On 09/03/2013 12:08 AM, Jakub Hrozek wrote:
On Tue, Aug 27, 2013 at 12:19:39PM +0200, Ondrej Kos wrote:
On 08/26/2013 03:53 PM, Jakub Hrozek wrote:
On Mon, Aug 26, 2013 at 02:58:18PM +0200, Ondrej Kos wrote:
Hi,
Attached patch adds sysdb routine to search users/groups by their
SID, which will be needed for ticket 1568.
I'm sending it now, because one of the patches I have in this
working branch (store group SID) was already written and posted on
the list by Sumit, so not to waste time again :)
There is quite some code duplication between the two functions. Can we
have a single one that would also take a search base and either
objectlass or filter as arguments? The objectclass or filter would then
be and-end with SYSDB_SID_STR=%s. User and group functions could then be
just thin wrappers.
Also I would prefer a unit test for any new sysdb API.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
New patch attached.
This is better, but do you need the generic function and the enum
exposed in the header? Can you make the generic function static and move
the enum inside the module?
Also, instead of the enum, maybe the function can accept the format
strings directly and then we wouldn't need the adhoc enum at all.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
New patch attached
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
From 19de44cd55f87b000a8fa2a58b1fbf4c004678ee Mon Sep 17 00:00:00 2001
From: Ondrej Kos <o...@redhat.com>
Date: Wed, 21 Aug 2013 15:17:00 +0200
Subject: [PATCH 1/3] DB: Add user/group lookup by SID
---
src/db/sysdb.h | 20 +++++++++--
src/db/sysdb_ops.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++--
src/tests/sysdb-tests.c | 55 ++++++++++++++++++------------
3 files changed, 141 insertions(+), 25 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index c352f89834f18f77196b861fd74096ceac5e3789..b959466477b7161db536427093af96fd0cd2f3f2 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -144,10 +144,12 @@
#define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
#define SYSDB_PWUID_FILTER "(&("SYSDB_UC")("SYSDB_UIDNUM"=%lu))"
+#define SYSDB_PWSID_FILTER "(&("SYSDB_UC")("SYSDB_SID_STR"=%s))"
#define SYSDB_PWENT_FILTER "("SYSDB_UC")"
#define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
#define SYSDB_GRGID_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))"
+#define SYSDB_GRSID_FILTER "(&("SYSDB_GC")("SYSDB_SID_STR"=%s))"
#define SYSDB_GRENT_FILTER "("SYSDB_GC")"
#define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
#define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))"
@@ -506,7 +508,7 @@ int sysdb_search_entry(TALLOC_CTX *mem_ctx,
size_t *msgs_count,
struct ldb_message ***msgs);
-/* Search User (by uid or name) */
+/* Search User (by uid, sid or name) */
int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct sss_domain_info *domain,
@@ -521,7 +523,14 @@ int sysdb_search_user_by_uid(TALLOC_CTX *mem_ctx,
const char **attrs,
struct ldb_message **msg);
-/* Search Group (by gid or name) */
+int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *sid_str,
+ const char **attrs,
+ struct ldb_message **msg);
+
+/* Search Group (by gid, sid or name) */
int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct sss_domain_info *domain,
@@ -536,6 +545,13 @@ int sysdb_search_group_by_gid(TALLOC_CTX *mem_ctx,
const char **attrs,
struct ldb_message **msg);
+int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *sid_str,
+ const char **attrs,
+ struct ldb_message **msg);
+
/* Search Netgroup (by name) */
int sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 45f3289b702d0492c3cbddd7063f2845afa3de00..3c568e76b0ed9fc3e561d318782c1b0c65b0111e 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -233,8 +233,69 @@ int sysdb_search_entry(TALLOC_CTX *mem_ctx,
return EOK;
}
+/* =Search-Entry-by-SID-string============================================ */
-/* =Search-User-by-[UID/NAME]============================================= */
+enum sysdb_sid_search_type {
+ SYSDB_SID_SEARCH_USER,
+ SYSDB_SID_SEARCH_GROUP,
+};
+
+int sysdb_search_entry_by_sid_str(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *search_base,
+ const char *filter_str,
+ const char *sid_str,
+ const char **attrs,
+ struct ldb_message **msg)
+{
+ TALLOC_CTX *tmp_ctx;
+ const char *def_attrs[] = { SYSDB_NAME, SYSDB_SID_STR, NULL };
+ struct ldb_message **msgs = NULL;
+ struct ldb_dn *basedn;
+ size_t msgs_count = 0;
+ char *filter;
+ int ret;
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) {
+ return ENOMEM;
+ }
+
+ basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
+ search_base, domain->name);
+ if (!basedn) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ filter = talloc_asprintf(tmp_ctx, filter_str, sid_str);
+ if (!filter) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter,
+ attrs?attrs:def_attrs, &msgs_count, &msgs);
+ if (ret) {
+ goto done;
+ }
+
+ *msg = talloc_steal(mem_ctx, msgs[0]);
+
+done:
+ if (ret == ENOENT) {
+ DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
+ }
+ else if (ret) {
+ DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
+ }
+
+ talloc_zfree(tmp_ctx);
+ return ret;
+}
+
+/* =Search-User-by-[UID/SID/NAME]============================================= */
int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
@@ -352,8 +413,21 @@ done:
return ret;
}
+int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *sid_str,
+ const char **attrs,
+ struct ldb_message **msg)
+{
-/* =Search-Group-by-[GID/NAME]============================================ */
+ return sysdb_search_entry_by_sid_str(mem_ctx, sysdb, domain,
+ SYSDB_TMPL_USER_BASE,
+ SYSDB_PWSID_FILTER,
+ sid_str, attrs, msg);
+}
+
+/* =Search-Group-by-[GID/SID/NAME]============================================ */
int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
@@ -456,6 +530,19 @@ done:
return ret;
}
+int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *sid_str,
+ const char **attrs,
+ struct ldb_message **msg)
+{
+
+ return sysdb_search_entry_by_sid_str(mem_ctx, sysdb, domain,
+ SYSDB_TMPL_GROUP_BASE,
+ SYSDB_GRSID_FILTER,
+ sid_str, attrs, msg);
+}
/* =Search-Group-by-Name============================================ */
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index 6f95d248b65fe832447268e4d9eb94ceb2af7c17..d0aff2d740334cf81c6c333c4517f1011534e6c0 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -4475,15 +4475,12 @@ START_TEST(test_sysdb_original_dn_case_insensitive)
}
END_TEST
-START_TEST(test_sysdb_group_sid_str)
+START_TEST(test_sysdb_search_sid_str)
{
errno_t ret;
struct sysdb_test_ctx *test_ctx;
- const char *filter;
- struct ldb_dn *base_dn;
- const char *no_attrs[] = { NULL };
- struct ldb_message **msgs;
- size_t num_msgs;
+ struct ldb_message *msg;
+ struct sysdb_attrs *attrs = NULL;
/* Setup */
ret = setup_sysdb_tests(&test_ctx);
@@ -4496,19 +4493,35 @@ START_TEST(test_sysdb_group_sid_str)
fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]",
ret, strerror(ret));
- filter = talloc_asprintf(test_ctx, "%s=%s", SYSDB_SID_STR, "S-1-2-3-4");
- fail_if(filter == NULL, "Cannot construct filter\n");
-
- base_dn = sysdb_domain_dn(test_ctx->sysdb, test_ctx, test_ctx->domain);
- fail_if(base_dn == NULL, "Cannot construct basedn\n");
-
- ret = sysdb_search_entry(test_ctx, test_ctx->sysdb,
- base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs,
- &num_msgs, &msgs);
- fail_unless(ret == EOK, "cache search error [%d][%s]",
- ret, strerror(ret));
- fail_unless(num_msgs == 1, "Did not find the expected number of entries using "
- "SID string search");
+ ret = sysdb_search_group_by_sid_str(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, "S-1-2-3-4",
+ NULL, &msg);
+ fail_unless(ret == EOK, "sysdb_search_group_by_sid_str failed with [%d][%s].",
+ ret, strerror(ret));
+
+ talloc_free(msg);
+ msg = NULL;
+
+ attrs = sysdb_new_attrs(test_ctx);
+ fail_unless(attrs != NULL, "sysdb_new_attrs failed");
+
+ ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, "S-1-2-3-4-5");
+ fail_unless(ret == EOK, "sysdb_attrs_add_string failed with [%d][%s].",
+ ret, strerror(ret));
+
+ ret = sysdb_add_user(test_ctx->sysdb, test_ctx->domain, "SIDuser",
+ 12345, 0, "SID user", "/home/siduser", "/bin/bash",
+ NULL, attrs, 0, 0);
+ fail_unless(ret == EOK, "sysdb_add_user failed with [%d][%s].",
+ ret, strerror(ret));
+
+ ret = sysdb_search_user_by_sid_str(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, "S-1-2-3-4-5",
+ NULL, &msg);
+ fail_unless(ret == EOK, "sysdb_search_user_by_sid_str failed with [%d][%s].",
+ ret, strerror(ret));
+
+ talloc_free(test_ctx);
}
END_TEST
@@ -5103,8 +5116,8 @@ Suite *create_sysdb_suite(void)
/* Test originalDN searches */
tcase_add_test(tc_sysdb, test_sysdb_original_dn_case_insensitive);
- /* Test SID string group searches */
- tcase_add_test(tc_sysdb, test_sysdb_group_sid_str);
+ /* Test SID string searches */
+ tcase_add_test(tc_sysdb, test_sysdb_search_sid_str);
/* Test user and group renames */
tcase_add_test(tc_sysdb, test_group_rename);
--
1.8.1.4
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
