER "testuser27010" #define ASQ_TEST_USER_UID 27010 @@ -146,7 +147,7 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) return ret; } - ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local", + ret = sssd_domain_init(test_ctx, test_ctx->confdb, TEST_DOM_NAME, TESTS_PATH, &test_ctx->domain); if (ret != EOK) { fail("Could not initialize connection to the sysdb (%d)", ret); @@ -274,9 +275,14 @@ static int test_add_incomplete_group(struct test_data *data) static int test_store_group(struct test_data *data) { int ret; + char *internal_fqname; + internal_fqname = sss_create_internal_fqname(data->ctx, + data->groupname, + data->ctx->domain->name); ret = sysdb_store_group(data->ctx->domain, - data->groupname, data->gid, data->attrs, -1, 0); + internal_fqname, data->gid, data->attrs, -1, 0); + talloc_free(internal_fqname); return ret; } @@ -314,16 +320,18 @@ static int test_set_user_attr(struct test_data *data) static int test_add_group_member(struct test_data *data) { - const char *username; + const char *fq_username; int ret; - username = talloc_asprintf(data, "testuser%d", data->uid); - if (username == NULL) { + fq_username = talloc_asprintf(data, "testuser%d@%s", data->uid, + data->ctx->domain->name); + if (fq_username == NULL) { return ENOMEM; } ret = sysdb_add_group_member(data->ctx->domain, - data->groupname, username, + data->groupname, + fq_username, SYSDB_MEMBER_USER, false); return ret; } @@ -331,6 +339,7 @@ static int test_add_group_member(struct test_data *data) static int test_remove_group_member(struct test_data *data) { const char *username; + char *user_fqname; int ret; username = talloc_asprintf(data, "testuser%d", data->uid); @@ -338,8 +347,11 @@ static int test_remove_group_member(struct test_data *data) return ENOMEM; } + user_fqname = sss_create_internal_fqname(data, username, + data->ctx->domain->name); + ret = sysdb_remove_group_member(data->ctx->domain, - data->groupname, username, + data->groupname, user_fqname, SYSDB_MEMBER_USER, false); return ret; } @@ -407,6 +419,7 @@ static int test_memberof_store_group(struct test_data *data) struct sysdb_attrs *attrs = NULL; char *member; int i; + char *gr_fqname; attrs = sysdb_new_attrs(data); if (!attrs) { @@ -424,8 +437,11 @@ static int test_memberof_store_group(struct test_data *data) } } + gr_fqname = sss_create_internal_fqname(data->ctx, data->groupname, + data->ctx->domain->name); ret = sysdb_store_group(data->ctx->domain, - data->groupname, data->gid, attrs, -1, 0); + gr_fqname, data->gid, attrs, -1, 0); + talloc_free(gr_fqname); return ret; } @@ -435,6 +451,7 @@ static int test_memberof_store_group_with_ghosts(struct test_data *data) struct sysdb_attrs *attrs = NULL; char *member; int i; + char *gr_fqname; attrs = sysdb_new_attrs(data); if (!attrs) { @@ -461,8 +478,14 @@ static int test_memberof_store_group_with_ghosts(struct test_data *data) } } + gr_fqname = sss_create_internal_fqname(data->ctx, data->groupname, + data->ctx->domain->name); + if (gr_fqname == NULL) { + return ENOMEM; + } + ret = sysdb_store_group(data->ctx->domain, - data->groupname, data->gid, attrs, -1, 0); + gr_fqname, data->gid, attrs, -1, 0); return ret; } @@ -539,7 +562,7 @@ START_TEST (test_sysdb_user_new_id) return; } - username = "testuser_newid"; + username = "testuser_newid@test.sub"; attrs = sysdb_new_attrs(test_ctx); fail_if(attrs == NULL); @@ -574,6 +597,7 @@ START_TEST (test_sysdb_store_user) struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; + char *shortname; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -587,7 +611,10 @@ START_TEST (test_sysdb_store_user) data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; - data->username = talloc_asprintf(data, "testuser%d", _i); + shortname = talloc_asprintf(data, "testuser%d", _i); + data->username = sss_create_internal_fqname(data, shortname, + data->ctx->domain->name); + talloc_free(shortname); ret = test_store_user(data); @@ -601,6 +628,7 @@ START_TEST (test_sysdb_store_user_existing) struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; + char *shortname; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -614,8 +642,11 @@ START_TEST (test_sysdb_store_user_existing) data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; - data->username = talloc_asprintf(data, "testuser%d", _i); + shortname = talloc_asprintf(data, "testuser%d", _i); data->shell = talloc_asprintf(data, "/bin/ksh"); + data->username = sss_create_internal_fqname(data, shortname, + data->ctx->domain->name); + talloc_free(shortname); ret = test_store_user(data); @@ -641,7 +672,7 @@ START_TEST (test_sysdb_store_group) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, TEST_DOM_NAME); ret = test_store_group(data); @@ -716,7 +747,7 @@ START_TEST (test_sysdb_remove_local_group) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, TEST_DOM_NAME); ret = test_remove_group(data); @@ -795,7 +826,7 @@ START_TEST (test_sysdb_add_group) data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, TEST_DOM_NAME); ret = test_add_group(data); @@ -824,7 +855,8 @@ START_TEST (test_sysdb_add_group_with_ghosts) data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, + TEST_DOM_NAME); fail_unless(data->groupname != NULL, "Out of memory\n"); data->attrs = sysdb_new_attrs(data); @@ -867,7 +899,7 @@ START_TEST (test_sysdb_add_incomplete_group) data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, TEST_DOM_NAME); ret = test_add_incomplete_group(data); @@ -1167,7 +1199,7 @@ START_TEST (test_sysdb_set_user_attr) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->username = talloc_asprintf(data, "testuser%d", _i); + data->username = talloc_asprintf(data, "testuser%d@%s", _i, test_ctx->domain->name); data->attrs = sysdb_new_attrs(test_ctx); if (ret != EOK) { @@ -1231,7 +1263,8 @@ START_TEST (test_sysdb_remove_attrs) ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); - username = talloc_asprintf(test_ctx, "testuser%d", _i); + username = talloc_asprintf(test_ctx, "testuser%d@%s", _i, + test_ctx->domain->name); fail_if(username == NULL, "OOM"); ret = sysdb_getpwnam(test_ctx, @@ -1324,7 +1357,7 @@ START_TEST (test_sysdb_get_user_attr_subdomain) fail_if(ret != EOK, "Failed to init names."); /* Create user */ - fq_name = sss_tc_fqname(test_ctx, subdomain->names, subdomain, username); + fq_name = sss_create_internal_fqname(test_ctx, username, subdomain->name); fail_if(fq_name == NULL, "Failed to create fq name."); ret = sysdb_store_user(subdomain, fq_name, NULL, 12345, 0, "Gecos", @@ -1362,7 +1395,7 @@ START_TEST (test_sysdb_add_group_member) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, TEST_DOM_NAME); data->uid = _i - 1000; /* the UID of user to add */ ret = test_add_group_member(data); @@ -1437,7 +1470,8 @@ START_TEST (test_sysdb_remove_group_member) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, + TEST_DOM_NAME); data->uid = _i - 1000; /* the UID of user to add */ ret = test_remove_group_member(data); @@ -2049,7 +2083,8 @@ START_TEST (test_sysdb_prepare_asq_test_user) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->groupname = talloc_asprintf(data, "testgroup%d", _i); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", _i, + TEST_DOM_NAME); data->uid = ASQ_TEST_USER_UID; ret = test_add_group_member(data); @@ -2260,7 +2295,8 @@ START_TEST (test_sysdb_memberof_store_group) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = MBO_GROUP_BASE + _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); if (_i == 0) { data->attrlist = NULL; @@ -2283,6 +2319,7 @@ START_TEST (test_sysdb_memberof_store_group_with_ghosts) struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; + char *member_name; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -2297,7 +2334,7 @@ START_TEST (test_sysdb_memberof_store_group_with_ghosts) data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); - if (_i == 0) { + if (_i == 0 || _i == MBO_GROUP_BASE) { data->attrlist = NULL; } else { data->attrlist = talloc_array(data, const char *, 2); @@ -2308,7 +2345,9 @@ START_TEST (test_sysdb_memberof_store_group_with_ghosts) data->memberlist = talloc_array(data, char *, 2); fail_unless(data->memberlist != NULL, "talloc_array failed."); - data->memberlist[0] = talloc_asprintf(data, "testuser%d", data->gid); + member_name = talloc_asprintf(data, "testuser%d", data->gid); + data->memberlist[0] = sss_create_internal_fqname(data, member_name, + test_ctx->domain->name); data->memberlist[1] = NULL; ret = test_memberof_store_group_with_ghosts(data); @@ -2335,7 +2374,8 @@ START_TEST (test_sysdb_memberof_store_group_with_double_ghosts) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); if (_i == 0) { data->attrlist = NULL; @@ -2380,7 +2420,8 @@ START_TEST (test_sysdb_memberof_mod_add) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -2469,7 +2510,8 @@ START_TEST (test_sysdb_memberof_mod_replace) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -2562,7 +2604,8 @@ START_TEST (test_sysdb_memberof_mod_replace_keep) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = MBO_GROUP_BASE + 10 - _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -2711,7 +2754,8 @@ START_TEST (test_sysdb_memberof_close_loop) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = MBO_GROUP_BASE; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); @@ -2730,6 +2774,7 @@ START_TEST (test_sysdb_memberof_store_user) struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; + char *shortname; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -2743,8 +2788,10 @@ START_TEST (test_sysdb_memberof_store_user) data->ev = test_ctx->ev; data->uid = MBO_USER_BASE + _i; data->gid = 0; /* MPG domain */ - data->username = talloc_asprintf(data, "testuser%d", data->uid); - + shortname = talloc_asprintf(data, "testuser%d", data->uid); + data->username = sss_create_internal_fqname(data, shortname, + data->ctx->domain->name); + talloc_free(shortname); ret = test_store_user(data); fail_if(ret != EOK, "Could not store user %s", data->username); @@ -2768,7 +2815,9 @@ START_TEST (test_sysdb_memberof_add_group_member) data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; - data->groupname = talloc_asprintf(data, "testgroup%d", _i + MBO_GROUP_BASE); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", + _i + MBO_GROUP_BASE, + TEST_DOM_NAME); data->uid = MBO_USER_BASE + _i; ret = test_add_group_member(data); @@ -3122,7 +3171,8 @@ START_TEST (test_sysdb_memberof_mod_del) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -3257,6 +3307,7 @@ START_TEST (test_sysdb_memberof_convert_to_real_users) struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; + char *shortname; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -3270,8 +3321,10 @@ START_TEST (test_sysdb_memberof_convert_to_real_users) data->ev = test_ctx->ev; data->uid = _i * 2; data->gid = _i * 2; - data->username = talloc_asprintf(data, "testghost%d", _i); - + shortname = talloc_asprintf(data, "testghost%d", _i); + data->username = sss_create_internal_fqname(data, shortname, + data->ctx->domain->name); + talloc_free(shortname); ret = test_store_user(data); fail_if(ret != EOK, "Cannot add user %s\n", data->username); } @@ -3365,7 +3418,8 @@ START_TEST (test_sysdb_memberof_ghost_replace) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -3445,7 +3499,8 @@ START_TEST (test_sysdb_memberof_ghost_replace_noop) data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; - data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); + data->groupname = talloc_asprintf(data, "testgroup%d@%s", data->gid, + TEST_DOM_NAME); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { @@ -3619,14 +3674,23 @@ START_TEST(test_sysdb_get_real_name) struct sysdb_test_ctx *test_ctx; struct sysdb_attrs *user_attrs; const char *str; + char *fq_alias; + char *realname; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); + fq_alias = sss_create_internal_fqname(test_ctx, "alias", + test_ctx->domain->name); + realname = sss_create_internal_fqname(test_ctx, "RealName", + test_ctx->domain->name); + fail_if(fq_alias == NULL, "sss_create_internal_fqname failed"); + fail_if(realname == NULL, "sss_create_internal_fqname failed"); + user_attrs = sysdb_new_attrs(test_ctx); fail_unless(user_attrs != NULL, "sysdb_new_attrs failed"); - ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, "alias"); + ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, fq_alias); fail_unless(ret == EOK, "sysdb_attrs_add_string failed."); ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, "foo@bar"); @@ -3640,34 +3704,34 @@ START_TEST(test_sysdb_get_real_name) "12345678-9012-3456-7890-123456789012"); fail_unless(ret == EOK, "sysdb_attrs_add_string failed."); - ret = sysdb_store_user(test_ctx->domain, "RealName", + ret = sysdb_store_user(test_ctx->domain, realname, NULL, 22345, 0, "gecos", "/home/realname", "/bin/bash", NULL, user_attrs, NULL, -1, 0); fail_unless(ret == EOK, "sysdb_store_user failed."); /* Get real, uncanonicalized name as string */ - ret = sysdb_get_real_name(test_ctx, test_ctx->domain, "alias", &str); + ret = sysdb_get_real_name(test_ctx, test_ctx->domain, fq_alias, &str); fail_unless(ret == EOK, "sysdb_get_real_name failed."); - fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].", - "RealName", str); + fail_unless(strcmp(str, realname) == 0, "Expected [%s], got [%s].", + realname, str); ret = sysdb_get_real_name(test_ctx, test_ctx->domain, "foo@bar", &str); fail_unless(ret == EOK, "sysdb_get_real_name failed."); - fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].", - "RealName", str); + fail_unless(strcmp(str, realname) == 0, "Expected [%s], got [%s].", + realname, str); ret = sysdb_get_real_name(test_ctx, test_ctx->domain, "S-1-5-21-123-456-789-111", &str); fail_unless(ret == EOK, "sysdb_get_real_name failed."); - fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].", - "RealName", str); + fail_unless(strcmp(str, realname) == 0, "Expected [%s], got [%s].", + realname, str); ret = sysdb_get_real_name(test_ctx, test_ctx->domain, "12345678-9012-3456-7890-123456789012", &str); fail_unless(ret == EOK, "sysdb_get_real_name failed."); - fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].", - "RealName", str); + fail_unless(strcmp(str, realname) == 0, "Expected [%s], got [%s].", + realname, str); } END_TEST @@ -3678,14 +3742,21 @@ START_TEST(test_group_rename) gid_t gid; const gid_t grgid = 38001; const char *name; - const char *fromname = "fromgroup"; - const char *toname = "togroup"; + char *fromname; + char *toname; struct ldb_result *res; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); + fromname = sss_create_internal_fqname(test_ctx, "fromgroup", + test_ctx->domain->name); + fail_if(fromname == NULL, "sss_create_internal_fqname failed"); + toname = sss_create_internal_fqname(test_ctx, "togroup", + test_ctx->domain->name); + fail_if(toname == NULL, "sss_create_internal_fqname failed"); + /* Store and verify the first group */ ret = sysdb_store_group(test_ctx->domain, fromname, grgid, NULL, 0, 0); @@ -3748,14 +3819,19 @@ START_TEST(test_user_rename) uid_t uid; const uid_t userid = 38002; const char *name; - const char *fromname = "fromuser"; - const char *toname = "touser"; + char *fromname; + char *toname; struct ldb_result *res; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); + fromname = sss_create_internal_fqname(&test_ctx, "fromname", test_ctx->domain->name); + toname = sss_create_internal_fqname(&test_ctx, "toname", test_ctx->domain->name); + fail_if(fromname == NULL, "sss_create_internal_fqname failed"); + fail_if(toname == NULL, "sss_create_internal_fqname failed"); + /* Store and verify the first user */ ret = sysdb_store_user(test_ctx->domain, fromname, NULL, userid, 0, @@ -3821,32 +3897,42 @@ START_TEST (test_sysdb_update_members) char **add_groups; char **del_groups; const char *user = "testuser27000"; + char *user_fqname; errno_t ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); + user_fqname = sss_create_internal_fqname(test_ctx, user, + test_ctx->domain->name); + fail_if(user_fqname == NULL, "user_fqname returned NULL"); + /* Add a user to two groups */ add_groups = talloc_array(test_ctx, char *, 3); - add_groups[0] = talloc_strdup(add_groups, "testgroup28001"); - add_groups[1] = talloc_strdup(add_groups, "testgroup28002"); + add_groups[0] = sss_create_internal_fqname(add_groups, "testgroup28001", + test_ctx->domain->name); + add_groups[1] = sss_create_internal_fqname(add_groups, "testgroup28002", + test_ctx->domain->name); add_groups[2] = NULL; - ret = sysdb_update_members(test_ctx->domain, user, SYSDB_MEMBER_USER, + ret = sysdb_update_members(test_ctx->domain, user_fqname, + SYSDB_MEMBER_USER, (const char *const *)add_groups, NULL); fail_unless(ret == EOK, "Could not add groups"); talloc_zfree(add_groups); /* Remove a user from one group and add to another */ del_groups = talloc_array(test_ctx, char *, 2); - del_groups[0] = talloc_strdup(del_groups, "testgroup28001"); + del_groups[0] = sss_create_internal_fqname(del_groups, "testgroup28001", + test_ctx->domain->name); del_groups[1] = NULL; add_groups = talloc_array(test_ctx, char *, 2); - add_groups[0] = talloc_strdup(add_groups, "testgroup28003"); + add_groups[0] = sss_create_internal_fqname(add_groups, "testgroup28003", + test_ctx->domain->name); add_groups[1] = NULL; - ret = sysdb_update_members(test_ctx->domain, user, SYSDB_MEMBER_USER, + ret = sysdb_update_members(test_ctx->domain, user_fqname, SYSDB_MEMBER_USER, (const char *const *)add_groups, (const char *const *)del_groups); fail_unless(ret == EOK, "Group replace failed"); @@ -3855,11 +3941,13 @@ START_TEST (test_sysdb_update_members) /* Remove a user from two groups */ del_groups = talloc_array(test_ctx, char *, 3); - del_groups[0] = talloc_strdup(del_groups, "testgroup28002"); - del_groups[1] = talloc_strdup(del_groups, "testgroup28003"); + del_groups[0] = sss_create_internal_fqname(del_groups, "testgroup28002", + test_ctx->domain->name); + del_groups[1] = sss_create_internal_fqname(del_groups, "testgroup28003", + test_ctx->domain->name); del_groups[2] = NULL; - ret = sysdb_update_members(test_ctx->domain, user, SYSDB_MEMBER_USER, + ret = sysdb_update_members(test_ctx->domain, user_fqname, SYSDB_MEMBER_USER, NULL, (const char *const *)del_groups); fail_unless(ret == EOK, "Could not remove groups"); @@ -3883,7 +3971,7 @@ START_TEST (test_sysdb_group_dn_name) return; } - groupname = talloc_asprintf(test_ctx, "testgroup%d", _i); + groupname = talloc_asprintf(test_ctx, "testgroup%d@%s", _i, TEST_DOM_NAME); group_dn = sysdb_group_dn(test_ctx, test_ctx->domain, groupname); if (!group_dn || !groupname) { fail("Out of memory"); @@ -4092,10 +4180,10 @@ START_TEST(test_odd_characters) struct ldb_result *res; struct ldb_message *msg; const struct ldb_val *val; - const char odd_username[] = "*(odd)\\user,name"; + char *odd_username; const char odd_username_orig_dn[] = "\\2a\\28odd\\29\\5cuser,name,cn=users,dc=example,dc=com"; - const char odd_groupname[] = "*(odd\\*)\\group,name"; + char *odd_groupname; const char odd_netgroupname[] = "*(odd\\*)\\netgroup,name"; const char *received_user; const char *received_group; @@ -4109,6 +4197,14 @@ START_TEST(test_odd_characters) return; } + odd_groupname = sss_create_internal_fqname(test_ctx, + "*(odd\\*)\\group,name", + test_ctx->domain->name); + odd_username = sss_create_internal_fqname(test_ctx, "*(odd)\\user,name", + test_ctx->domain->name); + fail_if(odd_groupname == NULL, "sss_create_internal_fqname failed"); + fail_if(odd_username == NULL, "sss_create_internal_fqname failed"); + /* ===== Groups ===== */ /* Add */ @@ -4249,7 +4345,7 @@ START_TEST(test_SSS_LDB_SEARCH) struct sysdb_test_ctx *test_ctx; struct ldb_dn *group_dn, *nonexist_dn; struct ldb_result *res; - const char groupname[] = "test_group"; + const char groupname[] = "test_group@"TEST_DOM_NAME; const char *received_group; /* Setup */ @@ -4265,7 +4361,7 @@ START_TEST(test_SSS_LDB_SEARCH) fail_if(group_dn == NULL, "sysdb_group_dn failed"); nonexist_dn = sysdb_group_dn(test_ctx, test_ctx->domain, - "non-existing-group"); + "non-existing-group@"TEST_DOM_NAME); fail_if(nonexist_dn == NULL, "sysdb_group_dn failed"); /* Add */ @@ -4957,7 +5053,8 @@ START_TEST (test_sysdb_search_return_ENOENT) /* Search user */ ret = sysdb_search_user_by_name(test_ctx, test_ctx->domain, - "nonexisting_user", NULL, &msg); + "nonexisting_user@"TEST_DOM_NAME, + NULL, &msg); fail_unless(ret == ENOENT, "sysdb_search_user_by_name error [%d][%s].", ret, strerror(ret)); talloc_zfree(msg); @@ -5058,7 +5155,8 @@ START_TEST (test_sysdb_search_return_ENOENT) talloc_zfree(msgs); /* General search */ - user_dn = sysdb_user_dn(test_ctx, test_ctx->domain, "nonexisting_user"); + user_dn = sysdb_user_dn(test_ctx, test_ctx->domain, + "nonexisting_user@"TEST_DOM_NAME); fail_if(user_dn == NULL, "sysdb_user_dn failed"); ret = sysdb_asq_search(test_ctx, test_ctx->domain, @@ -5078,7 +5176,8 @@ START_TEST (test_sysdb_search_return_ENOENT) talloc_zfree(user_dn); /* SSS_LDB_SEARCH */ - user_dn = sysdb_user_dn(test_ctx, test_ctx->domain, "nonexisting_user"); + user_dn = sysdb_user_dn(test_ctx, test_ctx->domain, + "nonexisting_user@"TEST_DOM_NAME); fail_if(user_dn == NULL, "sysdb_user_dn failed"); SSS_LDB_SEARCH(ret, test_ctx->sysdb->ldb, test_ctx, &res, user_dn, LDB_SCOPE_BASE, NULL, "objectClass=user"); @@ -5141,22 +5240,22 @@ START_TEST(test_sysdb_original_dn_case_insensitive) fail_if(ret != EOK, "Could not set up the test"); ret = sysdb_add_incomplete_group(test_ctx->domain, - "case_sensitive_group1", 29000, - "cn=case_sensitive_group1,cn=example,cn=com", + "case_sensitive_group1@"TEST_DOM_NAME, 29000, + "cn=case_sensitive_group1@"TEST_DOM_NAME",cn=example,cn=com", NULL, NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); ret = sysdb_add_incomplete_group(test_ctx->domain, - "case_sensitive_group2", 29001, - "cn=CASE_SENSITIVE_GROUP1,cn=EXAMPLE,cn=COM", + "case_sensitive_group2@"TEST_DOM_NAME, 29001, + "cn=CASE_SENSITIVE_GROUP1@"TEST_DOM_NAME",cn=EXAMPLE,cn=COM", NULL, NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); /* Search by originalDN should yield 2 entries */ filter = talloc_asprintf(test_ctx, "%s=%s", SYSDB_ORIG_DN, - "cn=case_sensitive_group1,cn=example,cn=com"); + "cn=case_sensitive_group1@"TEST_DOM_NAME",cn=example,cn=com"); fail_if(filter == NULL, "Cannot construct filter\n"); base_dn = sysdb_domain_dn(test_ctx, test_ctx->domain); @@ -5184,8 +5283,8 @@ START_TEST(test_sysdb_search_sid_str) fail_if(ret != EOK, "Could not set up the test"); ret = sysdb_add_incomplete_group(test_ctx->domain, - "group", 29000, - "cn=group,cn=example,cn=com", + "group@"TEST_DOM_NAME, 29000, + "cn=group@"TEST_DOM_NAME",cn=example,cn=com", "S-1-2-3-4", NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); @@ -5384,10 +5483,11 @@ START_TEST(test_sysdb_subdomain_store_user) user_attrs = sysdb_new_attrs(test_ctx); fail_unless(user_attrs != NULL, "sysdb_new_attrs failed"); - ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, "subdomuser"); + ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, + "subdomuser@test.sub"); fail_unless(ret == EOK, "sysdb_store_user failed."); - ret = sysdb_store_user(subdomain, "SubDomUser", + ret = sysdb_store_user(subdomain, "SubDomUser@test.sub", NULL, 12345, 0, "Sub Domain User", "/home/subdomuser", "/bin/bash", NULL, user_attrs, NULL, -1, 0); @@ -5397,11 +5497,11 @@ START_TEST(test_sysdb_subdomain_store_user) fail_unless(base_dn != NULL); check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, - "name=SubDomUser,cn=users,cn=test.sub,cn=sysdb"); + "name=SubDomUser@test.sub,cn=users,cn=test.sub,cn=sysdb"); fail_unless(check_dn != NULL); ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn, - LDB_SCOPE_SUBTREE, NULL, "name=SubDomUser"); + LDB_SCOPE_SUBTREE, NULL, "name=SubDomUser@test.sub"); fail_unless(ret == EOK, "ldb_search failed."); fail_unless(results->count == 1, "Unexpected number of results, " "expected [%d], got [%d]", @@ -5411,16 +5511,16 @@ START_TEST(test_sysdb_subdomain_store_user) /* Subdomains are case-insensitive. Test that the lowercased name * can be found, too */ - ret = sysdb_search_user_by_name(test_ctx, subdomain, "subdomuser", attrs, - &msg); + ret = sysdb_search_user_by_name(test_ctx, subdomain, "subdomuser@test.sub", + attrs, &msg); fail_unless(ret == EOK, "sysdb_search_user_by_name failed."); - ret = sysdb_delete_user(subdomain, "subdomuser", 0); + ret = sysdb_delete_user(subdomain, "subdomuser@test.sub", 0); fail_unless(ret == EOK, "sysdb_delete_user failed [%d][%s].", ret, strerror(ret)); ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn, - LDB_SCOPE_SUBTREE, NULL, "name=subdomuser"); + LDB_SCOPE_SUBTREE, NULL, "name=subdomuser@test.sub"); fail_unless(ret == EOK, "ldb_search failed."); fail_unless(results->count == 0, "Unexpected number of results, " "expected [%d], got [%d]", @@ -5452,17 +5552,18 @@ START_TEST(test_sysdb_subdomain_user_ops) fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", ret, strerror(ret)); - ret = sysdb_store_user(subdomain, "subdomuser", + ret = sysdb_store_user(subdomain, "subdomuser@test.sub", NULL, 12345, 0, "Sub Domain User", "/home/subdomuser", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_unless(ret == EOK, "sysdb_store_domuser failed."); check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, - "name=subdomuser,cn=users,cn=test.sub,cn=sysdb"); + "name=subdomuser@test.sub,cn=users,cn=test.sub,cn=sysdb"); fail_unless(check_dn != NULL); - ret = sysdb_search_user_by_name(test_ctx, subdomain, "subdomuser", NULL, + ret = sysdb_search_user_by_name(test_ctx, subdomain, + "subdomuser@test.sub", NULL, &msg); fail_unless(ret == EOK, "sysdb_search_user_by_name failed with [%d][%s].", ret, strerror(ret)); @@ -5475,7 +5576,7 @@ START_TEST(test_sysdb_subdomain_user_ops) fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, "Unexpedted DN returned"); - ret = sysdb_delete_user(subdomain, "subdomuser", 12345); + ret = sysdb_delete_user(subdomain, "subdomuser@test.sub", 12345); fail_unless(ret == EOK, "sysdb_delete_domuser failed with [%d][%s].", ret, strerror(ret)); @@ -5490,6 +5591,8 @@ START_TEST(test_sysdb_subdomain_group_ops) struct ldb_message *msg = NULL; struct ldb_dn *check_dn = NULL; struct sysdb_attrs *group_attrs; + char *dn; + char *subdomgroup; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); @@ -5513,15 +5616,19 @@ START_TEST(test_sysdb_subdomain_group_ops) ret = sysdb_attrs_add_string(group_attrs, SYSDB_NAME_ALIAS, "subdomgroup"); fail_unless(ret == EOK, "sysdb_attrs_add_string failed."); + subdomgroup = sss_create_internal_fqname(test_ctx, "subDomGroup", + subdomain->name); + fail_if(subdomgroup == NULL, "sss_create_internal_fqname failed"); ret = sysdb_store_group(subdomain, - "subDomGroup", 12345, group_attrs, -1, 0); + subdomgroup, 12345, group_attrs, -1, 0); fail_unless(ret == EOK, "sysdb_store_group failed."); - check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, - "name=subDomGroup,cn=groups,cn=test.sub,cn=sysdb"); + dn = talloc_asprintf(test_ctx, "name=%s,cn=groups,cn=test.sub,cn=sysdb", + subdomgroup); + check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, dn); fail_unless(check_dn != NULL); - ret = sysdb_search_group_by_name(test_ctx, subdomain, "subDomGroup", NULL, + ret = sysdb_search_group_by_name(test_ctx, subdomain, subdomgroup, NULL, &msg); fail_unless(ret == EOK, "sysdb_search_group_by_name failed with [%d][%s].", ret, strerror(ret)); @@ -5530,7 +5637,8 @@ START_TEST(test_sysdb_subdomain_group_ops) /* subdomains are case insensitive, so it should be possible to search the group with a lowercase name version, too */ - ret = sysdb_search_group_by_name(test_ctx, subdomain, "subdomgroup", NULL, + /* Fixme - lowercase this */ + ret = sysdb_search_group_by_name(test_ctx, subdomain, subdomgroup, NULL, &msg); fail_unless(ret == EOK, "case-insensitive group search failed with [%d][%s].", ret, strerror(ret)); @@ -5544,7 +5652,7 @@ START_TEST(test_sysdb_subdomain_group_ops) fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, "Unexpedted DN returned"); - ret = sysdb_delete_group(subdomain, "subDomGroup", 12345); + ret = sysdb_delete_group(subdomain, subdomgroup, 12345); fail_unless(ret == EOK, "sysdb_delete_group failed with [%d][%s].", ret, strerror(ret)); @@ -6324,7 +6432,8 @@ START_TEST(test_sysdb_mark_entry_as_expired_ldb_dn) expire = ldb_msg_find_attr_as_uint64(msgs[0], SYSDB_CACHE_EXPIRE, 0); ck_assert(expire != 1); - userdn = sysdb_user_dn(test_ctx, test_ctx->domain, "testuser"); + userdn = sysdb_user_dn(test_ctx, test_ctx->domain, + "testuser@"TEST_DOM_NAME); ck_assert(userdn != NULL); ret = sysdb_transaction_start(test_ctx->sysdb); diff --git a/src/tools/sss_groupshow.c b/src/tools/sss_groupshow.c index 41d7475ce..3743a568f 100644 --- a/src/tools/sss_groupshow.c +++ b/src/tools/sss_groupshow.c @@ -318,7 +318,7 @@ int group_show(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, bool recursive, - const char *name, + const char *internal_fqname, struct group_info **res) { struct group_info *root; @@ -330,7 +330,8 @@ int group_show(TALLOC_CTX *mem_ctx, int i; /* First, search for the root group */ - ret = sysdb_search_group_by_name(mem_ctx, domain, name, attrs, &msg); + ret = sysdb_search_group_by_name(mem_ctx, domain, internal_fqname, + attrs, &msg); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Search failed: %s (%d)\n", strerror(ret), ret); @@ -408,7 +409,7 @@ done: static int group_show_trim_memberof(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *name, + const char *name, /* internal fqname */ const char **memberofs, const char ***_direct) { @@ -478,7 +479,7 @@ int group_show_recurse(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, struct group_info *root, struct group_info *parent, - const char **group_members, + const char **group_members, /* internal fq format */ const int nmembers, struct group_info ***up_members) { diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c index 2cd6a57aa..e45bbcc6e 100644 --- a/src/tools/sss_seed.c +++ b/src/tools/sss_seed.c @@ -729,6 +729,19 @@ static int seed_cache_user(struct seed_ctx *sctx) bool in_transaction = false; int ret = EOK; errno_t sret; + char *name; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + name = sss_ioname2internal(tmp_ctx, sctx->domain, sctx->uctx->name); + if (name == NULL) { + ret = ENOMEM; + goto done; + } ret = sysdb_transaction_start(sctx->sysdb); if (ret != EOK) { @@ -777,6 +790,7 @@ done: } } + talloc_free(tmp_ctx); return ret; } diff --git a/src/util/usertools.c b/src/util/usertools.c index 81b729d5c..79b9fc77b 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -797,7 +797,7 @@ done: char *sss_ioname2internal(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - char *ioname) + const char *ioname) { char *shortname; char *domname; diff --git a/src/util/util.h b/src/util/util.h index 25935f2fd..9f9507cfc 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -323,7 +323,7 @@ int sss_parse_name_for_domains(TALLOC_CTX *memctx, char *sss_ioname2internal(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - char *ioname); + const char *ioname); char * sss_get_cased_name(TALLOC_CTX *mem_ctx, const char *orig_name, bool case_sensitive); |