On 08/26/2013 03:53 PM, Jakub Hrozek wrote:
On Mon, Aug 26, 2013 at 02:58:18PM +0200, Ondrej Kos wrote:
Hi,
Attached patch adds sysdb routine to search users/groups by their
SID, which will be needed for ticket 1568.
I'm sending it now, because one of the patches I have in this
working branch (store group SID) was already written and posted on
the list by Sumit, so not to waste time again :)
There is quite some code duplication between the two functions. Can we
have a single one that would also take a search base and either
objectlass or filter as arguments? The objectclass or filter would then
be and-end with SYSDB_SID_STR=%s. User and group functions could then be
just thin wrappers.
Also I would prefer a unit test for any new sysdb API.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
New patch attached.
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
From dd6047663c83c6629c8ced565388e2d1ee135d0e Mon Sep 17 00:00:00 2001
From: Ondrej Kos <o...@redhat.com>
Date: Wed, 21 Aug 2013 15:17:00 +0200
Subject: [PATCH] DB: Add user/group lookup by SID
---
src/db/sysdb.h | 35 +++++++++++++++++--
src/db/sysdb_ops.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++--
src/tests/sysdb-tests.c | 55 ++++++++++++++++++-----------
3 files changed, 158 insertions(+), 25 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 96679007af90ee813a580094dafd64cde976fa39..8f854be689623f6cb52d6247e3f423b310bb184f 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -143,10 +143,12 @@
#define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
#define SYSDB_PWUID_FILTER "(&("SYSDB_UC")("SYSDB_UIDNUM"=%lu))"
+#define SYSDB_PWSID_FILTER "(&("SYSDB_UC")("SYSDB_SID_STR"=%s))"
#define SYSDB_PWENT_FILTER "("SYSDB_UC")"
#define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
#define SYSDB_GRGID_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))"
+#define SYSDB_GRSID_FILTER "(&("SYSDB_GC")("SYSDB_SID_STR"=%s))"
#define SYSDB_GRENT_FILTER "("SYSDB_GC")"
#define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
#define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))"
@@ -505,7 +507,22 @@ int sysdb_search_entry(TALLOC_CTX *mem_ctx,
size_t *msgs_count,
struct ldb_message ***msgs);
-/* Search User (by uid or name) */
+/* Search entry by SID string */
+
+enum sysdb_sid_search_type {
+ SYSDB_SID_SEARCH_USER,
+ SYSDB_SID_SEARCH_GROUP,
+};
+
+int sysdb_search_entry_by_sid_str(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ enum sysdb_sid_search_type type,
+ const char *sid_str,
+ const char **attrs,
+ struct ldb_message **msg);
+
+/* Search User (by uid, sid or name) */
int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct sss_domain_info *domain,
@@ -520,7 +537,14 @@ int sysdb_search_user_by_uid(TALLOC_CTX *mem_ctx,
const char **attrs,
struct ldb_message **msg);
-/* Search Group (by gid or name) */
+int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *sid_str,
+ const char **attrs,
+ struct ldb_message **msg);
+
+/* Search Group (by gid, sid or name) */
int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct sss_domain_info *domain,
@@ -535,6 +559,13 @@ int sysdb_search_group_by_gid(TALLOC_CTX *mem_ctx,
const char **attrs,
struct ldb_message **msg);
+int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *sid_str,
+ const char **attrs,
+ struct ldb_message **msg);
+
/* Search Netgroup (by name) */
int sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 45f3289b702d0492c3cbddd7063f2845afa3de00..8cf4fca1379cdbe0857680208dc76e88cf978d5b 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -233,8 +233,73 @@ int sysdb_search_entry(TALLOC_CTX *mem_ctx,
return EOK;
}
+/* =Search-Entry-by-SID-string============================================ */
-/* =Search-User-by-[UID/NAME]============================================= */
+int sysdb_search_entry_by_sid_str(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ enum sysdb_sid_search_type type,
+ const char *sid_str,
+ const char **attrs,
+ struct ldb_message **msg)
+{
+ TALLOC_CTX *tmp_ctx;
+ const char *def_attrs[] = { SYSDB_NAME, SYSDB_SID_STR, NULL };
+ struct ldb_message **msgs = NULL;
+ struct ldb_dn *basedn;
+ size_t msgs_count = 0;
+ char *filter;
+ int ret;
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) {
+ return ENOMEM;
+ }
+
+ switch (type) {
+ case SYSDB_SID_SEARCH_USER:
+ basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
+ SYSDB_TMPL_USER_BASE, domain->name);
+ filter = talloc_asprintf(tmp_ctx, SYSDB_PWSID_FILTER, sid_str);
+ break;
+
+ case SYSDB_SID_SEARCH_GROUP:
+ basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
+ SYSDB_TMPL_GROUP_BASE, domain->name);
+ filter = talloc_asprintf(tmp_ctx, SYSDB_GRSID_FILTER, sid_str);
+ break;
+
+ default:
+ ret = EINVAL;
+ goto done;
+ break;
+ }
+ if (!basedn || !filter) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter,
+ attrs?attrs:def_attrs, &msgs_count, &msgs);
+ if (ret) {
+ goto done;
+ }
+
+ *msg = talloc_steal(mem_ctx, msgs[0]);
+
+done:
+ if (ret == ENOENT) {
+ DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
+ }
+ else if (ret) {
+ DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
+ }
+
+ talloc_zfree(tmp_ctx);
+ return ret;
+}
+
+/* =Search-User-by-[UID/SID/NAME]============================================= */
int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
@@ -352,8 +417,20 @@ done:
return ret;
}
+int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *sid_str,
+ const char **attrs,
+ struct ldb_message **msg)
+{
-/* =Search-Group-by-[GID/NAME]============================================ */
+ return sysdb_search_entry_by_sid_str(mem_ctx, sysdb, domain,
+ SYSDB_SID_SEARCH_USER,
+ sid_str, attrs, msg);
+}
+
+/* =Search-Group-by-[GID/SID/NAME]============================================ */
int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
@@ -456,6 +533,18 @@ done:
return ret;
}
+int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *sid_str,
+ const char **attrs,
+ struct ldb_message **msg)
+{
+
+ return sysdb_search_entry_by_sid_str(mem_ctx, sysdb, domain,
+ SYSDB_SID_SEARCH_GROUP,
+ sid_str, attrs, msg);
+}
/* =Search-Group-by-Name============================================ */
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index 60a20c8b4d1dcb8701286b1589bdcf351d2ccd95..d2f6cbb2d9bf1fdf55d8522ac6e633d30289794e 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -4475,15 +4475,12 @@ START_TEST(test_sysdb_original_dn_case_insensitive)
}
END_TEST
-START_TEST(test_sysdb_group_sid_str)
+START_TEST(test_sysdb_search_sid_str)
{
errno_t ret;
struct sysdb_test_ctx *test_ctx;
- const char *filter;
- struct ldb_dn *base_dn;
- const char *no_attrs[] = { NULL };
- struct ldb_message **msgs;
- size_t num_msgs;
+ struct ldb_message *msg;
+ struct sysdb_attrs *attrs = NULL;
/* Setup */
ret = setup_sysdb_tests(&test_ctx);
@@ -4496,19 +4493,35 @@ START_TEST(test_sysdb_group_sid_str)
fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]",
ret, strerror(ret));
- filter = talloc_asprintf(test_ctx, "%s=%s", SYSDB_SID_STR, "S-1-2-3-4");
- fail_if(filter == NULL, "Cannot construct filter\n");
-
- base_dn = sysdb_domain_dn(test_ctx->sysdb, test_ctx, test_ctx->domain);
- fail_if(base_dn == NULL, "Cannot construct basedn\n");
-
- ret = sysdb_search_entry(test_ctx, test_ctx->sysdb,
- base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs,
- &num_msgs, &msgs);
- fail_unless(ret == EOK, "cache search error [%d][%s]",
- ret, strerror(ret));
- fail_unless(num_msgs == 1, "Did not find the expected number of entries using "
- "SID string search");
+ ret = sysdb_search_group_by_sid_str(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, "S-1-2-3-4",
+ NULL, &msg);
+ fail_unless(ret == EOK, "sysdb_search_group_by_sid_str failed with [%d][%s].",
+ ret, strerror(ret));
+
+ talloc_free(msg);
+ msg = NULL;
+
+ attrs = sysdb_new_attrs(test_ctx);
+ fail_unless(attrs != NULL, "sysdb_new_attrs failed");
+
+ ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, "S-1-2-3-4-5");
+ fail_unless(ret == EOK, "sysdb_attrs_add_string failed with [%d][%s].",
+ ret, strerror(ret));
+
+ ret = sysdb_add_user(test_ctx->sysdb, test_ctx->domain, "SIDuser",
+ 12345, 0, "SID user", "/home/siduser", "/bin/bash",
+ NULL, attrs, 0, 0);
+ fail_unless(ret == EOK, "sysdb_add_user failed with [%d][%s].",
+ ret, strerror(ret));
+
+ ret = sysdb_search_user_by_sid_str(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, "S-1-2-3-4-5",
+ NULL, &msg);
+ fail_unless(ret == EOK, "sysdb_search_user_by_sid_str failed with [%d][%s].",
+ ret, strerror(ret));
+
+ talloc_free(test_ctx);
}
END_TEST
@@ -5101,8 +5114,8 @@ Suite *create_sysdb_suite(void)
/* Test originalDN searches */
tcase_add_test(tc_sysdb, test_sysdb_original_dn_case_insensitive);
- /* Test SID string group searches */
- tcase_add_test(tc_sysdb, test_sysdb_group_sid_str);
+ /* Test SID string searches */
+ tcase_add_test(tc_sysdb, test_sysdb_search_sid_str);
/* Test user and group renames */
tcase_add_test(tc_sysdb, test_group_rename);
--
1.8.1.4
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
