From 5eda23c28c582b43b2a0a165b1750f3875c0fa84 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 23 Sep 2014 16:27:23 +0200
Subject: UTIL: Add a function to convert id_t from a number or a name

We need a custom function that would convert a numeric or string input
into uid_t. The function will be used to drop privileges in servers and
also in the PAC and IFP responders.

Includes a unit test to test all code that changed as well as a fix for
a misnamed attribute in the csv_to_uid_list function synopsis.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
 src/responder/common/responder.h        |  2 +-
 src/responder/common/responder_common.c | 17 ++++++-----------
 2 files changed, 7 insertions(+), 12 deletions(-)

(limited to 'src/responder/common')

diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 3674d13f2..97552ec47 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -308,7 +308,7 @@ errno_t schedule_get_domains_task(TALLOC_CTX *mem_ctx,
                                   struct tevent_context *ev,
                                   struct resp_ctx *rctx);
 
-errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *cvs_string,
+errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *csv_string,
                                 bool allow_sss_loop,
                                 size_t *_uid_count, uid_t **_uids);
 
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index b7331ac8a..0ec2372e8 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -159,7 +159,7 @@ errno_t check_allowed_uids(uid_t uid, size_t allowed_uids_count,
     return EACCES;
 }
 
-errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *cvs_string,
+errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *csv_string,
                                 bool allow_sss_loop,
                                 size_t *_uid_count, uid_t **_uids)
 {
@@ -169,9 +169,8 @@ errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *cvs_string,
     int list_size;
     uid_t *uids = NULL;
     char *endptr;
-    struct passwd *pwd;
 
-    ret = split_on_separator(mem_ctx, cvs_string, ',', true, false,
+    ret = split_on_separator(mem_ctx, csv_string, ',', true, false,
                              &list, &list_size);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, "split_on_separator failed [%d][%s].\n",
@@ -211,17 +210,13 @@ errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *cvs_string,
                 goto done;
             }
 
-            errno = 0;
-            pwd = getpwnam(list[c]);
-            if (pwd == NULL) {
+            ret = sss_user_by_name_or_uid(list[c], &uids[c], NULL);
+            if (ret != EOK) {
                 DEBUG(SSSDBG_OP_FAILURE, "List item [%s] is neither a valid "
-                                          "UID nor a user name which cloud be "
-                                          "resolved by getpwnam().\n", list[c]);
-                ret = EINVAL;
+                                         "UID nor a user name which could be "
+                                         "resolved by getpwnam().\n", list[c]);
                 goto done;
             }
-
-            uids[c] = pwd->pw_uid;
         }
     }
 
-- 
cgit