summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/responder/common/negcache.c53
-rw-r--r--src/responder/common/negcache_files.c18
-rw-r--r--src/tests/cmocka/test_negcache.c84
-rw-r--r--src/tests/cwrap/test_negcache.c120
4 files changed, 216 insertions, 59 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index 025455238..dfeb0d483 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -679,6 +679,11 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
char *conf_path = NULL;
TALLOC_CTX *tmpctx = talloc_new(NULL);
int i;
+ char *fqname = NULL;
+
+ if (tmpctx == NULL) {
+ return ENOMEM;
+ }
/* Populate domain-specific negative cache entries */
for (dom = domain_list; dom; dom = get_next_domain(dom, 0)) {
@@ -721,7 +726,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
continue;
}
- ret = sss_ncache_set_user(ncache, true, dom, name);
+ fqname = sss_create_internal_fqname(tmpctx, name, dom->name);
+ if (fqname == NULL) {
+ continue;
+ }
+
+ ret = sss_ncache_set_user(ncache, true, dom, fqname);
+ talloc_zfree(fqname);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to store permanent user filter for [%s]"
@@ -773,7 +784,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
continue;
}
- ret = sss_ncache_set_user(ncache, true, dom, name);
+ fqname = sss_create_internal_fqname(tmpctx, name, dom->name);
+ if (fqname == NULL) {
+ continue;
+ }
+
+ ret = sss_ncache_set_user(ncache, true, dom, fqname);
+ talloc_zfree(fqname);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to store permanent user filter for [%s]"
@@ -783,7 +800,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
}
} else {
for (dom = domain_list; dom; dom = get_next_domain(dom, 0)) {
- ret = sss_ncache_set_user(ncache, true, dom, name);
+ fqname = sss_create_internal_fqname(tmpctx, name, dom->name);
+ if (fqname == NULL) {
+ continue;
+ }
+
+ ret = sss_ncache_set_user(ncache, true, dom, fqname);
+ talloc_zfree(fqname);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to store permanent user filter for"
@@ -829,7 +852,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
continue;
}
- ret = sss_ncache_set_group(ncache, true, dom, name);
+ fqname = sss_create_internal_fqname(tmpctx, name, dom->name);
+ if (fqname == NULL) {
+ continue;
+ }
+
+ ret = sss_ncache_set_group(ncache, true, dom, fqname);
+ talloc_zfree(fqname);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to store permanent group filter for [%s]"
@@ -881,7 +910,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
continue;
}
- ret = sss_ncache_set_group(ncache, true, dom, name);
+ fqname = sss_create_internal_fqname(tmpctx, name, dom->name);
+ if (fqname == NULL) {
+ continue;
+ }
+
+ ret = sss_ncache_set_group(ncache, true, dom, fqname);
+ talloc_zfree(fqname);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to store permanent group filter for"
@@ -891,7 +926,13 @@ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache,
}
} else {
for (dom = domain_list; dom; dom = get_next_domain(dom, 0)) {
- ret = sss_ncache_set_group(ncache, true, dom, name);
+ fqname = sss_create_internal_fqname(tmpctx, name, dom->name);
+ if (fqname == NULL) {
+ continue;
+ }
+
+ ret = sss_ncache_set_group(ncache, true, dom, fqname);
+ talloc_zfree(fqname);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to store permanent group filter for"
diff --git a/src/responder/common/negcache_files.c b/src/responder/common/negcache_files.c
index 1b9a4be43..4256186d9 100644
--- a/src/responder/common/negcache_files.c
+++ b/src/responder/common/negcache_files.c
@@ -34,8 +34,15 @@ bool is_user_local_by_name(const char *name)
char buffer[BUFFER_SIZE];
bool is_local = false;
int ret;
+ char *shortname = NULL;
- ret = getpwnam_r(name, &pwd, buffer, BUFFER_SIZE, &pwd_result);
+ ret = sss_parse_internal_fqname(NULL, name, &shortname, NULL);
+ if (ret != EOK) {
+ return false;
+ }
+
+ ret = getpwnam_r(shortname, &pwd, buffer, BUFFER_SIZE, &pwd_result);
+ talloc_free(shortname);
if (ret == EOK && pwd_result != NULL) {
DEBUG(SSSDBG_TRACE_FUNC, "User %s is a local user\n", name);
is_local = true;
@@ -69,8 +76,15 @@ bool is_group_local_by_name(const char *name)
char buffer[BUFFER_SIZE];
bool is_local = false;
int ret;
+ char *shortname = NULL;
+
+ ret = sss_parse_internal_fqname(NULL, name, &shortname, NULL);
+ if (ret != EOK) {
+ return false;
+ }
- ret = getgrnam_r(name, &grp, buffer, BUFFER_SIZE, &grp_result);
+ ret = getgrnam_r(shortname, &grp, buffer, BUFFER_SIZE, &grp_result);
+ talloc_free(shortname);
if (ret == EOK && grp_result != NULL) {
DEBUG(SSSDBG_TRACE_FUNC, "Group %s is a local group\n", name);
is_local = true;
diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
index 322541769..2e3575771 100644
--- a/src/tests/cmocka/test_negcache.c
+++ b/src/tests/cmocka/test_negcache.c
@@ -305,7 +305,7 @@ static void test_sss_ncache_user(void **state)
{
int ret;
bool permanent;
- const char *name = NAME;
+ char *name;
struct test_state *ts;
struct sss_domain_info *dom;
@@ -313,6 +313,9 @@ static void test_sss_ncache_user(void **state)
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
+ name = sss_create_internal_fqname(ts, NAME, dom->name);
+ assert_non_null(name);
+
/* test when domain name is not present in database */
dom->case_sensitive = false;
ret = sss_ncache_check_user(ts->ctx, dom, name);
@@ -336,6 +339,8 @@ static void test_sss_ncache_user(void **state)
ret = sss_ncache_check_user(ts->ctx, dom, name);
assert_int_equal(ret, EEXIST);
+
+ talloc_free(name);
}
/* @test_sss_ncache_group : test following functions
@@ -346,7 +351,7 @@ static void test_sss_ncache_group(void **state)
{
int ret;
bool permanent;
- const char *name = NAME;
+ char *name;
struct test_state *ts;
struct sss_domain_info *dom;
@@ -354,6 +359,9 @@ static void test_sss_ncache_group(void **state)
dom = talloc(ts, struct sss_domain_info);
dom->name = discard_const_p(char, TEST_DOM_NAME);
+ name = sss_create_internal_fqname(ts, NAME, dom->name);
+ assert_non_null(name);
+
/* test when domain name is not present in database */
dom->case_sensitive = false;
ret = sss_ncache_check_group(ts->ctx, dom, name);
@@ -377,6 +385,8 @@ static void test_sss_ncache_group(void **state)
ret = sss_ncache_check_group(ts->ctx, dom, name);
assert_int_equal(ret, EEXIST);
+
+ talloc_free(name);
}
/* @test_sss_ncache_netgr : test following functions
@@ -529,6 +539,32 @@ static void test_sss_ncache_reset_permanent(void **state)
assert_int_equal(ret, ENOENT);
}
+static int check_user_in_ncache(struct sss_nc_ctx *ctx,
+ struct sss_domain_info *dom,
+ const char *name)
+{
+ char *fqdn;
+ int ret;
+
+ fqdn = sss_create_internal_fqname(ctx, name, dom->name);
+ ret = sss_ncache_check_user(ctx, dom, fqdn);
+ talloc_free(fqdn);
+ return ret;
+}
+
+static int check_group_in_ncache(struct sss_nc_ctx *ctx,
+ struct sss_domain_info *dom,
+ const char *name)
+{
+ char *fqdn;
+ int ret;
+
+ fqdn = sss_create_internal_fqname(ctx, name, dom->name);
+ ret = sss_ncache_check_group(ctx, dom, fqdn);
+ talloc_free(fqdn);
+ return ret;
+}
+
static void test_sss_ncache_prepopulate(void **state)
{
int ret;
@@ -572,28 +608,28 @@ static void test_sss_ncache_prepopulate(void **state)
sleep(SHORTSPAN);
- ret = sss_ncache_check_user(ncache, dom, "testuser1");
+ ret = check_user_in_ncache(ncache, dom, "testuser1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, dom, "testgroup1");
+ ret = check_group_in_ncache(ncache, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, dom, "testuser2");
+ ret = check_user_in_ncache(ncache, dom, "testuser2");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, dom, "testgroup2");
+ ret = check_group_in_ncache(ncache, dom, "testgroup2");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, dom, "testuser3");
+ ret = check_user_in_ncache(ncache, dom, "testuser3");
assert_int_equal(ret, ENOENT);
- ret = sss_ncache_check_group(ncache, dom, "testgroup3");
+ ret = check_group_in_ncache(ncache, dom, "testgroup3");
assert_int_equal(ret, ENOENT);
- ret = sss_ncache_check_user(ncache, dom, "testuser3@somedomain");
+ ret = check_user_in_ncache(ncache, dom, "testuser3@somedomain");
assert_int_equal(ret, ENOENT);
- ret = sss_ncache_check_group(ncache, dom, "testgroup3@somedomain");
+ ret = check_group_in_ncache(ncache, dom, "testgroup3@somedomain");
assert_int_equal(ret, ENOENT);
}
@@ -639,22 +675,22 @@ static void test_sss_ncache_default_domain_suffix(void **state)
ret = sss_ncache_prepopulate(ncache, tc->confdb, ts->rctx);
assert_int_equal(ret, EOK);
- ret = sss_ncache_check_user(ncache, dom, "testuser1");
+ ret = check_user_in_ncache(ncache, dom, "testuser1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, dom, "testgroup1");
+ ret = check_group_in_ncache(ncache, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, dom, "testuser2");
+ ret = check_user_in_ncache(ncache, dom, "testuser2");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, dom, "testgroup2");
+ ret = check_group_in_ncache(ncache, dom, "testgroup2");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, dom, "testuser3");
+ ret = check_user_in_ncache(ncache, dom, "testuser3");
assert_int_equal(ret, ENOENT);
- ret = sss_ncache_check_group(ncache, dom, "testgroup3");
+ ret = check_group_in_ncache(ncache, dom, "testgroup3");
assert_int_equal(ret, ENOENT);
}
@@ -722,32 +758,32 @@ static void test_sss_ncache_reset_prepopulate(void **state)
dom2->names = dom->names;
/* First domain should not be known, the second not */
- ret = sss_ncache_check_user(ncache, dom, "testuser1");
+ ret = check_user_in_ncache(ncache, dom, "testuser1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, dom, "testgroup1");
+ ret = check_group_in_ncache(ncache, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, dom2, "testuser2");
+ ret = check_user_in_ncache(ncache, dom2, "testuser2");
assert_int_equal(ret, ENOENT);
- ret = sss_ncache_check_group(ncache, dom2, "testgroup2");
+ ret = check_group_in_ncache(ncache, dom2, "testgroup2");
assert_int_equal(ret, ENOENT);
ret = sss_ncache_reset_repopulate_permanent(ts->rctx, ncache);
assert_int_equal(ret, EOK);
/* First domain should not be known, the second not */
- ret = sss_ncache_check_user(ncache, dom, "testuser1");
+ ret = check_user_in_ncache(ncache, dom, "testuser1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, dom, "testgroup1");
+ ret = check_group_in_ncache(ncache, dom, "testgroup1");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_user(ncache, dom2, "testuser2");
+ ret = check_user_in_ncache(ncache, dom2, "testuser2");
assert_int_equal(ret, EEXIST);
- ret = sss_ncache_check_group(ncache, dom2, "testgroup2");
+ ret = check_group_in_ncache(ncache, dom2, "testgroup2");
assert_int_equal(ret, EEXIST);
}
int main(void)
diff --git a/src/tests/cwrap/test_negcache.c b/src/tests/cwrap/test_negcache.c
index 32a78ba7f..d43ef98ae 100644
--- a/src/tests/cwrap/test_negcache.c
+++ b/src/tests/cwrap/test_negcache.c
@@ -32,7 +32,7 @@
#define TIMEOUT 10000
#define TESTS_PATH "tp_" BASE_FILE_STEM
-#define TEST_CONF_DB "test_sysdb_sudorules.ldb"
+#define TEST_CONF_DB "test_negcache_confdb.ldb"
#define TEST_DOM_NAME "test_domain.test"
#define TEST_LOCAL_USER_NAME_1 "foobar"
@@ -54,14 +54,22 @@ struct test_user {
} users[] = { { "test_user1", 1001, 50001 },
{ "test_user2", 1002, 50002 } };
-static void create_users(struct sss_domain_info *domain)
+static void create_users(TALLOC_CTX *mem_ctx,
+ struct sss_domain_info *domain)
{
errno_t ret;
+ char *fqname;
for (int i = 0; i < 2; i++) {
+ fqname = sss_create_internal_fqname(mem_ctx,
+ users[i].name,
+ domain->name);
+ assert_non_null(fqname);
+
ret = sysdb_add_user(domain, users[i].name, users[i].uid, users[i].gid,
- users[i].name, NULL, "/bin/bash", domain->name,
+ fqname, NULL, "/bin/bash", domain->name,
NULL, 30, time(NULL));
+ talloc_free(fqname);
assert_int_equal(ret, EOK);
}
}
@@ -77,13 +85,21 @@ struct ncache_test_ctx {
struct sss_nc_ctx *ncache;
};
-static void create_groups(struct sss_domain_info *domain)
+static void create_groups(TALLOC_CTX *mem_ctx,
+ struct sss_domain_info *domain)
{
errno_t ret;
+ char *fqname;
for (int i = 0; i < 2; i++) {
- ret = sysdb_add_group(domain, groups[i].name, groups[i].gid,
+ fqname = sss_create_internal_fqname(mem_ctx,
+ groups[i].name,
+ domain->name);
+ assert_non_null(fqname);
+
+ ret = sysdb_add_group(domain, fqname, groups[i].gid,
NULL, 30, time(NULL));
+ talloc_free(fqname);
assert_int_equal(ret, EOK);
}
}
@@ -115,8 +131,8 @@ static int test_ncache_setup(void **state)
TEST_DOM_NAME, "ipa", NULL);
assert_non_null(test_ctx->tctx);
- create_groups(test_ctx->tctx->dom);
- create_users(test_ctx->tctx->dom);
+ create_groups(test_ctx, test_ctx->tctx->dom);
+ create_users(test_ctx, test_ctx->tctx->dom);
check_leaks_push(test_ctx);
@@ -140,18 +156,68 @@ static int test_ncache_teardown(void **state)
return 0;
}
+static int set_user_in_ncache(struct sss_nc_ctx *ctx, bool permanent,
+ struct sss_domain_info *dom, const char *name)
+{
+ char *fqdn;
+ int ret;
+
+ fqdn = sss_create_internal_fqname(ctx, name, dom->name);
+ ret = sss_ncache_set_user(ctx, permanent, dom, fqdn);
+ talloc_free(fqdn);
+ return ret;
+}
+
+static int set_group_in_ncache(struct sss_nc_ctx *ctx, bool permanent,
+ struct sss_domain_info *dom, const char *name)
+{
+ char *fqdn;
+ int ret;
+
+ fqdn = sss_create_internal_fqname(ctx, name, dom->name);
+ ret = sss_ncache_set_group(ctx, permanent, dom, fqdn);
+ talloc_free(fqdn);
+ return ret;
+}
+
+static int check_user_in_ncache(struct sss_nc_ctx *ctx,
+ struct sss_domain_info *dom,
+ const char *name)
+{
+ char *fqdn;
+ int ret;
+
+ fqdn = sss_create_internal_fqname(ctx, name, dom->name);
+ ret = sss_ncache_check_user(ctx, dom, fqdn);
+ talloc_free(fqdn);
+ return ret;
+}
+
+static int check_group_in_ncache(struct sss_nc_ctx *ctx,
+ struct sss_domain_info *dom,
+ const char *name)
+{
+ char *fqdn;
+ int ret;
+
+ fqdn = sss_create_internal_fqname(ctx, name, dom->name);
+ ret = sss_ncache_check_group(ctx, dom, fqdn);
+ talloc_free(fqdn);
+ return ret;
+}
+
/* user utils */
static void set_users(struct ncache_test_ctx *test_ctx)
{
int ret;
- ret = sss_ncache_set_user(test_ctx->ncache, false, test_ctx->tctx->dom,
+ ret = set_user_in_ncache(test_ctx->ncache, false, test_ctx->tctx->dom,
users[0].name);
assert_int_equal(ret, EOK);
- ret = sss_ncache_set_user(test_ctx->ncache, false, test_ctx->tctx->dom,
- TEST_LOCAL_USER_NAME_1);
+ ret = set_user_in_ncache(test_ctx->ncache, false, test_ctx->tctx->dom,
+ TEST_LOCAL_USER_NAME_1);
assert_int_equal(ret, EOK);
}
@@ -160,19 +226,19 @@ static void check_users(struct ncache_test_ctx *test_ctx,
{
int ret;
- ret = sss_ncache_check_user(test_ctx->ncache, test_ctx->tctx->dom,
+ ret = check_user_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
users[0].name);
assert_int_equal(ret, case_a);
- ret = sss_ncache_check_user(test_ctx->ncache, test_ctx->tctx->dom,
+ ret = check_user_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
users[1].name);
assert_int_equal(ret, case_b);
- ret = sss_ncache_check_user(test_ctx->ncache, test_ctx->tctx->dom,
+ ret = check_user_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
TEST_LOCAL_USER_NAME_1);
assert_int_equal(ret, case_c);
- ret = sss_ncache_check_user(test_ctx->ncache, test_ctx->tctx->dom,
+ ret = check_user_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
TEST_LOCAL_USER_NAME_2);
assert_int_equal(ret, case_d);
}
@@ -368,12 +434,12 @@ static void set_groups(struct ncache_test_ctx *test_ctx)
{
int ret;
- ret = sss_ncache_set_group(test_ctx->ncache, false, test_ctx->tctx->dom,
- groups[0].name);
+ ret = set_group_in_ncache(test_ctx->ncache, false, test_ctx->tctx->dom,
+ groups[0].name);
assert_int_equal(ret, EOK);
- ret = sss_ncache_set_group(test_ctx->ncache, false, test_ctx->tctx->dom,
- TEST_LOCAL_GROUP_NAME_1);
+ ret = set_group_in_ncache(test_ctx->ncache, false, test_ctx->tctx->dom,
+ TEST_LOCAL_GROUP_NAME_1);
assert_int_equal(ret, EOK);
}
@@ -382,20 +448,20 @@ static void check_groups(struct ncache_test_ctx *test_ctx,
{
int ret;
- ret = sss_ncache_check_group(test_ctx->ncache, test_ctx->tctx->dom,
- groups[0].name);
+ ret = check_group_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
+ groups[0].name);
assert_int_equal(ret, case_a);
- ret = sss_ncache_check_group(test_ctx->ncache, test_ctx->tctx->dom,
- groups[1].name);
+ ret = check_group_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
+ groups[1].name);
assert_int_equal(ret, case_b);
- ret = sss_ncache_check_group(test_ctx->ncache, test_ctx->tctx->dom,
- TEST_LOCAL_GROUP_NAME_1);
+ ret = check_group_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
+ TEST_LOCAL_GROUP_NAME_1);
assert_int_equal(ret, case_c);
- ret = sss_ncache_check_group(test_ctx->ncache, test_ctx->tctx->dom,
- TEST_LOCAL_GROUP_NAME_2);
+ ret = check_group_in_ncache(test_ctx->ncache, test_ctx->tctx->dom,
+ TEST_LOCAL_GROUP_NAME_2);
assert_int_equal(ret, case_d);
}
@@ -672,4 +738,4 @@ int main(int argc, const char *argv[])
rv = cmocka_run_group_tests(tests, NULL, NULL);
return rv;
-} \ No newline at end of file
+}
generated by cgit (git 2.34.1) at 2024-05-04 00:14:11 +0000