diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/db/sysdb.h | 4 | ||||
-rw-r--r-- | src/db/sysdb_ops.c | 6 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 25 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 2 | ||||
-rw-r--r-- | src/tests/sysdb-tests.c | 49 |
5 files changed, 72 insertions, 14 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 7b02b3442..96679007a 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -614,7 +614,9 @@ int sysdb_add_incomplete_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid, - const char *original_dn, bool posix, + const char *original_dn, + const char *sid_str, + bool posix, time_t now); /* Add netgroup (only basic attrs and w/o checks) */ diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index ff8fb0085..45f3289b7 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1409,6 +1409,7 @@ int sysdb_add_incomplete_group(struct sysdb_ctx *sysdb, const char *name, gid_t gid, const char *original_dn, + const char *sid_str, bool posix, time_t now) { @@ -1450,6 +1451,11 @@ int sysdb_add_incomplete_group(struct sysdb_ctx *sysdb, if (ret) goto done; } + if (sid_str) { + ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, sid_str); + if (ret) goto done; + } + ret = sysdb_set_group_attr(sysdb, domain, name, attrs, SYSDB_MOD_REP); done: diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 9a46dc9b9..aa0ea4c1b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -48,7 +48,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, bool in_transaction = false; bool posix; time_t now; - char *sid_str; + char *sid_str = NULL; bool use_id_mapping; char *tmp_name; @@ -127,16 +127,24 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, if (strcmp(groupname, missing[i]) == 0) { posix = true; + ret = sdap_attrs_get_sid_str( + tmp_ctx, opts->idmap_ctx, ldap_groups[ai], + opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, + &sid_str); + if (ret != EOK && ret != ENOENT) goto done; + if (use_id_mapping) { + if (sid_str == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, ("No SID for group [%s] " \ + "while id-mapping.\n", + groupname)); + ret = EINVAL; + goto done; + } + DEBUG(SSSDBG_TRACE_LIBS, ("Mapping group [%s] objectSID to unix ID\n", groupname)); - ret = sdap_attrs_get_sid_str( - tmp_ctx, opts->idmap_ctx, ldap_groups[ai], - opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, - &sid_str); - if (ret != EOK) goto done; - DEBUG(SSSDBG_TRACE_INTERNAL, ("Group [%s] has objectSID [%s]\n", groupname, sid_str)); @@ -187,7 +195,8 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding fake group %s to sysdb\n", groupname)); ret = sysdb_add_incomplete_group(sysdb, domain, groupname, gid, - original_dn, posix, now); + original_dn, sid_str, posix, + now); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 89789204a..e5649a2b9 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -496,7 +496,7 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) ret = sysdb_add_incomplete_group(state->sysdb, state->domain, group_name, gid, - NULL, false, now); + NULL, sid_str, false, now); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not create incomplete group: [%s]\n", diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index a4ca92a65..60a20c8b4 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -271,7 +271,7 @@ static int test_add_incomplete_group(struct test_data *data) ret = sysdb_add_incomplete_group(data->ctx->sysdb, data->ctx->domain, data->groupname, - data->gid, NULL, true, 0); + data->gid, NULL, NULL, true, 0); return ret; } @@ -3918,7 +3918,7 @@ START_TEST(test_odd_characters) /* Add */ ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, - odd_groupname, 20000, NULL, true, 0); + odd_groupname, 20000, NULL, NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); @@ -4446,14 +4446,14 @@ START_TEST(test_sysdb_original_dn_case_insensitive) ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, "case_sensitive_group1", 29000, "cn=case_sensitive_group1,cn=example,cn=com", - true, 0); + NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, "case_sensitive_group2", 29001, "cn=CASE_SENSITIVE_GROUP1,cn=EXAMPLE,cn=COM", - true, 0); + NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); @@ -4475,6 +4475,44 @@ START_TEST(test_sysdb_original_dn_case_insensitive) } END_TEST +START_TEST(test_sysdb_group_sid_str) +{ + errno_t ret; + struct sysdb_test_ctx *test_ctx; + const char *filter; + struct ldb_dn *base_dn; + const char *no_attrs[] = { NULL }; + struct ldb_message **msgs; + size_t num_msgs; + + /* Setup */ + ret = setup_sysdb_tests(&test_ctx); + fail_if(ret != EOK, "Could not set up the test"); + + ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, + "group", 29000, + "cn=group,cn=example,cn=com", + "S-1-2-3-4", true, 0); + fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", + ret, strerror(ret)); + + filter = talloc_asprintf(test_ctx, "%s=%s", SYSDB_SID_STR, "S-1-2-3-4"); + fail_if(filter == NULL, "Cannot construct filter\n"); + + base_dn = sysdb_domain_dn(test_ctx->sysdb, test_ctx, test_ctx->domain); + fail_if(base_dn == NULL, "Cannot construct basedn\n"); + + ret = sysdb_search_entry(test_ctx, test_ctx->sysdb, + base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs, + &num_msgs, &msgs); + fail_unless(ret == EOK, "cache search error [%d][%s]", + ret, strerror(ret)); + fail_unless(num_msgs == 1, "Did not find the expected number of entries using " + "SID string search"); +} +END_TEST + + START_TEST(test_sysdb_subdomain_create) { struct sysdb_test_ctx *test_ctx; @@ -5063,6 +5101,9 @@ Suite *create_sysdb_suite(void) /* Test originalDN searches */ tcase_add_test(tc_sysdb, test_sysdb_original_dn_case_insensitive); + /* Test SID string group searches */ + tcase_add_test(tc_sysdb, test_sysdb_group_sid_str); + /* Test user and group renames */ tcase_add_test(tc_sysdb, test_group_rename); tcase_add_test(tc_sysdb, test_user_rename); |