On 06/27/2014 11:06 AM, Jakub Hrozek wrote:
On Tue, Jun 24, 2014 at 02:35:30PM +0200, Pavel Reichl wrote:
On Thu, 2014-05-22 at 11:30 +0200, Pavel Reichl wrote:
Hello,
please see attached patches.
I have briefly discussed with Jakub how to handle saving users with uid
0 whether to resurrect sysdb_add_fake_user or modify existing fuctions
for storing users. I decided to add wrapper function around existing
ones to minimize changes in code which calls them.
Thanks,
Pavel Reichl
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Sorry, there was forgotten //todo comment. Updated patches attached.
Thanks,
PR
I'm sorry this review took so long. Don't worry about pushing this patch
out of 1.12.0 and into 1.12.1.
From c0e570a8381f9abda157ba9dc25554f51773325e Mon Sep 17 00:00:00 2001
From: Pavel Reichl <[email protected]>
Date: Thu, 22 May 2014 10:37:57 +0100
Subject: [PATCH 1/2] SYSDB: enable storing urers with uid 0
Store users with uid 0 if explicitly asked to.
Resolves:
https://fedorahosted.org/sssd/ticket/2117
---
src/db/sysdb.h | 13 +++++++
src/db/sysdb_ops.c | 109 ++++++++++++++++++++++++++++++++++++++++-------------
2 files changed, 95 insertions(+), 27 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index
911430eefcbf520ca04f123a3b6f1882dc25876b..79f8b6b04a8e48af8154ae9a5437ec4fba56790a
100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -658,6 +658,19 @@ int sysdb_store_user(struct sss_domain_info *domain,
uint64_t cache_timeout,
time_t now);
+int sysdb_store_user_tolerate_uid_zero(struct sss_domain_info *domain,
+ const char *name,
+ const char *pwd,
+ uid_t uid, gid_t gid,
+ const char *gecos,
+ const char *homedir,
+ const char *shell,
+ const char *orig_dn,
+ struct sysdb_attrs *attrs,
+ char **remove_attrs,
+ uint64_t cache_timeout,
+ time_t now);
I'm not really thrilled about the naming conventions. What if the
function was named sysdb_store_nonposix_user() and explicitly added or
set the SYSDB_UIDNUM attribute to 0?
There should also be a unit test along with the new function.
+
int sysdb_store_group(struct sss_domain_info *domain,
const char *name,
gid_t gid,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index
4d31cb6a0e83370a2c49a666f9474d93baf430b0..8a3d5094d7f29248b7a64093bee95534e655db1d
100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -1246,16 +1246,17 @@ done:
/* =Add-User-Function===================================================== */
-int sysdb_add_user(struct sss_domain_info *domain,
- const char *name,
- uid_t uid, gid_t gid,
- const char *gecos,
- const char *homedir,
- const char *shell,
- const char *orig_dn,
- struct sysdb_attrs *attrs,
- int cache_timeout,
- time_t now)
+static int sysdb_add_user_impl(struct sss_domain_info *domain,
What does the _impl suffix mean?
+ const char *name,
+ uid_t uid, gid_t gid,
+ const char *gecos,
+ const char *homedir,
+ const char *shell,
+ const char *orig_dn,
+ struct sysdb_attrs *attrs,
+ int cache_timeout,
+ time_t now,
+ bool tolererate_uid_zero)
Again, I think we should have a common naming, in both patches and I'd
like to propose POSIX/non-POSIX.
From 21d66ed6b303837c050fb5f185686abe74265af9 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <[email protected]>
Date: Thu, 22 May 2014 10:53:15 +0100
Subject: [PATCH 2/2] LDAP: save non-posix users with ID-mapping off
Save such users into sysdb with UID and GID set to 0.
Also set isPosix attribute to FALSE.
Resolves:
https://fedorahosted.org/sssd/ticket/2117
---
src/providers/ldap/ldap_id.c | 10 ++++-----
src/providers/ldap/sdap_async_users.c | 41 +++++++++++++++++++++++++----------
2 files changed, 35 insertions(+), 16 deletions(-)
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index
c788b6bdd6235f5b940d99382b115a2534dbb1d9..10b7a491472aa56540dba34d0ef6303f5cab910b
100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -197,14 +197,14 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
ctx->opts->user_map[SDAP_AT_USER_NAME].name,
ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name);
} else {
- /* When not ID-mapping, make sure there is a non-NULL UID */
+ /* When not ID-mapping, do not require UID attribute to be present and
+ * if present do not constrain allowed value
+ */
state->filter = talloc_asprintf(state,
-
"(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))",
+ "(&(%s=%s)(objectclass=%s)(%s=*))",
attr_name, clean_name,
ctx->opts->user_map[SDAP_OC_USER].name,
-
ctx->opts->user_map[SDAP_AT_USER_NAME].name,
-
ctx->opts->user_map[SDAP_AT_USER_UID].name,
-
ctx->opts->user_map[SDAP_AT_USER_UID].name);
+
ctx->opts->user_map[SDAP_AT_USER_NAME].name);
I think this change made the filter a bit too relaxed. I think the
proper change would be to allow only entries that don't have a UID but
have a SID. Something like (untested, but I hope it illustrates the idea):
(|(&(uidNumber=*)(!(uidNumber=0)))(objectSID=*))
Ideally there would be a unit test that would save a basic POSIX user, a
basic non-POSIX user and a POSIX user with uidNumber=0. But I'm not sure
how easy this would be, our dependencies in the LDAP provider did not
have the best granularity. If it was easy to write this unit test, I
would prefer it.
}
talloc_zfree(clean_name);
diff --git a/src/providers/ldap/sdap_async_users.c
b/src/providers/ldap/sdap_async_users.c
index
be0536ef3c3ffaf398c4f2d3e85094d4deb7bd81..ccc4fca06e1bf3cc12fb579935022c3fa7a65b10
100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -142,6 +142,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
char *sid_str;
char *dom_sid_str = NULL;
struct sss_domain_info *subdomain;
+ bool is_fake_user = false;
I would prefer to use is_posix here. I realize I told you the term 'fake
user' myself, but we had used it with a special meaning in the past --
the 'fake' user not only had no UID, but was also marked as expired and
only present in the cache until the next request. Kindof like the ghost
users we have now.
DEBUG(SSSDBG_TRACE_FUNC, "Save user\n");
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Hello,
please see attached patch set hopefully addressing all comments above.
Please be aware that following setting may be necessary when using LDAP
provider
For IPA schema:
ldap_user_objectsid = ipaNTSecurityIdentifier
For AD schema:
ldap_user_objectsid = objectSID
AD case should be covered when Michal's patches gets pushed (LDAP:
Change defaults for ldap_user/group_objectsid).
Thanks!
>From 51138d473f6a87d15fa42de650eab17c4744dedf Mon Sep 17 00:00:00 2001
From: Pavel Reichl <[email protected]>
Date: Thu, 22 May 2014 10:37:57 +0100
Subject: [PATCH 1/3] SYSDB: enable storing users with uid 0
Store users with uid 0 if explicitly asked to.
Resolves:
https://fedorahosted.org/sssd/ticket/2117
---
src/db/sysdb.h | 42 +++++++++++++-------
src/db/sysdb_ops.c | 72 +++++++++++++++++++++++++++--------
src/providers/ipa/ipa_s2n_exop.c | 13 ++++---
src/providers/ldap/sdap_async_users.c | 6 +--
src/providers/proxy/proxy_id.c | 26 ++++++-------
src/responder/pac/pacsrv_cmd.c | 15 ++++----
src/tests/cmocka/test_nss_srv.c | 30 +++++++--------
src/tests/simple_access-tests.c | 6 +--
src/tests/sysdb-tests.c | 47 ++++++++++++-----------
src/tools/sss_seed.c | 2 +-
src/tools/sss_sync_ops.c | 2 +-
11 files changed, 160 insertions(+), 101 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 2c5e8316f6c967233cf1d6f9ea8a171f1dffd649..cbc7fc58752d1f4382054628bf543183dd810875 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -609,6 +609,7 @@ int sysdb_add_basic_user(struct sss_domain_info *domain,
const char *shell);
/* Add user (all checks) */
+enum user_type {POSIX_USER, NON_POSIX_USER};
int sysdb_add_user(struct sss_domain_info *domain,
const char *name,
uid_t uid, gid_t gid,
@@ -618,7 +619,8 @@ int sysdb_add_user(struct sss_domain_info *domain,
const char *orig_dn,
struct sysdb_attrs *attrs,
int cache_timeout,
- time_t now);
+ time_t now,
+ enum user_type utype);
/* Add group (only basic attrs and w/o checks) */
int sysdb_add_basic_group(struct sss_domain_info *domain,
@@ -657,18 +659,32 @@ int sysdb_mod_group_member(struct sss_domain_info *domain,
struct ldb_dn *group_dn,
int mod_op);
-int sysdb_store_user(struct sss_domain_info *domain,
- const char *name,
- const char *pwd,
- uid_t uid, gid_t gid,
- const char *gecos,
- const char *homedir,
- const char *shell,
- const char *orig_dn,
- struct sysdb_attrs *attrs,
- char **remove_attrs,
- uint64_t cache_timeout,
- time_t now);
+int sysdb_store_posix_user(struct sss_domain_info *domain,
+ const char *name,
+ const char *pwd,
+ uid_t uid, gid_t gid,
+ const char *gecos,
+ const char *homedir,
+ const char *shell,
+ const char *orig_dn,
+ struct sysdb_attrs *attrs,
+ char **remove_attrs,
+ uint64_t cache_timeout,
+ time_t now);
+
+int
+sysdb_store_non_posix_user(struct sss_domain_info *domain,
+ const char *name,
+ const char *pwd,
+ uid_t uid, gid_t gid,
+ const char *gecos,
+ const char *homedir,
+ const char *shell,
+ const char *orig_dn,
+ struct sysdb_attrs *attrs,
+ char **remove_attrs,
+ uint64_t cache_timeout,
+ time_t now);
int sysdb_store_group(struct sss_domain_info *domain,
const char *name,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 1d51119d769d069574a269ebd9d61fb1d8c46c6f..f24a047146cdc65ca878e2d49da0f94ceb3c5940 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -1260,7 +1260,8 @@ int sysdb_add_user(struct sss_domain_info *domain,
const char *orig_dn,
struct sysdb_attrs *attrs,
int cache_timeout,
- time_t now)
+ time_t now,
+ enum user_type utype)
{
TALLOC_CTX *tmp_ctx;
struct ldb_message *msg;
@@ -1331,7 +1332,7 @@ int sysdb_add_user(struct sss_domain_info *domain,
ret = sysdb_add_basic_user(domain, name, uid, gid, gecos, homedir, shell);
if (ret) goto done;
- if (uid == 0) {
+ if (uid == 0 && utype == POSIX_USER) {
ret = sysdb_get_new_id(domain, &id);
if (ret) goto done;
@@ -1837,18 +1838,19 @@ done:
/* if one of the basic attributes is empty ("") as opposed to NULL,
* this will just remove it */
-int sysdb_store_user(struct sss_domain_info *domain,
- const char *name,
- const char *pwd,
- uid_t uid, gid_t gid,
- const char *gecos,
- const char *homedir,
- const char *shell,
- const char *orig_dn,
- struct sysdb_attrs *attrs,
- char **remove_attrs,
- uint64_t cache_timeout,
- time_t now)
+static int sysdb_store_user(struct sss_domain_info *domain,
+ const char *name,
+ const char *pwd,
+ uid_t uid, gid_t gid,
+ const char *gecos,
+ const char *homedir,
+ const char *shell,
+ const char *orig_dn,
+ struct sysdb_attrs *attrs,
+ char **remove_attrs,
+ uint64_t cache_timeout,
+ time_t now,
+ enum user_type utype)
{
TALLOC_CTX *tmp_ctx;
struct ldb_message *msg;
@@ -1895,7 +1897,8 @@ int sysdb_store_user(struct sss_domain_info *domain,
if (ret == ENOENT) {
/* users doesn't exist, turn into adding a user */
ret = sysdb_add_user(domain, name, uid, gid, gecos, homedir,
- shell, orig_dn, attrs, cache_timeout, now);
+ shell, orig_dn, attrs, cache_timeout, now,
+ utype);
if (ret == EEXIST) {
/* This may be a user rename. If there is a user with the
* same UID, remove it and try to add the basic user again
@@ -1914,7 +1917,8 @@ int sysdb_store_user(struct sss_domain_info *domain,
"A user with the same UID [%llu] was removed from the "
"cache\n", (unsigned long long) uid);
ret = sysdb_add_user(domain, name, uid, gid, gecos, homedir,
- shell, orig_dn, attrs, cache_timeout, now);
+ shell, orig_dn, attrs, cache_timeout,
+ now, utype);
}
/* Handle the result of sysdb_add_user */
@@ -2002,6 +2006,42 @@ fail:
return ret;
}
+int sysdb_store_posix_user(struct sss_domain_info *domain,
+ const char *name,
+ const char *pwd,
+ uid_t uid, gid_t gid,
+ const char *gecos,
+ const char *homedir,
+ const char *shell,
+ const char *orig_dn,
+ struct sysdb_attrs *attrs,
+ char **remove_attrs,
+ uint64_t cache_timeout,
+ time_t now)
+{
+ return sysdb_store_user(domain, name, pwd, uid, gid, gecos, homedir,
+ shell, orig_dn, attrs, remove_attrs,
+ cache_timeout, now, POSIX_USER);
+}
+
+int sysdb_store_non_posix_user(struct sss_domain_info *domain,
+ const char *name,
+ const char *pwd,
+ uid_t uid, gid_t gid,
+ const char *gecos,
+ const char *homedir,
+ const char *shell,
+ const char *orig_dn,
+ struct sysdb_attrs *attrs,
+ char **remove_attrs,
+ uint64_t cache_timeout,
+ time_t now)
+{
+ return sysdb_store_user(domain, name, pwd, uid, gid, gecos, homedir,
+ shell, orig_dn, attrs, remove_attrs,
+ cache_timeout, now, NON_POSIX_USER);
+}
+
/* =Store-Group-(Native/Legacy)-(replaces-existing-data)================== */
/* this function does not check that all user members are actually present */
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index 76494a031904c39134de81cc141d333b73dca401..576356a756cfb9bea0328dcec30e6d165329a239 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -1514,12 +1514,13 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
gid = attrs->a.user.pw_gid;
}
- ret = sysdb_store_user(dom, name, NULL,
- attrs->a.user.pw_uid,
- gid, attrs->a.user.pw_gecos,
- attrs->a.user.pw_dir, attrs->a.user.pw_shell,
- NULL, attrs->sysdb_attrs, NULL,
- timeout, now);
+ ret = sysdb_store_posix_user(dom, name, NULL,
+ attrs->a.user.pw_uid,
+ gid, attrs->a.user.pw_gecos,
+ attrs->a.user.pw_dir,
+ attrs->a.user.pw_shell,
+ NULL, attrs->sysdb_attrs, NULL,
+ timeout, now);
break;
case RESP_GROUP:
case RESP_GROUP_MEMBERS:
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index 2331ba9df90cdbf8fdb9ae85bd97485b0bcf8bb2..9dcebc975c1a380ab73f2c528253158b17a0cfda 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -483,9 +483,9 @@ int sdap_save_user(TALLOC_CTX *memctx,
DEBUG(SSSDBG_TRACE_FUNC, "Storing info for user %s\n", user_name);
- ret = sysdb_store_user(dom, user_name, pwd, uid, gid,
- gecos, homedir, shell, orig_dn,
- user_attrs, missing, cache_timeout, now);
+ ret = sysdb_store_posix_user(dom, user_name, pwd, uid, gid,
+ gecos, homedir, shell, orig_dn,
+ user_attrs, missing, cache_timeout, now);
if (ret) goto done;
if (_usn_value) {
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
index d867ec45f633fb5869f5658e0ac1b54bcbab8369..3309da2b7665dbde2475e75ba7ae202dadb4d8b7 100644
--- a/src/providers/proxy/proxy_id.c
+++ b/src/providers/proxy/proxy_id.c
@@ -267,19 +267,19 @@ static int save_user(struct sss_domain_info *domain,
}
}
- ret = sysdb_store_user(domain,
- real_name,
- pwd->pw_passwd,
- pwd->pw_uid,
- pwd->pw_gid,
- gecos,
- pwd->pw_dir,
- shell,
- NULL,
- attrs,
- NULL,
- cache_timeout,
- 0);
+ ret = sysdb_store_posix_user(domain,
+ real_name,
+ pwd->pw_passwd,
+ pwd->pw_uid,
+ pwd->pw_gid,
+ gecos,
+ pwd->pw_dir,
+ shell,
+ NULL,
+ attrs,
+ NULL,
+ cache_timeout,
+ 0);
talloc_zfree(attrs);
if (ret) {
DEBUG(SSSDBG_OP_FAILURE, "Could not add user to cache\n");
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index 9bd7e19e2eb3b3d15bd53034ab1c8e8f1322de07..dffeac4b6bc0888be5c04b2ddc1162007b7000df 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -589,14 +589,15 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx)
goto done;
}
- ret = sysdb_store_user(pr_ctx->dom, pwd->pw_name, NULL,
- pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos,
- pwd->pw_dir,
- pwd->pw_shell, NULL, user_attrs, NULL,
- pr_ctx->dom->user_timeout, 0);
+ ret = sysdb_store_posix_user(pr_ctx->dom, pwd->pw_name, NULL,
+ pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos,
+ pwd->pw_dir,
+ pwd->pw_shell, NULL, user_attrs, NULL,
+ pr_ctx->dom->user_timeout, 0);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, "sysdb_store_user failed [%d][%s].\n",
- ret, strerror(ret));
+ DEBUG(SSSDBG_OP_FAILURE,
+ "sysdb_store_posix_user failed [%d][%s].\n",
+ ret, strerror(ret));
goto done;
}
} else if (ret != EOK && ret != ENOENT) {
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 644468dbbbbef99f293e3556df6304327be57edd..bfb0c9d2f7bb804713885a4fdf225e60fb3e15ee 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -318,7 +318,7 @@ void test_nss_getpwnam(void **state)
ret = sysdb_add_user(nss_test_ctx->tctx->dom,
"testuser", 123, 456, "test user",
"/home/testuser", "/bin/sh", NULL,
- NULL, 300, 0);
+ NULL, 300, 0, POSIX_USER);
assert_int_equal(ret, EOK);
mock_input_user_or_group("testuser");
@@ -383,7 +383,7 @@ static int test_nss_getpwnam_search_acct_cb(void *pvt)
ret = sysdb_add_user(ctx->tctx->dom,
"testuser_search", 567, 890, "test search",
"/home/testsearch", "/bin/sh", NULL,
- NULL, 300, 0);
+ NULL, 300, 0, POSIX_USER);
assert_int_equal(ret, EOK);
return EOK;
@@ -448,7 +448,7 @@ static int test_nss_getpwnam_update_acct_cb(void *pvt)
errno_t ret;
struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx);
- ret = sysdb_store_user(ctx->tctx->dom,
+ ret = sysdb_store_posix_user(ctx->tctx->dom,
"testuser_update", NULL, 10, 11, "test user",
"/home/testuser", "/bin/ksh", NULL,
NULL, NULL, 300, 0);
@@ -485,7 +485,7 @@ void test_nss_getpwnam_update(void **state)
ret = sysdb_add_user(nss_test_ctx->tctx->dom,
"testuser_update", 10, 11, "test user",
"/home/testuser", "/bin/sh", NULL,
- NULL, 1, 1);
+ NULL, 1, 1, POSIX_USER);
assert_int_equal(ret, EOK);
/* Mock client input */
@@ -549,7 +549,7 @@ void test_nss_getpwnam_fqdn(void **state)
ret = sysdb_add_user(nss_test_ctx->tctx->dom,
"testuser_fqdn", 124, 457, "test user",
"/home/testuser", "/bin/sh", NULL,
- NULL, 300, 0);
+ NULL, 300, 0, POSIX_USER);
assert_int_equal(ret, EOK);
mock_input_user_or_group("testuser_fqdn@"TEST_DOM_NAME);
@@ -596,7 +596,7 @@ void test_nss_getpwnam_space(void **state)
ret = sysdb_add_user(nss_test_ctx->tctx->dom,
"space user", 225, 558, "space user",
"/home/testuser", "/bin/sh", NULL,
- NULL, 300, 0);
+ NULL, 300, 0, POSIX_USER);
assert_int_equal(ret, EOK);
mock_input_user_or_group("space user");
@@ -711,7 +711,7 @@ void test_nss_getpwnam_fqdn_fancy(void **state)
ret = sysdb_add_user(nss_test_ctx->tctx->dom,
"testuser_fqdn_fancy", 125, 458, "test user",
"/home/testuser", "/bin/sh", NULL,
- NULL, 300, 0);
+ NULL, 300, 0, POSIX_USER);
assert_int_equal(ret, EOK);
mock_input_user_or_group("testuser_fqdn_fancy@"TEST_DOM_NAME);
@@ -760,7 +760,7 @@ void test_nss_getpwuid(void **state)
ret = sysdb_add_user(nss_test_ctx->tctx->dom,
"testuser1", 101, 401, "test user1",
"/home/testuser1", "/bin/sh", NULL,
- NULL, 300, 0);
+ NULL, 300, 0, POSIX_USER);
assert_int_equal(ret, EOK);
uint32_t id = 101;
@@ -827,7 +827,7 @@ static int test_nss_getpwuid_search_acct_cb(void *pvt)
ret = sysdb_add_user(ctx->tctx->dom,
"exampleuser_search", 107, 987, "example search",
"/home/examplesearch", "/bin/sh", NULL,
- NULL, 300, 0);
+ NULL, 300, 0, POSIX_USER);
assert_int_equal(ret, EOK);
return EOK;
@@ -893,7 +893,7 @@ static int test_nss_getpwuid_update_acct_cb(void *pvt)
errno_t ret;
struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx);
- ret = sysdb_store_user(ctx->tctx->dom,
+ ret = sysdb_store_posix_user(ctx->tctx->dom,
"exampleuser_update", NULL, 109, 11000, "example user",
"/home/exampleuser", "/bin/ksh", NULL,
NULL, NULL, 300, 0);
@@ -930,7 +930,7 @@ void test_nss_getpwuid_update(void **state)
ret = sysdb_add_user(nss_test_ctx->tctx->dom,
"exampleuser_update", 109, 11000, "example user",
"/home/exampleuser", "/bin/sh", NULL,
- NULL, 1, 1);
+ NULL, 1, 1, POSIX_USER);
assert_int_equal(ret, EOK);
/* Mock client input */
@@ -1116,13 +1116,13 @@ void test_nss_getgrnam_members(void **state)
ret = sysdb_add_user(nss_test_ctx->tctx->dom,
"testmember1", 2001, 456, "test member1",
"/home/testmember2", "/bin/sh", NULL,
- NULL, 300, 0);
+ NULL, 300, 0, POSIX_USER);
assert_int_equal(ret, EOK);
ret = sysdb_add_user(nss_test_ctx->tctx->dom,
"testmember2", 2002, 456, "test member2",
"/home/testmember2", "/bin/sh", NULL,
- NULL, 300, 0);
+ NULL, 300, 0, POSIX_USER);
assert_int_equal(ret, EOK);
ret = sysdb_add_group_member(nss_test_ctx->tctx->dom,
@@ -1251,14 +1251,14 @@ void test_nss_getgrnam_members_subdom(void **state)
"submember1@"TEST_SUBDOM_NAME,
4001, 456, "test subdomain member1",
"/home/submember1", "/bin/sh", NULL,
- NULL, 300, 0);
+ NULL, 300, 0, POSIX_USER);
assert_int_equal(ret, EOK);
ret = sysdb_add_user(nss_test_ctx->subdom,
"submember2@"TEST_SUBDOM_NAME,
2002, 456, "test subdomain member2",
"/home/submember2", "/bin/sh", NULL,
- NULL, 300, 0);
+ NULL, 300, 0, POSIX_USER);
assert_int_equal(ret, EOK);
ret = sysdb_add_group_member(nss_test_ctx->subdom,
diff --git a/src/tests/simple_access-tests.c b/src/tests/simple_access-tests.c
index 5c74eb85f80cbeee8cff456c08d9012babb9a9db..6212d7eba1aa15bb3ad581c5d8785a858bc548ee 100644
--- a/src/tests/simple_access-tests.c
+++ b/src/tests/simple_access-tests.c
@@ -164,17 +164,17 @@ void setup_simple_group(void)
ret = sysdb_add_group(test_ctx->ctx->domain, "pvt", 999, NULL, 0, 0);
fail_if(ret != EOK, "Could not add private group %s", strerror(ret));
- ret = sysdb_store_user(test_ctx->ctx->domain,
+ ret = sysdb_store_posix_user(test_ctx->ctx->domain,
"u1", NULL, 123, 999, "u1", "/home/u1",
"/bin/bash", NULL, NULL, NULL, -1, 0);
fail_if(ret != EOK, "Could not add u1");
- ret = sysdb_store_user(test_ctx->ctx->domain,
+ ret = sysdb_store_posix_user(test_ctx->ctx->domain,
"u2", NULL, 456, 999, "u1", "/home/u1",
"/bin/bash", NULL, NULL, NULL, -1, 0);
fail_if(ret != EOK, "Could not add u2");
- ret = sysdb_store_user(test_ctx->ctx->domain,
+ ret = sysdb_store_posix_user(test_ctx->ctx->domain,
"u3", NULL, 789, 999, "u1", "/home/u1",
"/bin/bash", NULL, NULL, NULL, -1, 0);
fail_if(ret != EOK, "Could not add u3");
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index c25115697b246ca6bdb905bb233599b5e184c321..981ecdf3fd9097a04b021433c149675c0a1d9334 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -195,7 +195,7 @@ static int test_add_user(struct test_data *data)
ret = sysdb_add_user(data->ctx->domain, data->username,
data->uid, 0, gecos, homedir, "/bin/bash",
- NULL, NULL, 0, 0);
+ NULL, NULL, 0, 0, POSIX_USER);
return ret;
}
@@ -208,7 +208,7 @@ static int test_store_user(struct test_data *data)
homedir = talloc_asprintf(data, "/home/testuser%d", data->uid);
gecos = talloc_asprintf(data, "Test User %d", data->uid);
- ret = sysdb_store_user(data->ctx->domain,
+ ret = sysdb_store_posix_user(data->ctx->domain,
data->username, "x",
data->uid, 0, gecos, homedir,
data->shell ? data->shell : "/bin/bash",
@@ -548,7 +548,7 @@ START_TEST (test_sysdb_user_new_id)
ret = sysdb_add_user(test_ctx->domain, username,
0, 0, username, "/", "/bin/bash",
- NULL, attrs, 0, 0);
+ NULL, attrs, 0, 0, POSIX_USER);
fail_if(ret != EOK, "Could not store user %s", username);
ret = sysdb_search_user_by_name(test_ctx,
@@ -568,7 +568,7 @@ START_TEST (test_sysdb_user_new_id)
}
END_TEST
-START_TEST (test_sysdb_store_user)
+START_TEST (test_sysdb_store_posix_user)
{
struct sysdb_test_ctx *test_ctx;
struct test_data *data;
@@ -595,7 +595,7 @@ START_TEST (test_sysdb_store_user)
}
END_TEST
-START_TEST (test_sysdb_store_user_existing)
+START_TEST (test_sysdb_store_posix_user_existing)
{
struct sysdb_test_ctx *test_ctx;
struct test_data *data;
@@ -1326,10 +1326,10 @@ START_TEST (test_sysdb_get_user_attr_subdomain)
fq_name = sss_tc_fqname(test_ctx, subdomain->names, subdomain, username);
fail_if(fq_name == NULL, "Failed to create fq name.");
- ret = sysdb_store_user(subdomain, fq_name, NULL, 12345, 0, "Gecos",
+ ret = sysdb_store_posix_user(subdomain, fq_name, NULL, 12345, 0, "Gecos",
"/home/userhome", "/bin/bash", NULL, NULL, NULL,
-1, 0);
- fail_if(ret != EOK, "sysdb_store_user failed.");
+ fail_if(ret != EOK, "sysdb_store_posix_user failed.");
/* Test */
ret = sysdb_get_user_attr(test_ctx, subdomain, username,
@@ -3525,11 +3525,11 @@ START_TEST(test_sysdb_get_real_name)
ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, "foo@bar");
fail_unless(ret == EOK, "sysdb_attrs_add_string failed.");
- ret = sysdb_store_user(test_ctx->domain, "RealName",
+ ret = sysdb_store_posix_user(test_ctx->domain, "RealName",
NULL, 22345, 0, "gecos",
"/home/realname", "/bin/bash",
NULL, user_attrs, NULL, -1, 0);
- fail_unless(ret == EOK, "sysdb_store_user failed.");
+ fail_unless(ret == EOK, "sysdb_store_posix_user failed.");
/* Get real, uncanonicalized name as string */
ret = sysdb_get_real_name(test_ctx, test_ctx->domain, "alias", &str);
@@ -3631,7 +3631,7 @@ START_TEST(test_user_rename)
fail_unless(ret == EOK, "Could not set up the test");
/* Store and verify the first user */
- ret = sysdb_store_user(test_ctx->domain,
+ ret = sysdb_store_posix_user(test_ctx->domain,
fromname, NULL, userid, 0,
fromname, "/", "/bin/sh",
NULL, NULL, NULL, 0, 0);
@@ -3655,10 +3655,11 @@ START_TEST(test_user_rename)
/* Perform rename and check that GID is the same, but name changed */
ret = sysdb_add_user(test_ctx->domain, toname, userid, 0,
- fromname, "/", "/bin/sh", NULL, NULL, 0, 0);
+ fromname, "/", "/bin/sh", NULL, NULL, 0, 0,
+ POSIX_USER);
fail_unless(ret == EEXIST, "A second user added with low level call?");
- ret = sysdb_store_user(test_ctx->domain, toname, NULL,
+ ret = sysdb_store_posix_user(test_ctx->domain, toname, NULL,
userid, 0, fromname, "/", "/bin/sh",
NULL, NULL, NULL, 0, 0);
fail_unless(ret == EOK, "Could not add second user");
@@ -4078,7 +4079,7 @@ START_TEST(test_odd_characters)
10000, 0,
"","","",
odd_username_orig_dn,
- NULL, 5400, 0);
+ NULL, 5400, 0, POSIX_USER);
fail_unless(ret == EOK, "sysdb_add_user error [%d][%s]",
ret, strerror(ret));
@@ -4913,7 +4914,7 @@ START_TEST(test_sysdb_search_sid_str)
ret = sysdb_add_user(test_ctx->domain, "SIDuser",
12345, 0, "SID user", "/home/siduser", "/bin/bash",
- NULL, attrs, 0, 0);
+ NULL, attrs, 0, 0, POSIX_USER);
fail_unless(ret == EOK, "sysdb_add_user failed with [%d][%s].",
ret, strerror(ret));
@@ -5013,13 +5014,13 @@ START_TEST(test_sysdb_subdomain_store_user)
fail_unless(user_attrs != NULL, "sysdb_new_attrs failed");
ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, "subdomuser");
- fail_unless(ret == EOK, "sysdb_store_user failed.");
+ fail_unless(ret == EOK, "sysdb_store_posix_user failed.");
- ret = sysdb_store_user(subdomain, "SubDomUser",
+ ret = sysdb_store_posix_user(subdomain, "SubDomUser",
NULL, 12345, 0, "Sub Domain User",
"/home/subdomuser", "/bin/bash",
NULL, user_attrs, NULL, -1, 0);
- fail_unless(ret == EOK, "sysdb_store_user failed.");
+ fail_unless(ret == EOK, "sysdb_store_posix_user failed.");
base_dn =ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, "cn=sysdb");
fail_unless(base_dn != NULL);
@@ -5080,7 +5081,7 @@ START_TEST(test_sysdb_subdomain_user_ops)
fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]",
ret, strerror(ret));
- ret = sysdb_store_user(subdomain, "subdomuser",
+ ret = sysdb_store_posix_user(subdomain, "subdomuser",
NULL, 12345, 0, "Sub Domain User",
"/home/subdomuser", "/bin/bash",
NULL, NULL, NULL, -1, 0);
@@ -5505,7 +5506,7 @@ START_TEST(test_upn_basic)
ret = sysdb_attrs_add_string(attrs, SYSDB_CANONICAL_UPN, UPN_CANON_PRINC);
fail_unless(ret == EOK, "sysdb_attrs_add_string failed.");
- ret = sysdb_store_user(test_ctx->domain,
+ ret = sysdb_store_posix_user(test_ctx->domain,
UPN_USER_NAME, "x",
12345, 0, "UPN USER", "/home/upn_user",
"/bin/bash", NULL,
@@ -5662,7 +5663,7 @@ START_TEST(test_upn_dup)
ret = sysdb_attrs_add_string(attrs, SYSDB_UPN, UPN_CANON_PRINC);
fail_unless(ret == EOK, "sysdb_attrs_add_string failed.");
- ret = sysdb_store_user(test_ctx->domain,
+ ret = sysdb_store_posix_user(test_ctx->domain,
UPN_USER_NAME"_dup", "x",
23456, 0, "UPN USER DUP", "/home/upn_user_dup",
"/bin/bash", NULL,
@@ -5866,8 +5867,8 @@ Suite *create_sysdb_suite(void)
/* sysdb_group_dn_name returns the name of the group in question */
tcase_add_loop_test(tc_sysdb, test_sysdb_group_dn_name, 28000, 28010);
- /* sysdb_store_user allows setting attributes for existing users */
- tcase_add_loop_test(tc_sysdb, test_sysdb_store_user_existing, 27000, 27010);
+ /* sysdb_store_posix_user allows setting attributes for existing users */
+ tcase_add_loop_test(tc_sysdb, test_sysdb_store_posix_user_existing, 27000, 27010);
/* test the change */
tcase_add_loop_test(tc_sysdb, test_sysdb_get_user_attr, 27000, 27010);
@@ -5882,7 +5883,7 @@ Suite *create_sysdb_suite(void)
tcase_add_loop_test(tc_sysdb, test_sysdb_remove_local_user_by_uid, 27000, 27010);
/* Create a new user */
- tcase_add_loop_test(tc_sysdb, test_sysdb_store_user, 27010, 27020);
+ tcase_add_loop_test(tc_sysdb, test_sysdb_store_posix_user, 27010, 27020);
/* Verify the users were added */
tcase_add_loop_test(tc_sysdb, test_sysdb_getpwnam, 27010, 27020);
diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c
index 0f8a76a61cb2a029015416a59d235a1c5d49deca..15909520ba188e44a489522123b176fb9d93bcbd 100644
--- a/src/tools/sss_seed.c
+++ b/src/tools/sss_seed.c
@@ -742,7 +742,7 @@ static int seed_cache_user(struct seed_ctx *sctx)
ret = sysdb_add_user(sctx->domain, sctx->uctx->name,
sctx->uctx->uid, sctx->uctx->gid,
sctx->uctx->gecos, sctx->uctx->home,
- sctx->uctx->shell, NULL, NULL, 0, 0);
+ sctx->uctx->shell, NULL, NULL, 0, 0, POSIX_USER);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
"Failed to add user to the cache. (%d)[%s]\n",
diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c
index fd401cb4da491b1d996178312d5ff69d3a461bfc..099ab40411b86b20efa36abfeb65a7302f084689 100644
--- a/src/tools/sss_sync_ops.c
+++ b/src/tools/sss_sync_ops.c
@@ -573,7 +573,7 @@ int useradd(TALLOC_CTX *mem_ctx,
ret = sysdb_add_user(data->domain, data->name, data->uid, data->gid,
data->gecos, data->home, data->shell,
- NULL, NULL, 0, 0);
+ NULL, NULL, 0, 0, POSIX_USER);
if (ret) {
goto done;
}
--
1.9.3
>From eba10df42024e3bc0507d3d22e08b8bc9b2c84a0 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <[email protected]>
Date: Thu, 22 May 2014 10:53:15 +0100
Subject: [PATCH 2/3] LDAP: save non-posix users with ID-mapping off
Save such users into sysdb with UID and GID set to 0.
Also set isPosix attribute to FALSE.
Resolves:
https://fedorahosted.org/sssd/ticket/2117
---
src/providers/ldap/ldap_id.c | 22 ++++++++------
src/providers/ldap/sdap_async_users.c | 54 ++++++++++++++++++++++++-----------
2 files changed, 51 insertions(+), 25 deletions(-)
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index e8b3a0e1e1dce6e0c8a9b21aa7c6299108dad24d..e132a1ed28e8f002ab21802cde109d4a833d65ea 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -202,14 +202,20 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
ctx->opts->user_map[SDAP_AT_USER_NAME].name,
ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name);
} else {
- /* When not ID-mapping, make sure there is a non-NULL UID */
- state->filter = talloc_asprintf(state,
- "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))",
- attr_name, clean_name,
- ctx->opts->user_map[SDAP_OC_USER].name,
- ctx->opts->user_map[SDAP_AT_USER_NAME].name,
- ctx->opts->user_map[SDAP_AT_USER_UID].name,
- ctx->opts->user_map[SDAP_AT_USER_UID].name);
+ /* When not ID-mapping, at least one of following conditions must be
+ * satisfied:
+ * 1) UID attribute is present and is not null
+ * 2) SID attribute is present
+ */
+ state->filter = talloc_asprintf(
+ state,
+ "(&(%s=%s)(objectclass=%s)(%s=*)(|(&(%s=*)(!(%s=0)))(%s=*)))",
+ attr_name, clean_name,
+ ctx->opts->user_map[SDAP_OC_USER].name,
+ ctx->opts->user_map[SDAP_AT_USER_NAME].name,
+ ctx->opts->user_map[SDAP_AT_USER_UID].name,
+ ctx->opts->user_map[SDAP_AT_USER_UID].name,
+ ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name);
}
talloc_zfree(clean_name);
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index 9dcebc975c1a380ab73f2c528253158b17a0cfda..305eeb51d910223fcb2971474c82d31bfc2b2888 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -142,6 +142,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
char *sid_str;
char *dom_sid_str = NULL;
struct sss_domain_info *subdomain;
+ enum user_type utype = POSIX_USER;
DEBUG(SSSDBG_TRACE_FUNC, "Save user\n");
@@ -282,18 +283,19 @@ int sdap_save_user(TALLOC_CTX *memctx,
opts->user_map[SDAP_AT_USER_UID].sys_name,
&uid);
if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "no uid provided for [%s] in domain [%s].\n",
- user_name, dom->name);
- ret = EINVAL;
- goto done;
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "no uid provided for [%s] in domain [%s] - "
+ "non-POSIX user.\n",
+ user_name, dom->name);
+ utype = NON_POSIX_USER;
}
}
/* check that the uid is valid for this domain */
- if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) {
- DEBUG(SSSDBG_OP_FAILURE,
- "User [%s] filtered out! (uid out of range)\n",
- user_name);
+ if (utype == POSIX_USER &&
+ OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "User [%s] filtered out! (uid out of range)\n",
+ user_name);
ret = EINVAL;
goto done;
}
@@ -331,10 +333,11 @@ int sdap_save_user(TALLOC_CTX *memctx,
*/
ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid);
if (ret != EOK) goto done;
+ } else if (utype == NON_POSIX_USER) {
+ gid = 0;
} else {
- ret = sysdb_attrs_get_uint32_t(attrs,
- opts->user_map[SDAP_AT_USER_GID].sys_name,
- &gid);
+ ret = sysdb_attrs_get_uint32_t(
+ attrs, opts->user_map[SDAP_AT_USER_GID].sys_name, &gid);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"no gid provided for [%s] in domain [%s].\n",
@@ -345,8 +348,8 @@ int sdap_save_user(TALLOC_CTX *memctx,
}
/* check that the gid is valid for this domain */
- if (IS_SUBDOMAIN(dom) == false &&
- OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) {
+ if (utype == POSIX_USER && IS_SUBDOMAIN(dom) == false &&
+ OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) {
DEBUG(SSSDBG_CRIT_FAILURE,
"User [%s] filtered out! (primary gid out of range)\n",
user_name);
@@ -466,6 +469,14 @@ int sdap_save_user(TALLOC_CTX *memctx,
}
}
+ if (utype == NON_POSIX_USER) {
+ ret = sysdb_attrs_add_bool(user_attrs, SYSDB_POSIX, false);
+
+ if (ret) {
+ goto done;
+ }
+ }
+
ret = sdap_save_all_names(user_name, attrs, dom, user_attrs);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save user names\n");
@@ -483,9 +494,18 @@ int sdap_save_user(TALLOC_CTX *memctx,
DEBUG(SSSDBG_TRACE_FUNC, "Storing info for user %s\n", user_name);
- ret = sysdb_store_posix_user(dom, user_name, pwd, uid, gid,
- gecos, homedir, shell, orig_dn,
- user_attrs, missing, cache_timeout, now);
+ if (utype == NON_POSIX_USER) {
+ ret = sysdb_store_non_posix_user(dom, user_name, pwd, uid, gid,
+ gecos, homedir, shell,
+ orig_dn, user_attrs, missing,
+ cache_timeout, now);
+ } else {
+ ret = sysdb_store_posix_user(dom, user_name, pwd, uid, gid,
+ gecos, homedir, shell, orig_dn,
+ user_attrs, missing, cache_timeout,
+ now);
+ }
+
if (ret) goto done;
if (_usn_value) {
--
1.9.3
>From 8af994b67bb40ed43d713f44cc5b7a19a8d57b51 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <[email protected]>
Date: Mon, 13 Oct 2014 15:22:18 +0100
Subject: [PATCH 3/3] TESTS: unit tests for storing non-posix users
Part of solution for:
https://fedorahosted.org/sssd/ticket/2117
---
src/tests/sysdb-tests.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 71 insertions(+)
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index 981ecdf3fd9097a04b021433c149675c0a1d9334..124d12687e03e9bf04e4160ce57f8532691c176a 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -5840,6 +5840,69 @@ START_TEST(test_confdb_list_all_domain_names_multi_dom)
}
END_TEST
+/* sysdb non-posix users tests */
+#define NP_TEST_SID "SID-XXX-111"
+#define NP_USERNAME "testuser_non_posix"
+
+START_TEST (test_np_sysdb_store_non_posix_user)
+{
+ struct sysdb_test_ctx *test_ctx;
+ struct sysdb_attrs *attrs;
+ int ret;
+ const char *username = NP_USERNAME;
+
+ /* Setup */
+ ret = setup_sysdb_tests(&test_ctx);
+ if (ret != EOK) {
+ fail("Could not set up the test");
+ return;
+ }
+
+ attrs = sysdb_new_attrs(test_ctx);
+ fail_if(attrs == NULL);
+
+ ret = sysdb_attrs_add_string(attrs, SYSDB_SID, NP_TEST_SID);
+ if (ret != EOK) {
+ fail("Could not create the changeset");
+ return;
+ }
+
+ ret = sysdb_store_non_posix_user(test_ctx->domain, username,
+ "x", 0, 0, "", "", "", NULL, attrs,
+ NULL, -1, 0);
+
+ fail_if(ret != EOK, "Could not store user %s", username);
+ talloc_free(test_ctx);
+}
+END_TEST
+
+START_TEST (test_np_sysdb_search_non_posix_user_by_sid)
+{
+ struct sysdb_test_ctx *test_ctx;
+ int ret;
+ const char *attrs[] = { SYSDB_NAME, NULL };
+ char *filter;
+ size_t count;
+ struct ldb_message **msgs;
+
+ /* Setup */
+ ret = setup_sysdb_tests(&test_ctx);
+ fail_if(ret != EOK, "Could not set up the test");
+
+ filter = talloc_asprintf(test_ctx,
+ "("SYSDB_SID"="NP_TEST_SID")");
+ fail_if(filter == NULL, "OOM");
+
+ ret = sysdb_search_users(test_ctx, test_ctx->domain,
+ filter, attrs, &count, &msgs);
+ talloc_free(filter);
+ fail_if(ret != EOK, "Search failed: %d", ret);
+ fail_if(count != 1, "Did not find the expected user\n");
+
+ talloc_free(test_ctx);
+}
+END_TEST
+
Suite *create_sysdb_suite(void)
{
Suite *s = suite_create("sysdb");
@@ -6224,6 +6287,14 @@ Suite *create_sysdb_suite(void)
tcase_add_test(tc_confdb, test_confdb_list_all_domain_names_multi_dom);
suite_add_tcase(s, tc_confdb);
+ /* sysdb store non-posix users */
+ TCase *tc_np = tcase_create("SYSDB non-posix users test");
+ /* Create new non-posix user */
+ tcase_add_test(tc_np, test_np_sysdb_store_non_posix_user);
+ /* Find non-posix users by his SID */
+ tcase_add_test(tc_np, test_np_sysdb_search_non_posix_user_by_sid);
+ suite_add_tcase(s, tc_np);
+
return s;
}
--
1.9.3
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel