diff options
| author | Ondrej Kos <okos@redhat.com> | 2013-08-21 15:17:00 +0200 |
|---|---|---|
| committer | Ondrej Kos <okos@redhat.com> | 2013-08-28 13:04:25 +0200 |
| commit | 55695c458e3c4bf59d3a72428b59da4f3696cbd2 (patch) | |
| tree | 1a6318875e0f1e4db586c2e75862ce1c961f59ca | |
| parent | ac54a88b4b510289a411f334e371282d00e1538d (diff) | |
| download | sssd-55695c458e3c4bf59d3a72428b59da4f3696cbd2.tar.gz sssd-55695c458e3c4bf59d3a72428b59da4f3696cbd2.tar.xz sssd-55695c458e3c4bf59d3a72428b59da4f3696cbd2.zip | |
DB: Add user/group lookup by SID
| -rw-r--r-- | src/db/sysdb.h | 35 | ||||
| -rw-r--r-- | src/db/sysdb_ops.c | 93 | ||||
| -rw-r--r-- | src/tests/sysdb-tests.c | 51 |
3 files changed, 156 insertions, 23 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 96679007..8f854be6 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -143,10 +143,12 @@ #define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_PWUID_FILTER "(&("SYSDB_UC")("SYSDB_UIDNUM"=%lu))" +#define SYSDB_PWSID_FILTER "(&("SYSDB_UC")("SYSDB_SID_STR"=%s))" #define SYSDB_PWENT_FILTER "("SYSDB_UC")" #define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_GRGID_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))" +#define SYSDB_GRSID_FILTER "(&("SYSDB_GC")("SYSDB_SID_STR"=%s))" #define SYSDB_GRENT_FILTER "("SYSDB_GC")" #define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))" @@ -505,7 +507,22 @@ int sysdb_search_entry(TALLOC_CTX *mem_ctx, size_t *msgs_count, struct ldb_message ***msgs); -/* Search User (by uid or name) */ +/* Search entry by SID string */ + +enum sysdb_sid_search_type { + SYSDB_SID_SEARCH_USER, + SYSDB_SID_SEARCH_GROUP, +}; + +int sysdb_search_entry_by_sid_str(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + enum sysdb_sid_search_type type, + const char *sid_str, + const char **attrs, + struct ldb_message **msg); + +/* Search User (by uid, sid or name) */ int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, @@ -520,7 +537,14 @@ int sysdb_search_user_by_uid(TALLOC_CTX *mem_ctx, const char **attrs, struct ldb_message **msg); -/* Search Group (by gid or name) */ +int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sid_str, + const char **attrs, + struct ldb_message **msg); + +/* Search Group (by gid, sid or name) */ int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, @@ -535,6 +559,13 @@ int sysdb_search_group_by_gid(TALLOC_CTX *mem_ctx, const char **attrs, struct ldb_message **msg); +int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sid_str, + const char **attrs, + struct ldb_message **msg); + /* Search Netgroup (by name) */ int sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 45f3289b..8cf4fca1 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -233,8 +233,73 @@ int sysdb_search_entry(TALLOC_CTX *mem_ctx, return EOK; } +/* =Search-Entry-by-SID-string============================================ */ -/* =Search-User-by-[UID/NAME]============================================= */ +int sysdb_search_entry_by_sid_str(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + enum sysdb_sid_search_type type, + const char *sid_str, + const char **attrs, + struct ldb_message **msg) +{ + TALLOC_CTX *tmp_ctx; + const char *def_attrs[] = { SYSDB_NAME, SYSDB_SID_STR, NULL }; + struct ldb_message **msgs = NULL; + struct ldb_dn *basedn; + size_t msgs_count = 0; + char *filter; + int ret; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } + + switch (type) { + case SYSDB_SID_SEARCH_USER: + basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, + SYSDB_TMPL_USER_BASE, domain->name); + filter = talloc_asprintf(tmp_ctx, SYSDB_PWSID_FILTER, sid_str); + break; + + case SYSDB_SID_SEARCH_GROUP: + basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, + SYSDB_TMPL_GROUP_BASE, domain->name); + filter = talloc_asprintf(tmp_ctx, SYSDB_GRSID_FILTER, sid_str); + break; + + default: + ret = EINVAL; + goto done; + break; + } + if (!basedn || !filter) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, + attrs?attrs:def_attrs, &msgs_count, &msgs); + if (ret) { + goto done; + } + + *msg = talloc_steal(mem_ctx, msgs[0]); + +done: + if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); + } + else if (ret) { + DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret))); + } + + talloc_zfree(tmp_ctx); + return ret; +} + +/* =Search-User-by-[UID/SID/NAME]============================================= */ int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, @@ -352,8 +417,20 @@ done: return ret; } +int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sid_str, + const char **attrs, + struct ldb_message **msg) +{ + + return sysdb_search_entry_by_sid_str(mem_ctx, sysdb, domain, + SYSDB_SID_SEARCH_USER, + sid_str, attrs, msg); +} -/* =Search-Group-by-[GID/NAME]============================================ */ +/* =Search-Group-by-[GID/SID/NAME]============================================ */ int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, @@ -456,6 +533,18 @@ done: return ret; } +int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sid_str, + const char **attrs, + struct ldb_message **msg) +{ + + return sysdb_search_entry_by_sid_str(mem_ctx, sysdb, domain, + SYSDB_SID_SEARCH_GROUP, + sid_str, attrs, msg); +} /* =Search-Group-by-Name============================================ */ diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index 60a20c8b..d2f6cbb2 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -4475,15 +4475,12 @@ START_TEST(test_sysdb_original_dn_case_insensitive) } END_TEST -START_TEST(test_sysdb_group_sid_str) +START_TEST(test_sysdb_search_sid_str) { errno_t ret; struct sysdb_test_ctx *test_ctx; - const char *filter; - struct ldb_dn *base_dn; - const char *no_attrs[] = { NULL }; - struct ldb_message **msgs; - size_t num_msgs; + struct ldb_message *msg; + struct sysdb_attrs *attrs = NULL; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -4496,19 +4493,35 @@ START_TEST(test_sysdb_group_sid_str) fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); - filter = talloc_asprintf(test_ctx, "%s=%s", SYSDB_SID_STR, "S-1-2-3-4"); - fail_if(filter == NULL, "Cannot construct filter\n"); + ret = sysdb_search_group_by_sid_str(test_ctx, test_ctx->sysdb, + test_ctx->domain, "S-1-2-3-4", + NULL, &msg); + fail_unless(ret == EOK, "sysdb_search_group_by_sid_str failed with [%d][%s].", + ret, strerror(ret)); - base_dn = sysdb_domain_dn(test_ctx->sysdb, test_ctx, test_ctx->domain); - fail_if(base_dn == NULL, "Cannot construct basedn\n"); + talloc_free(msg); + msg = NULL; - ret = sysdb_search_entry(test_ctx, test_ctx->sysdb, - base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs, - &num_msgs, &msgs); - fail_unless(ret == EOK, "cache search error [%d][%s]", - ret, strerror(ret)); - fail_unless(num_msgs == 1, "Did not find the expected number of entries using " - "SID string search"); + attrs = sysdb_new_attrs(test_ctx); + fail_unless(attrs != NULL, "sysdb_new_attrs failed"); + + ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, "S-1-2-3-4-5"); + fail_unless(ret == EOK, "sysdb_attrs_add_string failed with [%d][%s].", + ret, strerror(ret)); + + ret = sysdb_add_user(test_ctx->sysdb, test_ctx->domain, "SIDuser", + 12345, 0, "SID user", "/home/siduser", "/bin/bash", + NULL, attrs, 0, 0); + fail_unless(ret == EOK, "sysdb_add_user failed with [%d][%s].", + ret, strerror(ret)); + + ret = sysdb_search_user_by_sid_str(test_ctx, test_ctx->sysdb, + test_ctx->domain, "S-1-2-3-4-5", + NULL, &msg); + fail_unless(ret == EOK, "sysdb_search_user_by_sid_str failed with [%d][%s].", + ret, strerror(ret)); + + talloc_free(test_ctx); } END_TEST @@ -5101,8 +5114,8 @@ Suite *create_sysdb_suite(void) /* Test originalDN searches */ tcase_add_test(tc_sysdb, test_sysdb_original_dn_case_insensitive); - /* Test SID string group searches */ - tcase_add_test(tc_sysdb, test_sysdb_group_sid_str); + /* Test SID string searches */ + tcase_add_test(tc_sysdb, test_sysdb_search_sid_str); /* Test user and group renames */ tcase_add_test(tc_sysdb, test_group_rename); |