From cbbbde7a66e176871aae37ed323e53ac41859e8d Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 13 Dec 2013 11:44:59 +0100 Subject: Use lower-case name for case-insensitive searches The patch makes sure that a completely lower-cased version of a fully qualified name is used for case insensitive searches. Currently there are code paths where the domain name was used as configured and was not lower-cased. To make sure this patch does not break with old entries in the cache or case sensitive domains a third template was added to the related filters templates which is either filled with a completely lower-cased version or with the old version. The other two template values are unchanged. --- src/db/sysdb.h | 10 +++++----- src/db/sysdb_ops.c | 8 +++++--- src/db/sysdb_search.c | 30 ++++++++++++++++++++++-------- 3 files changed, 32 insertions(+), 16 deletions(-) (limited to 'src/db') diff --git a/src/db/sysdb.h b/src/db/sysdb.h index f3358d642..f1ed8158c 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -144,23 +144,23 @@ #define SYSDB_NC "objectclass="SYSDB_NETGROUP_CLASS #define SYSDB_MPGC "|("SYSDB_UC")("SYSDB_GC")" -#define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" +#define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_PWUID_FILTER "(&("SYSDB_UC")("SYSDB_UIDNUM"=%lu))" #define SYSDB_PWSID_FILTER "(&("SYSDB_UC")("SYSDB_SID_STR"=%s))" #define SYSDB_PWENT_FILTER "("SYSDB_UC")" -#define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" +#define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_GRGID_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))" #define SYSDB_GRSID_FILTER "(&("SYSDB_GC")("SYSDB_SID_STR"=%s))" #define SYSDB_GRENT_FILTER "("SYSDB_GC")" -#define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" +#define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))" #define SYSDB_GRENT_MPG_FILTER "("SYSDB_MPGC")" #define SYSDB_INITGR_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=*))" -#define SYSDB_NETGR_FILTER "(&("SYSDB_NC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" -#define SYSDB_NETGR_TRIPLES_FILTER "(|("SYSDB_NAME"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_MEMBEROF"=%s))" +#define SYSDB_NETGR_FILTER "(&("SYSDB_NC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" +#define SYSDB_NETGR_TRIPLES_FILTER "(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_MEMBEROF"=%s))" #define SYSDB_SID_FILTER "(&(|("SYSDB_UC")("SYSDB_GC"))("SYSDB_SID_STR"=%s))" diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 890bf1eb3..a5dfd443c 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -305,6 +305,7 @@ int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx, struct ldb_dn *basedn; size_t msgs_count = 0; char *sanitized_name; + char *lc_sanitized_name; char *filter; int ret; @@ -320,13 +321,14 @@ int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx, goto done; } - ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); + ret = sss_filter_sanitize_for_dom(tmp_ctx, name, domain, &sanitized_name, + &lc_sanitized_name); if (ret != EOK) { goto done; } - filter = talloc_asprintf(tmp_ctx, SYSDB_PWNAM_FILTER, sanitized_name, - sanitized_name); + filter = talloc_asprintf(tmp_ctx, SYSDB_PWNAM_FILTER, lc_sanitized_name, + sanitized_name, sanitized_name); if (!filter) { ret = ENOMEM; goto done; diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index d15fc73ce..308710a2c 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -38,6 +38,7 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, struct ldb_dn *base_dn; struct ldb_result *res; char *sanitized_name; + char *lc_sanitized_name; const char *src_name; int ret; @@ -61,13 +62,15 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, goto done; } - ret = sss_filter_sanitize(tmp_ctx, src_name, &sanitized_name); + ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain, + &sanitized_name, &lc_sanitized_name); if (ret != EOK) { goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, SYSDB_PWNAM_FILTER, + lc_sanitized_name, sanitized_name, sanitized_name); if (ret) { ret = sysdb_error_to_errno(ret); @@ -214,6 +217,7 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, struct ldb_dn *base_dn; struct ldb_result *res; const char *src_name; + char *lc_sanitized_name; int ret; tmp_ctx = talloc_new(NULL); @@ -243,14 +247,15 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, goto done; } - ret = sss_filter_sanitize(tmp_ctx, src_name, &sanitized_name); + ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain, + &sanitized_name, &lc_sanitized_name); if (ret != EOK) { goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, fmt_filter, - sanitized_name, sanitized_name); + lc_sanitized_name, sanitized_name, sanitized_name); if (ret) { ret = sysdb_error_to_errno(ret); goto done; @@ -481,6 +486,7 @@ int sysdb_get_user_attr(TALLOC_CTX *mem_ctx, struct ldb_dn *base_dn; struct ldb_result *res; char *sanitized_name; + char *lc_sanitized_name; int ret; tmp_ctx = talloc_new(NULL); @@ -495,14 +501,15 @@ int sysdb_get_user_attr(TALLOC_CTX *mem_ctx, goto done; } - ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); + ret = sss_filter_sanitize_for_dom(tmp_ctx, name, domain, &sanitized_name, + &lc_sanitized_name); if (ret != EOK) { goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attributes, - SYSDB_PWNAM_FILTER, sanitized_name, + SYSDB_PWNAM_FILTER, lc_sanitized_name, sanitized_name, sanitized_name); if (ret) { ret = sysdb_error_to_errno(ret); @@ -785,6 +792,7 @@ errno_t sysdb_getnetgr(TALLOC_CTX *mem_ctx, struct ldb_dn *base_dn; struct ldb_result *result; char *sanitized_netgroup; + char *lc_sanitized_netgroup; char *netgroup_dn; int lret; errno_t ret; @@ -802,7 +810,9 @@ errno_t sysdb_getnetgr(TALLOC_CTX *mem_ctx, goto done; } - ret = sss_filter_sanitize(tmp_ctx, netgroup, &sanitized_netgroup); + ret = sss_filter_sanitize_for_dom(tmp_ctx, netgroup, domain, + &sanitized_netgroup, + &lc_sanitized_netgroup); if (ret != EOK) { goto done; } @@ -816,7 +826,7 @@ errno_t sysdb_getnetgr(TALLOC_CTX *mem_ctx, lret = ldb_search(sysdb->ldb, tmp_ctx, &result, base_dn, LDB_SCOPE_SUBTREE, attrs, - SYSDB_NETGR_TRIPLES_FILTER, + SYSDB_NETGR_TRIPLES_FILTER, lc_sanitized_netgroup, sanitized_netgroup, sanitized_netgroup, netgroup_dn); ret = sysdb_error_to_errno(lret); @@ -843,6 +853,7 @@ int sysdb_get_netgroup_attr(TALLOC_CTX *mem_ctx, struct ldb_dn *base_dn; struct ldb_result *result; char *sanitized_netgroup; + char *lc_sanitized_netgroup; int ret; tmp_ctx = talloc_new(NULL); @@ -857,7 +868,9 @@ int sysdb_get_netgroup_attr(TALLOC_CTX *mem_ctx, goto done; } - ret = sss_filter_sanitize(tmp_ctx, netgrname, &sanitized_netgroup); + ret = sss_filter_sanitize_for_dom(tmp_ctx, netgrname, domain, + &sanitized_netgroup, + &lc_sanitized_netgroup); if (ret != EOK) { goto done; } @@ -865,6 +878,7 @@ int sysdb_get_netgroup_attr(TALLOC_CTX *mem_ctx, ret = ldb_search(sysdb->ldb, tmp_ctx, &result, base_dn, LDB_SCOPE_SUBTREE, attributes, SYSDB_NETGR_FILTER, + lc_sanitized_netgroup, sanitized_netgroup, sanitized_netgroup); if (ret) { -- cgit