URL: https://github.com/SSSD/sssd/pull/26
Author: celestian
 Title: #26: KRB5: Fixing FQ name of user in krb5_setup()
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/26/head:pr26
git checkout pr26
From 5880847788892a64c6e1befb93c2358a7c77335a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= <pc...@redhat.com>
Date: Mon, 19 Sep 2016 06:28:57 -0400
Subject: [PATCH 1/3] TESTS: Fixing of 'const' warnings in sbus tests

---
 src/tests/sbus_codegen_tests.c | 13 +++++++------
 src/tests/sbus_tests.c         |  4 ++--
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/tests/sbus_codegen_tests.c b/src/tests/sbus_codegen_tests.c
index 55d4657..262bfd4 100644
--- a/src/tests/sbus_codegen_tests.c
+++ b/src/tests/sbus_codegen_tests.c
@@ -634,7 +634,7 @@ static int pilot_test_server_init(struct sbus_connection *server, void *unused)
     int ret;
 
     ret = sbus_conn_register_iface(server, &pilot_iface.vtable, "/test/leela",
-                                   "Crash into the billboard");
+                                   discard_const("Crash into the billboard"));
     ck_assert_int_eq(ret, EOK);
 
     return EOK;
@@ -645,7 +645,8 @@ static int special_test_server_init(struct sbus_connection *server, void *unused
     int ret;
 
     ret = sbus_conn_register_iface(server, &special_iface.vtable,
-                                   "/test/special", "Crash into the billboard");
+                                   "/test/special",
+                                   discard_const("Crash into the billboard"));
     ck_assert_int_eq(ret, EOK);
 
     return EOK;
@@ -673,8 +674,8 @@ START_TEST(test_marshal_basic_types)
     dbus_int64_t v_int64[] = { INT64_C(-6666666666666666), INT64_C(7777777777777777) };
     dbus_uint64_t v_uint64[] = { UINT64_C(7777777777777777), INT64_C(888888888888888888) };
     double v_double[] = { 1.1, 2.2, 3.3 };
-    char *v_string[] = { "bears", "bears", "bears" };
-    char *v_object_path[] = { "/original", "/original" };
+    const char *v_string[] = { "bears", "bears", "bears" };
+    const char *v_object_path[] = { "/original", "/original" };
 
     unsigned char *arr_byte = v_byte;
     dbus_int16_t *arr_int16 = v_int16;
@@ -684,8 +685,8 @@ START_TEST(test_marshal_basic_types)
     dbus_int64_t *arr_int64 = v_int64;
     dbus_uint64_t *arr_uint64 = v_uint64;
     double *arr_double = v_double;
-    char **arr_string = v_string;
-    char **arr_object_path = v_object_path;
+    char **arr_string = discard_const(v_string);
+    char **arr_object_path = discard_const(v_object_path);
 
     int len_byte = N_ELEMENTS(v_byte);
     int len_int16 = N_ELEMENTS(v_int16);
diff --git a/src/tests/sbus_tests.c b/src/tests/sbus_tests.c
index b472659..6bf71dc 100644
--- a/src/tests/sbus_tests.c
+++ b/src/tests/sbus_tests.c
@@ -201,12 +201,12 @@ static int pilot_test_server_init(struct sbus_connection *server, void *unused)
     int ret;
 
     ret = sbus_conn_register_iface(server, &pilot_impl.vtable, "/test/leela",
-                                   "Crash into the billboard");
+                                   discard_const("Crash into the billboard"));
     ck_assert_int_eq(ret, EOK);
 
 
     ret = sbus_conn_register_iface(server, &pilot_impl.vtable, "/test/fry",
-                                   "Don't crash");
+                                   discard_const("Don't crash"));
     ck_assert_int_eq(ret, EOK);
 
     return EOK;

From 4742f4f133c90567e1523dafc208b9dcd8e87f60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= <pc...@redhat.com>
Date: Thu, 15 Sep 2016 09:54:18 -0400
Subject: [PATCH 2/3] MAKEFILE: Fixing CFLAGS in some tests

---
 Makefile.am | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Makefile.am b/Makefile.am
index f89af5a..f792ed6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1828,6 +1828,7 @@ refcount_tests_SOURCES = \
     src/tests/refcount-tests.c \
     $(NULL)
 refcount_tests_CFLAGS = \
+    $(AM_CFLAGS) \
     $(CHECK_CFLAGS)
 refcount_tests_LDADD = \
     $(SSSD_LIBS) \
@@ -1840,6 +1841,7 @@ fail_over_tests_SOURCES = \
     $(SSSD_FAILOVER_OBJ) \
     $(NULL)
 fail_over_tests_CFLAGS = \
+    $(AM_CFLAGS) \
     $(CHECK_CFLAGS)
 fail_over_tests_LDADD = \
     $(SSSD_LIBS) \
@@ -2044,6 +2046,7 @@ sbus_tests_SOURCES = \
    src/tests/common_dbus.c \
    src/tests/sbus_tests.c
 sbus_tests_CFLAGS = \
+    $(AM_CFLAGS) \
     $(CHECK_CFLAGS)
 sbus_tests_LDADD = \
     $(SSSD_INTERNAL_LTLIBS) \
@@ -2056,6 +2059,7 @@ sbus_codegen_tests_SOURCES = \
     src/tests/sbus_codegen_tests_generated.c \
     $(NULL)
 sbus_codegen_tests_CFLAGS = \
+    $(AM_CFLAGS) \
     $(CHECK_CFLAGS)
 sbus_codegen_tests_LDADD = \
     $(SSSD_INTERNAL_LTLIBS) \
@@ -2468,6 +2472,7 @@ ad_common_tests_SOURCES = \
     src/providers/ldap/sdap_async_initgroups_ad.c \
     $(NULL)
 ad_common_tests_CFLAGS = \
+    $(AM_CFLAGS) \
     $(NDR_NBT_CFLAGS) \
     $(NDR_KRB5PAC_CFLAGS) \
     $(NULL)

From 97de0785b754c12c4039871ba99f2e682aab4987 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= <pc...@redhat.com>
Date: Wed, 14 Sep 2016 09:00:06 -0400
Subject: [PATCH 3/3] KRB5: Fixing FQ name of user in krb5_setup()

This patch fixes creation of FQ username if krb5_map_user option
ise used.

Resolves:
https://fedorahosted.org/sssd/ticket/3188
---
 src/providers/krb5/krb5_auth.c        |  8 +++++++-
 src/providers/krb5/krb5_init_shared.c |  1 +
 src/providers/krb5/krb5_utils.c       | 28 +++++++++++++++++++++++++++-
 src/providers/krb5/krb5_utils.h       |  4 +++-
 src/tests/krb5_utils-tests.c          | 33 ++++++++++++++++++++-------------
 5 files changed, 58 insertions(+), 16 deletions(-)

diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index f0f2280..a5ecb24 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -207,7 +207,13 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx,
     if (ret == EOK) {
         DEBUG(SSSDBG_TRACE_FUNC, "Setting mapped name to: %s\n", mapped_name);
         kr->user = mapped_name;
-        kr->kuserok_user = mapped_name;
+
+        kr->kuserok_user = sss_output_name(kr, kr->user,
+                                           dom->case_sensitive, 0);
+        if (kr->kuserok_user == NULL) {
+            ret = ENOMEM;
+            goto done;
+        }
     } else if (ret == ENOENT) {
         DEBUG(SSSDBG_TRACE_ALL, "No mapping for: %s\n", pd->user);
         kr->user = pd->user;
diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c
index 767291c..c8fd859 100644
--- a/src/providers/krb5/krb5_init_shared.c
+++ b/src/providers/krb5/krb5_init_shared.c
@@ -94,6 +94,7 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
     ret = parse_krb5_map_user(krb5_auth_ctx,
                               dp_opt_get_cstring(krb5_auth_ctx->opts,
                                                  KRB5_MAP_USER),
+                              bectx->domain->name,
                               &krb5_auth_ctx->name_to_primary);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, "parse_krb5_map_user failed: %s:[%d]\n",
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index 0ac60da..fd5edfd 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -521,7 +521,9 @@ fill_name_to_primary_map(TALLOC_CTX *mem_ctx, char **map,
 }
 
 errno_t
-parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user,
+parse_krb5_map_user(TALLOC_CTX *mem_ctx,
+                    const char *krb5_map_user,
+                    const char *dom_name,
                     struct map_id_name_to_krb_primary **_name_to_primary)
 {
     int size;
@@ -529,6 +531,7 @@ parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user,
     errno_t ret;
     TALLOC_CTX *tmp_ctx;
     struct map_id_name_to_krb_primary *name_to_primary;
+    char *fq_name;
 
     tmp_ctx = talloc_new(NULL);
     if (tmp_ctx == NULL) {
@@ -570,6 +573,29 @@ parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user,
         }
     }
 
+    /* conversion names to fully-qualified names */
+    for (int i = 0; i < size; i++) {
+        fq_name = sss_create_internal_fqname(tmp_ctx,
+                                             name_to_primary[i].id_name,
+                                             dom_name);
+        if (fq_name == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE,
+                  "sss_create_internal_fqname failed\n");
+            goto done;
+        }
+        name_to_primary[i].id_name = talloc_strdup(name_to_primary, fq_name);
+
+        fq_name = sss_create_internal_fqname(tmp_ctx,
+                                             name_to_primary[i].krb_primary,
+                                             dom_name);
+        if (fq_name == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE,
+                  "sss_create_internal_fqname failed\n");
+            goto done;
+        }
+        name_to_primary[i].krb_primary =  talloc_strdup(name_to_primary,
+                                                        fq_name);
+    }
     ret = EOK;
 
 done:
diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
index 75b93c3..3051a99 100644
--- a/src/providers/krb5/krb5_utils.h
+++ b/src/providers/krb5/krb5_utils.h
@@ -51,7 +51,9 @@ errno_t get_domain_or_subdomain(struct be_ctx *be_ctx,
                                 struct sss_domain_info **dom);
 
 errno_t
-parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user,
+parse_krb5_map_user(TALLOC_CTX *mem_ctx,
+                    const char *krb5_map_user,
+                    const char *dom_name,
                     struct map_id_name_to_krb_primary **_name_to_primary);
 
 #endif /* __KRB5_UTILS_H__ */
diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c
index 515a194..6d03a30 100644
--- a/src/tests/krb5_utils-tests.c
+++ b/src/tests/krb5_utils-tests.c
@@ -614,25 +614,25 @@ START_TEST(test_parse_krb5_map_user)
     /* empty input */
     {
         check_leaks_push(mem_ctx);
-        ret = parse_krb5_map_user(mem_ctx, NULL, &name_to_primary);
+        ret = parse_krb5_map_user(mem_ctx, NULL, DOMAIN_NAME, &name_to_primary);
         fail_unless(ret == EOK);
         fail_unless(name_to_primary[0].id_name == NULL &&
                     name_to_primary[0].krb_primary == NULL);
         talloc_free(name_to_primary);
 
-        ret = parse_krb5_map_user(mem_ctx, "", &name_to_primary);
+        ret = parse_krb5_map_user(mem_ctx, "", DOMAIN_NAME, &name_to_primary);
         fail_unless(ret == EOK);
         fail_unless(name_to_primary[0].id_name == NULL &&
                     name_to_primary[0].krb_primary == NULL);
         talloc_free(name_to_primary);
 
-        ret = parse_krb5_map_user(mem_ctx, ",", &name_to_primary);
+        ret = parse_krb5_map_user(mem_ctx, ",", DOMAIN_NAME, &name_to_primary);
         fail_unless(ret == EOK);
         fail_unless(name_to_primary[0].id_name == NULL &&
                     name_to_primary[0].krb_primary == NULL);
         talloc_free(name_to_primary);
 
-        ret = parse_krb5_map_user(mem_ctx, ",,", &name_to_primary);
+        ret = parse_krb5_map_user(mem_ctx, ",,", DOMAIN_NAME, &name_to_primary);
         fail_unless(ret == EOK);
         fail_unless(name_to_primary[0].id_name == NULL &&
                     name_to_primary[0].krb_primary == NULL);
@@ -645,14 +645,16 @@ START_TEST(test_parse_krb5_map_user)
         check_leaks_push(mem_ctx);
         const char *p = "pája:preichl,joe:juser,jdoe:ßlack";
         const char *p2 = " pája  : preichl , joe:\njuser,jdoe\t:   ßlack ";
-        const char *expected[] = {"pája", "preichl", "joe", "juser", "jdoe", "ßlack"};
-        ret = parse_krb5_map_user(mem_ctx, p, &name_to_primary);
+        const char *expected[] = {"pája@testdomain", "preichl@"DOMAIN_NAME,
+                                  "joe@testdomain", "juser@testdomain",
+                                  "jdoe@testdomain", "ßlack@testdomain"};
+        ret = parse_krb5_map_user(mem_ctx, p, DOMAIN_NAME, &name_to_primary);
         fail_unless(ret == EOK);
         compare_map_id_name_to_krb_primary(name_to_primary, expected,
                                          sizeof(expected)/sizeof(const char*)/2);
         talloc_free(name_to_primary);
 
-        ret = parse_krb5_map_user(mem_ctx, p2, &name_to_primary);
+        ret = parse_krb5_map_user(mem_ctx, p2, DOMAIN_NAME, &name_to_primary);
         fail_unless(ret == EOK);
         compare_map_id_name_to_krb_primary(name_to_primary,  expected,
                                          sizeof(expected)/sizeof(const char*)/2);
@@ -663,22 +665,27 @@ START_TEST(test_parse_krb5_map_user)
     {
         check_leaks_push(mem_ctx);
 
-        ret = parse_krb5_map_user(mem_ctx, ":", &name_to_primary);
+        ret = parse_krb5_map_user(mem_ctx, ":", DOMAIN_NAME, &name_to_primary);
         fail_unless(ret == EINVAL);
 
-        ret = parse_krb5_map_user(mem_ctx, "joe:", &name_to_primary);
+        ret = parse_krb5_map_user(mem_ctx, "joe:", DOMAIN_NAME,
+                                  &name_to_primary);
         fail_unless(ret == EINVAL);
 
-        ret = parse_krb5_map_user(mem_ctx, ":joe", &name_to_primary);
+        ret = parse_krb5_map_user(mem_ctx, ":joe", DOMAIN_NAME,
+                                  &name_to_primary);
         fail_unless(ret == EINVAL);
 
-        ret = parse_krb5_map_user(mem_ctx, "joe:,", &name_to_primary);
+        ret = parse_krb5_map_user(mem_ctx, "joe:,", DOMAIN_NAME,
+                                  &name_to_primary);
         fail_unless(ret == EINVAL);
 
-        ret = parse_krb5_map_user(mem_ctx, ",joe", &name_to_primary);
+        ret = parse_krb5_map_user(mem_ctx, ",joe", DOMAIN_NAME,
+                                  &name_to_primary);
         fail_unless(ret == EINVAL);
 
-        ret = parse_krb5_map_user(mem_ctx, "joe:j:user", &name_to_primary);
+        ret = parse_krb5_map_user(mem_ctx, "joe:j:user", DOMAIN_NAME,
+                                  &name_to_primary);
         fail_unless(ret == EINVAL);
 
         fail_unless(check_leaks_pop(mem_ctx));
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to