From abc398cba9d11d3da047636992ec14c2d4535161 Mon Sep 17 00:00:00 2001 From: Ondrej Kos Date: Wed, 21 Aug 2013 15:17:00 +0200 Subject: DB: Add user/group lookup by SID --- src/db/sysdb.h | 20 ++++++++++-- src/db/sysdb_ops.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++-- src/tests/sysdb-tests.c | 51 ++++++++++++++++++----------- 3 files changed, 134 insertions(+), 23 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index c352f898..b9594664 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -144,10 +144,12 @@ #define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_PWUID_FILTER "(&("SYSDB_UC")("SYSDB_UIDNUM"=%lu))" +#define SYSDB_PWSID_FILTER "(&("SYSDB_UC")("SYSDB_SID_STR"=%s))" #define SYSDB_PWENT_FILTER "("SYSDB_UC")" #define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_GRGID_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))" +#define SYSDB_GRSID_FILTER "(&("SYSDB_GC")("SYSDB_SID_STR"=%s))" #define SYSDB_GRENT_FILTER "("SYSDB_GC")" #define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))" @@ -506,7 +508,7 @@ int sysdb_search_entry(TALLOC_CTX *mem_ctx, size_t *msgs_count, struct ldb_message ***msgs); -/* Search User (by uid or name) */ +/* Search User (by uid, sid or name) */ int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, @@ -521,7 +523,14 @@ int sysdb_search_user_by_uid(TALLOC_CTX *mem_ctx, const char **attrs, struct ldb_message **msg); -/* Search Group (by gid or name) */ +int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sid_str, + const char **attrs, + struct ldb_message **msg); + +/* Search Group (by gid, sid or name) */ int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, @@ -536,6 +545,13 @@ int sysdb_search_group_by_gid(TALLOC_CTX *mem_ctx, const char **attrs, struct ldb_message **msg); +int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sid_str, + const char **attrs, + struct ldb_message **msg); + /* Search Netgroup (by name) */ int sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 75d86b58..a0730226 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -233,8 +233,64 @@ int sysdb_search_entry(TALLOC_CTX *mem_ctx, return EOK; } +/* =Search-Entry-by-SID-string============================================ */ -/* =Search-User-by-[UID/NAME]============================================= */ +int sysdb_search_entry_by_sid_str(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *search_base, + const char *filter_str, + const char *sid_str, + const char **attrs, + struct ldb_message **msg) +{ + TALLOC_CTX *tmp_ctx; + const char *def_attrs[] = { SYSDB_NAME, SYSDB_SID_STR, NULL }; + struct ldb_message **msgs = NULL; + struct ldb_dn *basedn; + size_t msgs_count = 0; + char *filter; + int ret; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } + + basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, + search_base, domain->name); + if (!basedn) { + ret = ENOMEM; + goto done; + } + + filter = talloc_asprintf(tmp_ctx, filter_str, sid_str); + if (!filter) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, + attrs?attrs:def_attrs, &msgs_count, &msgs); + if (ret) { + goto done; + } + + *msg = talloc_steal(mem_ctx, msgs[0]); + +done: + if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); + } + else if (ret) { + DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); + } + + talloc_zfree(tmp_ctx); + return ret; +} + +/* =Search-User-by-[UID/SID/NAME]============================================= */ int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, @@ -352,8 +408,21 @@ done: return ret; } +int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sid_str, + const char **attrs, + struct ldb_message **msg) +{ + + return sysdb_search_entry_by_sid_str(mem_ctx, sysdb, domain, + SYSDB_TMPL_USER_BASE, + SYSDB_PWSID_FILTER, + sid_str, attrs, msg); +} -/* =Search-Group-by-[GID/NAME]============================================ */ +/* =Search-Group-by-[GID/SID/NAME]============================================ */ int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, @@ -456,6 +525,19 @@ done: return ret; } +int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sid_str, + const char **attrs, + struct ldb_message **msg) +{ + + return sysdb_search_entry_by_sid_str(mem_ctx, sysdb, domain, + SYSDB_TMPL_GROUP_BASE, + SYSDB_GRSID_FILTER, + sid_str, attrs, msg); +} /* =Search-Group-by-Name============================================ */ diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index 6f95d248..d0aff2d7 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -4475,15 +4475,12 @@ START_TEST(test_sysdb_original_dn_case_insensitive) } END_TEST -START_TEST(test_sysdb_group_sid_str) +START_TEST(test_sysdb_search_sid_str) { errno_t ret; struct sysdb_test_ctx *test_ctx; - const char *filter; - struct ldb_dn *base_dn; - const char *no_attrs[] = { NULL }; - struct ldb_message **msgs; - size_t num_msgs; + struct ldb_message *msg; + struct sysdb_attrs *attrs = NULL; /* Setup */ ret = setup_sysdb_tests(&test_ctx); @@ -4496,19 +4493,35 @@ START_TEST(test_sysdb_group_sid_str) fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); - filter = talloc_asprintf(test_ctx, "%s=%s", SYSDB_SID_STR, "S-1-2-3-4"); - fail_if(filter == NULL, "Cannot construct filter\n"); + ret = sysdb_search_group_by_sid_str(test_ctx, test_ctx->sysdb, + test_ctx->domain, "S-1-2-3-4", + NULL, &msg); + fail_unless(ret == EOK, "sysdb_search_group_by_sid_str failed with [%d][%s].", + ret, strerror(ret)); - base_dn = sysdb_domain_dn(test_ctx->sysdb, test_ctx, test_ctx->domain); - fail_if(base_dn == NULL, "Cannot construct basedn\n"); + talloc_free(msg); + msg = NULL; - ret = sysdb_search_entry(test_ctx, test_ctx->sysdb, - base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs, - &num_msgs, &msgs); - fail_unless(ret == EOK, "cache search error [%d][%s]", - ret, strerror(ret)); - fail_unless(num_msgs == 1, "Did not find the expected number of entries using " - "SID string search"); + attrs = sysdb_new_attrs(test_ctx); + fail_unless(attrs != NULL, "sysdb_new_attrs failed"); + + ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, "S-1-2-3-4-5"); + fail_unless(ret == EOK, "sysdb_attrs_add_string failed with [%d][%s].", + ret, strerror(ret)); + + ret = sysdb_add_user(test_ctx->sysdb, test_ctx->domain, "SIDuser", + 12345, 0, "SID user", "/home/siduser", "/bin/bash", + NULL, attrs, 0, 0); + fail_unless(ret == EOK, "sysdb_add_user failed with [%d][%s].", + ret, strerror(ret)); + + ret = sysdb_search_user_by_sid_str(test_ctx, test_ctx->sysdb, + test_ctx->domain, "S-1-2-3-4-5", + NULL, &msg); + fail_unless(ret == EOK, "sysdb_search_user_by_sid_str failed with [%d][%s].", + ret, strerror(ret)); + + talloc_free(test_ctx); } END_TEST @@ -5103,8 +5116,8 @@ Suite *create_sysdb_suite(void) /* Test originalDN searches */ tcase_add_test(tc_sysdb, test_sysdb_original_dn_case_insensitive); - /* Test SID string group searches */ - tcase_add_test(tc_sysdb, test_sysdb_group_sid_str); + /* Test SID string searches */ + tcase_add_test(tc_sysdb, test_sysdb_search_sid_str); /* Test user and group renames */ tcase_add_test(tc_sysdb, test_group_rename); -- cgit