From b3b42c49656e192787a983aaa8b9ec744ba4cb9d Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 12 Dec 2011 16:35:22 +0100 Subject: Use the case sensitivity flag in responders --- src/responder/common/negcache.c | 135 +++++++++++++++++++++++++++----- src/responder/common/negcache.h | 10 +-- src/responder/common/responder_common.c | 1 - 3 files changed, 122 insertions(+), 24 deletions(-) (limited to 'src/responder/common') diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 3926574a1..0b25baf56 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -21,6 +21,7 @@ #include "util/util.h" #include "confdb/confdb.h" +#include "responder/common/responder.h" #include #include #include "tdb.h" @@ -158,8 +159,8 @@ done: return ret; } -int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, - const char *domain, const char *name) +static int sss_ncache_check_user_int(struct sss_nc_ctx *ctx, int ttl, + const char *domain, const char *name) { char *str; int ret; @@ -175,8 +176,8 @@ int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, return ret; } -int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl, - const char *domain, const char *name) +static int sss_ncache_check_group_int(struct sss_nc_ctx *ctx, int ttl, + const char *domain, const char *name) { char *str; int ret; @@ -192,8 +193,8 @@ int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl, return ret; } -int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl, - const char *domain, const char *name) +static int sss_ncache_check_netgr_int(struct sss_nc_ctx *ctx, int ttl, + const char *domain, const char *name) { char *str; int ret; @@ -209,6 +210,49 @@ int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl, return ret; } +typedef int (*ncache_check_byname_fn_t)(struct sss_nc_ctx *, int, + const char *, const char *); + +static int sss_cache_check_ent(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, const char *name, + ncache_check_byname_fn_t checker) +{ + char *lower; + errno_t ret; + + if (dom->case_sensitive == false) { + lower = sss_tc_utf8_str_tolower(ctx, name); + if (!lower) return ENOMEM; + ret = checker(ctx, ttl, dom->name, lower); + talloc_free(lower); + } else { + ret = checker(ctx, ttl, dom->name, name); + } + + return ret; +} + +int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, const char *name) +{ + return sss_cache_check_ent(ctx, ttl, dom, name, + sss_ncache_check_user_int); +} + +int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, const char *name) +{ + return sss_cache_check_ent(ctx, ttl, dom, name, + sss_ncache_check_group_int); +} + +int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl, + struct sss_domain_info *dom, const char *name) +{ + return sss_cache_check_ent(ctx, ttl, dom, name, + sss_ncache_check_netgr_int); +} + int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid) { char *str; @@ -237,8 +281,8 @@ int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid) return ret; } -int sss_ncache_set_user(struct sss_nc_ctx *ctx, bool permanent, - const char *domain, const char *name) +static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent, + const char *domain, const char *name) { char *str; int ret; @@ -254,8 +298,8 @@ int sss_ncache_set_user(struct sss_nc_ctx *ctx, bool permanent, return ret; } -int sss_ncache_set_group(struct sss_nc_ctx *ctx, bool permanent, - const char *domain, const char *name) +static int sss_ncache_set_group_int(struct sss_nc_ctx *ctx, bool permanent, + const char *domain, const char *name) { char *str; int ret; @@ -271,8 +315,8 @@ int sss_ncache_set_group(struct sss_nc_ctx *ctx, bool permanent, return ret; } -int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, - const char *domain, const char *name) +static int sss_ncache_set_netgr_int(struct sss_nc_ctx *ctx, bool permanent, + const char *domain, const char *name) { char *str; int ret; @@ -288,6 +332,47 @@ int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, return ret; } +typedef int (*ncache_set_byname_fn_t)(struct sss_nc_ctx *, bool, + const char *, const char *); + +static int sss_ncache_set_ent(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, const char *name, + ncache_set_byname_fn_t setter) +{ + char *lower; + errno_t ret; + + if (dom->case_sensitive == false) { + lower = sss_tc_utf8_str_tolower(ctx, name); + if (!lower) return ENOMEM; + ret = setter(ctx, permanent, dom->name, lower); + talloc_free(lower); + } else { + ret = setter(ctx, permanent, dom->name, name); + } + + return ret; +} + + +int sss_ncache_set_user(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, const char *name) +{ + return sss_ncache_set_ent(ctx, permanent, dom, name, sss_ncache_set_user_int); +} + +int sss_ncache_set_group(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, const char *name) +{ + return sss_ncache_set_ent(ctx, permanent, dom, name, sss_ncache_set_group_int); +} + +int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, + struct sss_domain_info *dom, const char *name) +{ + return sss_ncache_set_ent(ctx, permanent, dom, name, sss_ncache_set_netgr_int); +} + int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid) { char *str; @@ -409,7 +494,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, continue; } - ret = sss_ncache_set_user(ncache, true, dom->name, name); + ret = sss_ncache_set_user(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent user filter for [%s]" " (%d [%s])\n", filter_list[i], @@ -447,7 +532,14 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, continue; } if (domainname) { - ret = sss_ncache_set_user(ncache, true, domainname, name); + dom = responder_get_domain(domain_list, domainname); + if (!dom) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Invalid domain name [%s]\n", domainname)); + continue; + } + + ret = sss_ncache_set_user(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent user filter for [%s]" " (%d [%s])\n", filter_list[i], @@ -456,7 +548,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, } } else { for (dom = domain_list; dom; dom = dom->next) { - ret = sss_ncache_set_user(ncache, true, dom->name, name); + ret = sss_ncache_set_user(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent user filter for" " [%s:%s] (%d [%s])\n", @@ -499,7 +591,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, continue; } - ret = sss_ncache_set_group(ncache, true, dom->name, name); + ret = sss_ncache_set_group(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent group filter for [%s]" " (%d [%s])\n", filter_list[i], @@ -537,7 +629,14 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, continue; } if (domainname) { - ret = sss_ncache_set_group(ncache, true, domainname, name); + dom = responder_get_domain(domain_list, domainname); + if (!dom) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Invalid domain name [%s]\n", domainname)); + continue; + } + + ret = sss_ncache_set_group(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent group filter for" " [%s] (%d [%s])\n", filter_list[i], @@ -546,7 +645,7 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, } } else { for (dom = domain_list; dom; dom = dom->next) { - ret = sss_ncache_set_group(ncache, true, dom->name, name); + ret = sss_ncache_set_group(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent group filter for" " [%s:%s] (%d [%s])\n", diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h index fc857fce1..72b99c969 100644 --- a/src/responder/common/negcache.h +++ b/src/responder/common/negcache.h @@ -29,9 +29,9 @@ int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx); /* check if the user is expired according to the passed in time to live */ int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, - const char *domain, const char *name); + struct sss_domain_info *dom, const char *name); int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl, - const char *domain, const char *name); + struct sss_domain_info *dom, const char *name); int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl, const char *domain, const char *name); int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid); @@ -42,11 +42,11 @@ int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid); * and the negative cache never expires (used to permanently filter out * users and groups) */ int sss_ncache_set_user(struct sss_nc_ctx *ctx, bool permanent, - const char *domain, const char *name); + struct sss_domain_info *dom, const char *name); int sss_ncache_set_group(struct sss_nc_ctx *ctx, bool permanent, - const char *domain, const char *name); + struct sss_domain_info *dom, const char *name); int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, - const char *domain, const char *name); + struct sss_domain_info *dom, const char *name); int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid); int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, gid_t gid); diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 99b1a23aa..a48ac556a 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -33,7 +33,6 @@ #include #include #include "util/util.h" -#include "util/sss_utf8.h" #include "db/sysdb.h" #include "confdb/confdb.h" #include "dbus/dbus.h" -- cgit