>From 7ee9eddb67626c016422ab0cc1bf5e3eb36535d0 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sat, 11 May 2013 10:53:12 +0200 Subject: [PATCH 3/3] Allow flat name in the FQname format https://fedorahosted.org/sssd/ticket/1648 Adds another expansion in the printf format that allows the user to use the domain flat name in the format. --- Makefile.am | 13 +- src/man/sssd.conf.5.xml | 58 ++++++++- src/tests/cmocka/test_fqnames.c | 271 ++++++++++++++++++++++++++++++++++++++++ src/util/usertools.c | 56 +++++++-- src/util/util.h | 5 + 5 files changed, 386 insertions(+), 17 deletions(-) create mode 100644 src/tests/cmocka/test_fqnames.c diff --git a/Makefile.am b/Makefile.am index b72384a77fe5bb3d2d40229026c463fefabc1387..22984445d3f765ef6b29ee15e3620173c9fcf284 100644 --- a/Makefile.am +++ b/Makefile.am @@ -151,7 +151,8 @@ if HAVE_CMOCKA test-io \ sss_nss_idmap-tests \ test-io \ - dyndns-tests + dyndns-tests \ + fqnames-tests endif check_PROGRAMS = \ @@ -1303,6 +1304,16 @@ dyndns_tests_LDADD = \ $(CARES_LIBS) \ $(CMOCKA_LIBS) \ libsss_util.la + +fqnames_tests_SOURCES = \ + $(TEST_MOCK_OBJ) \ + src/tests/cmocka/test_fqnames.c +fqnames_tests_CFLAGS = \ + $(AM_CFLAGS) +fqnames_tests_LDADD = \ + $(CMOCKA_LIBS) \ + libsss_util.la + endif noinst_PROGRAMS = pam_test_client diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 99337fbba9fb8d39a62eb84313c5b89761ee950d..85ed1fe55f2d14dddcf960795ab4469f82a9525b 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -143,12 +143,36 @@ full_name_format (string) - The default + A printf 3 -compatible format that describes how to - translate a (name, domain) tuple into a fully qualified - name. + compose a fully qualified name from user name + and domain name components. + + + The following expansions are supported : + + + %1$s + user name + + + %2$s + domain name + + + %3$s + + + domain flat name. Mostly usable + for Active Directory domains, both + directly configured or disovered + via IPA trusts. + + + + Each domain can have an individual format string configured. @@ -1533,8 +1557,32 @@ override_homedir = /home/%u printf 3 -compatible format that describes how to - translate a (name, domain) tuple for this domain into a fully - qualified name. + compose a fully qualified name from user name + and domain name components. + + + The following expansions are supported : + + + %1$s + user name + + + %2$s + domain name + + + %3$s + + + domain flat name. Mostly usable + for Active Directory domains, both + directly configured or disovered + via IPA trusts. + + + + Default: %1$s@%2$s. diff --git a/src/tests/cmocka/test_fqnames.c b/src/tests/cmocka/test_fqnames.c new file mode 100644 index 0000000000000000000000000000000000000000..c0f36389e1b84748ac9ac6d6a6ca6cd24b20df0e --- /dev/null +++ b/src/tests/cmocka/test_fqnames.c @@ -0,0 +1,271 @@ +/* + Authors: + Jakub Hrozek + + Copyright (C) 2013 Red Hat + + SSSD tests: Fully Qualified Names Tests + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include + +#include "tests/cmocka/common_mock.h" + +#define NAME "name" +#define DOMNAME "domname" +#define FLATNAME "flatname" + +struct fqdn_test_ctx { + struct sss_domain_info *dom; + + struct sss_names_ctx *nctx; +}; + +void fqdn_test_setup(void **state) +{ + struct fqdn_test_ctx *test_ctx; + + assert_true(leak_check_setup()); + + test_ctx = talloc_zero(global_talloc_context, struct fqdn_test_ctx); + assert_non_null(test_ctx); + + test_ctx->dom = talloc_zero(test_ctx, struct sss_domain_info); + assert_non_null(test_ctx->dom); + test_ctx->dom->name = discard_const(DOMNAME); + test_ctx->dom->flat_name = discard_const(FLATNAME); + + check_leaks_push(test_ctx); + *state = test_ctx; +} + +void fqdn_test_teardown(void **state) +{ + struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, + struct fqdn_test_ctx); + + if (test_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); + return; + } + + assert_true(check_leaks_pop(test_ctx) == true); + talloc_free(test_ctx); + assert_true(leak_check_teardown()); +} + +void test_default(void **state) +{ + struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, + struct fqdn_test_ctx); + errno_t ret; + + char *fqdn; + const int fqdn_size = 255; + char fqdn_s[fqdn_size]; + + if (test_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); + return; + } + + ret = sss_names_init_from_args(test_ctx, + "(?P[^@]+)@?(?P[^@]*$)", + "%1$s@%2$s", &test_ctx->nctx); + assert_int_equal(ret, EOK); + assert_int_equal(test_ctx->nctx->fq_flags, FQ_FMT_NAME | FQ_FMT_DOMAIN); + + fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME); + assert_non_null(fqdn); + assert_string_equal(fqdn, NAME"@"DOMNAME); + talloc_free(fqdn); + + ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME); + assert_int_equal(ret + 1, sizeof(NAME"@"DOMNAME)); + assert_string_equal(fqdn_s, NAME"@"DOMNAME); + + talloc_free(test_ctx->nctx); +} + +void test_all(void **state) +{ + struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, + struct fqdn_test_ctx); + errno_t ret; + + char *fqdn; + const int fqdn_size = 255; + char fqdn_s[fqdn_size]; + + if (test_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); + return; + } + + ret = sss_names_init_from_args(test_ctx, + "(?P[^@]+)@?(?P[^@]*$)", + "%1$s@%2$s@%3$s", &test_ctx->nctx); + assert_int_equal(ret, EOK); + assert_int_equal(test_ctx->nctx->fq_flags, + FQ_FMT_NAME | FQ_FMT_DOMAIN | FQ_FMT_FLAT_NAME); + + fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME); + assert_non_null(fqdn); + assert_string_equal(fqdn, NAME"@"DOMNAME"@"FLATNAME); + talloc_free(fqdn); + + ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME); + assert_int_equal(ret + 1, sizeof(NAME"@"DOMNAME"@"FLATNAME)); + assert_string_equal(fqdn_s, NAME"@"DOMNAME"@"FLATNAME); + + talloc_free(test_ctx->nctx); +} + +void test_flat(void **state) +{ + struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, + struct fqdn_test_ctx); + errno_t ret; + + char *fqdn; + const int fqdn_size = 255; + char fqdn_s[fqdn_size]; + + if (test_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); + return; + } + + ret = sss_names_init_from_args(test_ctx, + "(?P[^@]+)@?(?P[^@]*$)", + "%1$s@%3$s", &test_ctx->nctx); + assert_int_equal(ret, EOK); + assert_int_equal(test_ctx->nctx->fq_flags, FQ_FMT_NAME | FQ_FMT_FLAT_NAME); + + fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME); + assert_non_null(fqdn); + assert_string_equal(fqdn, NAME"@"FLATNAME); + talloc_free(fqdn); + + ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME); + assert_int_equal(ret + 1, sizeof(NAME"@"FLATNAME)); + assert_string_equal(fqdn_s, NAME"@"FLATNAME); + + talloc_free(test_ctx->nctx); +} + +void test_flat_fallback(void **state) +{ + struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, + struct fqdn_test_ctx); + errno_t ret; + + char *fqdn; + const int fqdn_size = 255; + char fqdn_s[fqdn_size]; + + if (test_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); + return; + } + + ret = sss_names_init_from_args(test_ctx, + "(?P[^@]+)@?(?P[^@]*$)", + "%1$s@%3$s", &test_ctx->nctx); + assert_int_equal(ret, EOK); + assert_int_equal(test_ctx->nctx->fq_flags, FQ_FMT_NAME | FQ_FMT_FLAT_NAME); + + test_ctx->dom->flat_name = NULL; + + /* If flat name is requested but does not exist, the code falls back to domain + * name + */ + fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME); + assert_non_null(fqdn); + assert_string_equal(fqdn, NAME"@"DOMNAME); + talloc_free(fqdn); + + ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME); + assert_int_equal(ret + 1, sizeof(NAME"@"DOMNAME)); + assert_string_equal(fqdn_s, NAME"@"DOMNAME); + + talloc_free(test_ctx->nctx); +} + +void test_init_nouser(void **state) +{ + struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, + struct fqdn_test_ctx); + errno_t ret; + + if (test_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); + return; + } + + ret = sss_names_init_from_args(test_ctx, + "(?P[^@]+)@?(?P[^@]*$)", + "%2$s@%3$s", &test_ctx->nctx); + /* Initialization with no user name must fail */ + assert_int_not_equal(ret, EOK); +} + +int main(int argc, const char *argv[]) +{ + poptContext pc; + int opt; + struct poptOption long_options[] = { + POPT_AUTOHELP + SSSD_DEBUG_OPTS + POPT_TABLEEND + }; + + const UnitTest tests[] = { + unit_test_setup_teardown(test_default, + fqdn_test_setup, fqdn_test_teardown), + unit_test_setup_teardown(test_all, + fqdn_test_setup, fqdn_test_teardown), + unit_test_setup_teardown(test_flat, + fqdn_test_setup, fqdn_test_teardown), + unit_test_setup_teardown(test_flat_fallback, + fqdn_test_setup, fqdn_test_teardown), + unit_test_setup_teardown(test_init_nouser, + fqdn_test_setup, fqdn_test_teardown), + }; + + /* Set debug level to invalid value so we can deside if -d 0 was used. */ + debug_level = SSSDBG_INVALID; + + pc = poptGetContext(argv[0], argc, argv, long_options, 0); + while((opt = poptGetNextOpt(pc)) != -1) { + switch(opt) { + default: + fprintf(stderr, "\nInvalid option %s: %s\n\n", + poptBadOption(pc, 0), poptStrerror(opt)); + poptPrintUsage(pc, stderr, 0); + return 1; + } + } + poptFreeContext(pc); + + DEBUG_INIT(debug_level); + + /* Even though normally the tests should clean up after themselves + * they might not after a failed run. Remove the old db to be sure */ + tests_set_cwd(); + + return run_tests(tests); +} diff --git a/src/util/usertools.c b/src/util/usertools.c index 835b9e3467c9345fc50cd96cbadd8c99b69d9e0a..991975cbb0867a10c258447cfd073250c6a7b801 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -140,12 +140,14 @@ static errno_t sss_fqnames_init(struct sss_names_ctx *nctx, const char *fq_fmt) struct pattern_desc { const char *pattern; const char *desc; + int flag; }; struct pattern_desc fqname_patterns[] = { - { "%1$s", "user name" }, - { "%2$s", "domain name" }, - { NULL, NULL } + { "%1$s", "user name", FQ_FMT_NAME }, + { "%2$s", "domain name", FQ_FMT_DOMAIN }, + { "%3$s", "domain flat name", FQ_FMT_FLAT_NAME }, + { NULL, NULL, 0 } }; nctx->fq_fmt = talloc_strdup(nctx, fq_fmt); @@ -163,12 +165,24 @@ static errno_t sss_fqnames_init(struct sss_names_ctx *nctx, const char *fq_fmt) ("Username pattern not found in [%s]\n", nctx->fq_fmt)); return ENOENT; } + nctx->fq_flags = FQ_FMT_NAME; - if (strstr(fq_fmt, fqname_patterns[1].pattern) == NULL) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("The pattern for %s was not found, fully-qualified names " - "might not work as expected\n", fqname_patterns[1].desc)); - /* Ignore this error */ + for (int i = 1; fqname_patterns[i].pattern; i++) { + char *s; + s = strstr(fq_fmt, fqname_patterns[i].pattern); + if (s == NULL) { + /* Append the format specifier */ + nctx->fq_fmt = talloc_strdup_append(nctx->fq_fmt, + fqname_patterns[i].pattern); + if (nctx->fq_fmt == NULL) { + return ENOMEM; + } + continue; + } + + DEBUG(SSSDBG_CONF_SETTINGS, + ("Found the pattern for %s\n", fqname_patterns[i].desc)); + nctx->fq_flags |= fqname_patterns[i].flag; } return EOK; @@ -551,17 +565,34 @@ sss_get_cased_name_list(TALLOC_CTX *mem_ctx, const char * const *orig, static inline const char * safe_fq_str(struct sss_names_ctx *nctx, uint8_t part, const char *str) { - return nctx->fq_flags & part ? str : ""; } +static inline const char * +safe_flat_name(struct sss_names_ctx *nctx, struct sss_domain_info *domain) +{ + const char *s; + + s = safe_fq_str(nctx, FQ_FMT_FLAT_NAME, domain->flat_name); + if (s == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Flat name requested but domain has no" + "flat name set, falling back to domain name\n")); + s = domain->name; + } + + return s; +} + char * sss_tc_fqname(TALLOC_CTX *mem_ctx, struct sss_names_ctx *nctx, struct sss_domain_info *domain, const char *name) { if (domain == NULL || nctx == NULL) return NULL; - return talloc_asprintf(mem_ctx, nctx->fq_fmt, name, domain->name); + return talloc_asprintf(mem_ctx, nctx->fq_fmt, + safe_fq_str(nctx, FQ_FMT_NAME, name), + safe_fq_str(nctx, FQ_FMT_DOMAIN, domain->name), + safe_flat_name(nctx, domain)); } int @@ -570,5 +601,8 @@ sss_fqname(char *str, size_t size, struct sss_names_ctx *nctx, { if (domain == NULL || nctx == NULL) return -EINVAL; - return snprintf(str, size, nctx->fq_fmt, name, domain->name); + return snprintf(str, size, nctx->fq_fmt, + safe_fq_str(nctx, FQ_FMT_NAME, name), + safe_fq_str(nctx, FQ_FMT_DOMAIN, domain->name), + safe_flat_name(nctx, domain)); } diff --git a/src/util/util.h b/src/util/util.h index 8c46a643d38845f13002e75f6c9af9f179a8f708..bc81ffb6619699bfbba9370bb16d585c9b1c80c4 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -395,9 +395,14 @@ char *get_username_from_uid(TALLOC_CTX *mem_ctx, uid_t uid); char *get_uppercase_realm(TALLOC_CTX *memctx, const char *name); +#define FQ_FMT_NAME 0x01 +#define FQ_FMT_DOMAIN 0x02 +#define FQ_FMT_FLAT_NAME 0x04 + struct sss_names_ctx { char *re_pattern; char *fq_fmt; + uint8_t fq_flags; pcre *re; }; -- 1.8.2.1