On Wed, Nov 27, 2013 at 02:50:35PM +0100, Jakub Hrozek wrote:
> On Tue, Nov 26, 2013 at 11:51:41AM +0100, Sumit Bose wrote:
> > Hi,
> >
> > Steeve found some issues when testing sss_cache with sub-domain users.
> > This was originally fixed in https://fedorahosted.org/sssd/ticket/1741
> > but I guess recent changes have broken it again.
> >
> > I have tested the patches with users and groups. It would be nice is
> > someone with a suitable environment can test them for the other object
> > types as well.
> >
> > bye,
> > Sumit
>
> Hi,
>
> during testing I found out that there is a difference in how we store
> the nameAlias attribute for subdomain users retrieved with the exended
> operation to IPA and subdomain users that are stored with the LDAP
> provider.
>
> The IPA subdomain users have lowercase the whole alias (so typically
> user@windows.domain) while the LDAP users have only the name component
> lowercased (user@WINDOWS.DOMAIN). Currently sss_cache only works with he
> latter.
>
> As discussed on IRC, we should pick on scheme and use it, ideally with
> some helper function.
I added two new patches to fix this. 0003 adds a new call to add a lower
case alias name to a sysdb_attrs struct and 0004 replace current code
with the new call.
bye,
Sumit
> _______________________________________________
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
From b06b17e2222cd75d705c6a867d8eabedfa8fde33 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Mon, 25 Nov 2013 17:54:06 +0100
Subject: [PATCH 1/4] sss_cache: initialize names member of sss_domain_info
sss_tc_fqname() called by sss_get_domain_name() requires that the names
member of the sss_domain_info struct is set to work properly. If the
names struct is properly initialized in sss_domain_info the separate one
in the tool context is not needed anymore.
Related to https://fedorahosted.org/sssd/ticket/1741
---
src/tools/sss_cache.c | 23 ++++++++++-------------
1 file changed, 10 insertions(+), 13 deletions(-)
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index 0bf029e..6412d71 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -63,7 +63,6 @@ static errno_t search_autofsmaps(TALLOC_CTX *mem_ctx,
struct cache_tool_ctx {
struct confdb_ctx *confdb;
struct sss_domain_info *domains;
- struct sss_names_ctx *nctx;
char *user_filter;
char *group_filter;
@@ -208,7 +207,7 @@ static errno_t update_filter(struct cache_tool_ctx *tctx,
return ENOMEM;
}
- ret = sss_parse_name(tmp_ctx, tctx->nctx, name,
+ ret = sss_parse_name(tmp_ctx, dinfo->names, name,
&parsed_domain, &parsed_name);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("sss_parse_name failed\n"));
@@ -279,17 +278,6 @@ static errno_t update_all_filters(struct cache_tool_ctx
*tctx,
{
errno_t ret;
- if (IS_SUBDOMAIN(dinfo)) {
- ret = sss_names_init(tctx, tctx->confdb, dinfo->parent->name,
- &tctx->nctx);
- } else {
- ret = sss_names_init(tctx, tctx->confdb, dinfo->name, &tctx->nctx);
- }
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("sss_names_init() failed\n"));
- return ret;
- }
-
/* Update user filter */
ret = update_filter(tctx, dinfo, tctx->user_name,
tctx->update_user_filter, "(%s=%s)", false,
@@ -464,6 +452,7 @@ errno_t init_domains(struct cache_tool_ctx *ctx, const char
*domain)
{
char *confdb_path;
int ret;
+ struct sss_domain_info *dinfo;
confdb_path = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE);
if (confdb_path == NULL) {
@@ -502,6 +491,14 @@ errno_t init_domains(struct cache_tool_ctx *ctx, const
char *domain)
}
}
+ for (dinfo = ctx->domains; dinfo; dinfo = get_next_domain(dinfo, false)) {
+ ret = sss_names_init(ctx, ctx->confdb, dinfo->name, &dinfo->names);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("sss_names_init() failed\n"));
+ return ret;
+ }
+ }
+
return EOK;
}
--
1.8.3.1
From 5d8bc4baabecc319429da7c25eeaa671eb4f9987 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Tue, 26 Nov 2013 10:27:50 +0100
Subject: [PATCH 2/4] sss_cache: fix case-sensitivity issue
For case-insensitive domains the lower-case name for case-insensitive
searches is stored in SYSDB_NAME_ALIAS.
Related to https://fedorahosted.org/sssd/ticket/1741
---
src/tools/sss_cache.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index 6412d71..91bfcee 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -235,7 +235,9 @@ static errno_t update_filter(struct cache_tool_ctx *tctx,
if (!strcasecmp(dinfo->name, parsed_domain)) {
if (fmt) {
filter = talloc_asprintf(tmp_ctx, fmt,
- SYSDB_NAME, use_name);
+ dinfo->case_sensitive ?
+ SYSDB_NAME : SYSDB_NAME_ALIAS,
+ use_name);
} else {
filter = talloc_strdup(tmp_ctx, use_name);
}
@@ -251,7 +253,10 @@ static errno_t update_filter(struct cache_tool_ctx *tctx,
}
} else {
if (fmt) {
- filter = talloc_asprintf(tmp_ctx, fmt, SYSDB_NAME, name);
+ filter = talloc_asprintf(tmp_ctx, fmt,
+ dinfo->case_sensitive ?
+ SYSDB_NAME : SYSDB_NAME_ALIAS,
+ name);
} else {
filter = talloc_strdup(tmp_ctx, name);
}
--
1.8.3.1
From 3f066ee14fbe0f7af042d9dc486d5b13a4560638 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Thu, 28 Nov 2013 11:28:39 +0100
Subject: [PATCH 3/4] Add sysdb_attrs_add_lc_name_alias
---
src/db/sysdb.c | 22 ++++++++++++++++++++++
src/db/sysdb.h | 2 ++
src/tests/sysdb-tests.c | 29 +++++++++++++++++++++++++++++
3 files changed, 53 insertions(+)
diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index 283dabd..09a4b64 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -616,6 +616,28 @@ int sysdb_attrs_add_time_t(struct sysdb_attrs *attrs,
return ret;
}
+int sysdb_attrs_add_lc_name_alias(struct sysdb_attrs *attrs,
+ const char *value)
+{
+ char *lc_str;
+ int ret;
+
+ if (attrs == NULL || value == NULL) {
+ return EINVAL;
+ }
+
+ lc_str = sss_tc_utf8_str_tolower(attrs, value);
+ if (lc_str == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Cannot convert name to lowercase\n"));
+ return ENOMEM;
+ }
+
+ ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, lc_str);
+ talloc_free(lc_str);
+
+ return ret;
+}
+
int sysdb_attrs_copy_values(struct sysdb_attrs *src,
struct sysdb_attrs *dst,
const char *name)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 63a1fab..cec8bdd 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -274,6 +274,8 @@ int sysdb_attrs_add_uint32(struct sysdb_attrs *attrs,
const char *name, uint32_t value);
int sysdb_attrs_add_time_t(struct sysdb_attrs *attrs,
const char *name, time_t value);
+int sysdb_attrs_add_lc_name_alias(struct sysdb_attrs *attrs,
+ const char *value);
int sysdb_attrs_copy_values(struct sysdb_attrs *src,
struct sysdb_attrs *dst,
const char *name);
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index f7e0638..e8b3e82 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -4311,6 +4311,33 @@ START_TEST(test_sysdb_svc_remove_alias)
}
END_TEST
+#define LC_NAME_ALIAS_TEST_VAL "TeSt VaLuE"
+#define LC_NAME_ALIAS_CHECK_VAL "test value"
+START_TEST(test_sysdb_attrs_add_lc_name_alias)
+{
+ int ret;
+ struct sysdb_attrs *attrs;
+ const char *str;
+
+ ret = sysdb_attrs_add_lc_name_alias(NULL, NULL);
+ fail_unless(ret == EINVAL, "EINVAL not returned for NULL input");
+
+ attrs = sysdb_new_attrs(NULL);
+ fail_unless(attrs != NULL, "sysdb_new_attrs failed");
+
+ ret = sysdb_attrs_add_lc_name_alias(attrs, LC_NAME_ALIAS_TEST_VAL);
+ fail_unless(ret == EOK, "sysdb_attrs_add_lc_name_alias failed");
+
+ ret = sysdb_attrs_get_string(attrs, SYSDB_NAME_ALIAS, &str);
+ fail_unless(ret == EOK, "sysdb_attrs_get_string failed");
+ fail_unless(strcmp(str, LC_NAME_ALIAS_CHECK_VAL) == 0,
+ "Unexpected value, expected [%s], got [%s]",
+ LC_NAME_ALIAS_CHECK_VAL, str);
+
+ talloc_free(attrs);
+}
+END_TEST
+
START_TEST(test_sysdb_has_enumerated)
{
errno_t ret;
@@ -5069,6 +5096,8 @@ Suite *create_sysdb_suite(void)
tcase_add_test(tc_sysdb, test_sysdb_store_services);
tcase_add_test(tc_sysdb, test_sysdb_svc_remove_alias);
+ tcase_add_test(tc_sysdb, test_sysdb_attrs_add_lc_name_alias);
+
/* Add all test cases to the test suite */
suite_add_tcase(s, tc_sysdb);
--
1.8.3.1
From 3912a5718778e24f44ed4ddaf443d4b8e13155cd Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Thu, 28 Nov 2013 12:31:24 +0100
Subject: [PATCH 4/4] Use sysdb_attrs_add_lc_name_alias to add case-insensitive
alias
---
src/providers/ipa/ipa_s2n_exop.c | 27 ++++++---------------------
src/providers/ldap/sdap_async.c | 21 ++++++++++++++++-----
src/providers/proxy/proxy_id.c | 20 ++------------------
src/providers/proxy/proxy_netgroup.c | 10 +---------
src/responder/pac/pacsrv_utils.c | 4 ++--
5 files changed, 27 insertions(+), 55 deletions(-)
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index 7379b99..628880f 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -652,7 +652,6 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
struct sysdb_attrs *user_attrs = NULL;
struct sysdb_attrs *group_attrs = NULL;
char *name;
- char *lc_name;
char *realm;
char *upn;
struct berval *bv_req = NULL;
@@ -768,16 +767,10 @@ static void ipa_s2n_get_user_done(struct tevent_req
*subreq)
goto done;
}
- lc_name = sss_tc_utf8_str_tolower(user_attrs, name);
- if (lc_name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot convert name to
lowercase\n"));
- ret = ENOMEM;
- goto done;
- }
-
- ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS,
lc_name);
+ ret = sysdb_attrs_add_lc_name_alias(user_attrs, name);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("sysdb_attrs_add_lc_name_alias failed.\n"));
goto done;
}
@@ -853,18 +846,10 @@ static void ipa_s2n_get_user_done(struct tevent_req
*subreq)
goto done;
}
- lc_name = sss_tc_utf8_str_tolower(group_attrs, name);
- if (lc_name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- ("Cannot convert name to lowercase\n"));
- ret = ENOMEM;
- goto done;
- }
-
- ret = sysdb_attrs_add_string(group_attrs, SYSDB_NAME_ALIAS,
- lc_name);
+ ret = sysdb_attrs_add_lc_name_alias(group_attrs, name);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("sysdb_attrs_add_lc_name_alias failed.\n"));
goto done;
}
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index f5cc962..e905d2d 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -2318,12 +2318,23 @@ sdap_save_all_names(const char *name,
goto done;
}
- ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, domname);
- if (ret) {
- DEBUG(SSSDBG_OP_FAILURE, ("Failed to add alias [%s] into the "
- "attribute list\n", aliases[i]));
- goto done;
+ if (lowercase) {
+ ret = sysdb_attrs_add_lc_name_alias(attrs, domname);
+ if (ret) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Failed to add lower-cased version "
+ "of alias [%s] into the "
+ "attribute list\n", aliases[i]));
+ goto done;
+ }
+ } else {
+ ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, domname);
+ if (ret) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Failed to add alias [%s] into the "
+ "attribute list\n", aliases[i]));
+ goto done;
+ }
}
+
}
ret = EOK;
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
index 6e2b175..4a6b28b 100644
--- a/src/providers/proxy/proxy_id.c
+++ b/src/providers/proxy/proxy_id.c
@@ -219,7 +219,6 @@ static int save_user(struct sss_domain_info *domain,
{
const char *shell;
const char *gecos;
- char *lower;
struct sysdb_attrs *attrs = NULL;
errno_t ret;
const char *cased_alias;
@@ -245,14 +244,7 @@ static int save_user(struct sss_domain_info *domain,
}
if (lowercase) {
- lower = sss_tc_utf8_str_tolower(attrs, pwd->pw_name);
- if (!lower) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot convert name to lowercase\n"));
- talloc_zfree(attrs);
- return ENOMEM;
- }
-
- ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, lower);
+ ret = sysdb_attrs_add_lc_name_alias(attrs, pwd->pw_name);
if (ret) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not add name alias\n"));
talloc_zfree(attrs);
@@ -534,7 +526,6 @@ static int save_group(struct sysdb_ctx *sysdb, struct
sss_domain_info *dom,
{
errno_t ret, sret;
struct sysdb_attrs *attrs = NULL;
- char *lower;
const char *cased_alias;
TALLOC_CTX *tmp_ctx;
time_t now = time(NULL);
@@ -589,14 +580,7 @@ static int save_group(struct sysdb_ctx *sysdb, struct
sss_domain_info *dom,
}
if (dom->case_sensitive == false) {
- lower = sss_tc_utf8_str_tolower(attrs, grp->gr_name);
- if (!lower) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot convert name to
lowercase\n"));
- ret = ENOMEM;
- goto done;
- }
-
- ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, lower);
+ ret = sysdb_attrs_add_lc_name_alias(attrs, grp->gr_name);
if (ret) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not add name alias\n"));
ret = ENOMEM;
diff --git a/src/providers/proxy/proxy_netgroup.c
b/src/providers/proxy/proxy_netgroup.c
index 0aeb7cf..6be889a 100644
--- a/src/providers/proxy/proxy_netgroup.c
+++ b/src/providers/proxy/proxy_netgroup.c
@@ -73,17 +73,9 @@ static errno_t save_netgroup(struct sss_domain_info *domain,
uint64_t cache_timeout)
{
errno_t ret;
- char *lower;
if (lowercase) {
- lower = sss_tc_utf8_str_tolower(NULL, name);
- if (!lower) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot convert name to lowercase\n"));
- return ENOMEM;
- }
-
- ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, lower);
- talloc_free(lower);
+ ret = sysdb_attrs_add_lc_name_alias(attrs, name);
if (ret) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not add name alias\n"));
return ret;
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index d56fc19..0872e86 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -479,9 +479,9 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx,
goto done;
}
- ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, pwd->pw_name);
+ ret = sysdb_attrs_add_lc_name_alias(attrs, pwd->pw_name);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_lc_name_alias failed.\n"));
goto done;
}
--
1.8.3.1
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
