From 14310dab1698da8afbc107c5c76a3c01c9aeb20e Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 24 Feb 2015 15:33:39 +0100 Subject: [PATCH] extdom: handle ERANGE return code for getXXYYY_r() calls The getXXYYY_r() calls require a buffer to store the variable data of the passwd and group structs. If the provided buffer is too small ERANGE is returned and the caller can try with a larger buffer again. Cmocka/cwrap based unit-tests for get*_r_wrapper() are added. Resolves https://fedorahosted.org/freeipa/ticket/4908 Reviewed-By: Alexander Bokovoy --- .../ipa-slapi-plugins/ipa-extdom-extop/Makefile.am | 31 ++- .../ipa-extdom-extop/ipa_extdom.h | 9 + .../ipa-extdom-extop/ipa_extdom_cmocka_tests.c | 226 +++++++++++++++ .../ipa-extdom-extop/ipa_extdom_common.c | 309 +++++++++++++++------ .../ipa-extdom-extop/test_data/group | 2 + .../ipa-extdom-extop/test_data/passwd | 2 + .../ipa-extdom-extop/test_data/test_setup.sh | 3 + 7 files changed, 498 insertions(+), 84 deletions(-) create mode 100644 daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_cmocka_tests.c create mode 100644 daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/group create mode 100644 daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/passwd create mode 100644 daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/test_setup.sh diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am b/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am index 0008476796f5b20f62f2c32e7b291b787fa7a6fc..a1679812ef3c5de8c6e18433cbb991a99ad0b6c8 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am @@ -35,9 +35,20 @@ libipa_extdom_extop_la_LIBADD = \ $(SSSNSSIDMAP_LIBS) \ $(NULL) +TESTS = +check_PROGRAMS = + if HAVE_CHECK -TESTS = extdom_tests -check_PROGRAMS = extdom_tests +TESTS += extdom_tests +check_PROGRAMS += extdom_tests +endif + +if HAVE_CMOCKA +if HAVE_NSS_WRAPPER +TESTS_ENVIRONMENT = . ./test_data/test_setup.sh; +TESTS += extdom_cmocka_tests +check_PROGRAMS += extdom_cmocka_tests +endif endif extdom_tests_SOURCES = \ @@ -55,6 +66,22 @@ extdom_tests_LDADD = \ $(SSSNSSIDMAP_LIBS) \ $(NULL) +extdom_cmocka_tests_SOURCES = \ + ipa_extdom_cmocka_tests.c \ + ipa_extdom_common.c \ + $(NULL) +extdom_cmocka_tests_CFLAGS = $(CMOCKA_CFLAGS) +extdom_cmocka_tests_LDFLAGS = \ + -rpath $(shell pkg-config --libs-only-L dirsrv | sed -e 's/-L//') \ + $(NULL) +extdom_cmocka_tests_LDADD = \ + $(CMOCKA_LIBS) \ + $(LDAP_LIBS) \ + $(DIRSRV_LIBS) \ + $(SSSNSSIDMAP_LIBS) \ + $(NULL) + + appdir = $(IPA_DATA_DIR) app_DATA = \ ipa-extdom-extop-conf.ldif \ diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h index 56ca5009b1aa427f6c059b78ac392c768e461e2e..40bf933920fdd2ca19e5ef195aaa8fb820446cc5 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h @@ -174,4 +174,13 @@ int check_request(struct extdom_req *req, enum extdom_version version); int handle_request(struct ipa_extdom_ctx *ctx, struct extdom_req *req, struct berval **berval); int pack_response(struct extdom_res *res, struct berval **ret_val); +int get_buffer(size_t *_buf_len, char **_buf); +int getpwnam_r_wrapper(size_t buf_max, const char *name, + struct passwd *pwd, char **_buf, size_t *_buf_len); +int getpwuid_r_wrapper(size_t buf_max, uid_t uid, + struct passwd *pwd, char **_buf, size_t *_buf_len); +int getgrnam_r_wrapper(size_t buf_max, const char *name, + struct group *grp, char **_buf, size_t *_buf_len); +int getgrgid_r_wrapper(size_t buf_max, gid_t gid, + struct group *grp, char **_buf, size_t *_buf_len); #endif /* _IPA_EXTDOM_H_ */ diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_cmocka_tests.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_cmocka_tests.c new file mode 100644 index 0000000000000000000000000000000000000000..d5bacd7e8c9dc0a71eea70162406c7e5b67384ad --- /dev/null +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_cmocka_tests.c @@ -0,0 +1,226 @@ +/* + Authors: + Sumit Bose + + Copyright (C) 2015 Red Hat + + Extdom tests + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include +#include +#include + +#include +#include + + +#include "ipa_extdom.h" + +#define MAX_BUF (1024*1024*1024) + +void test_getpwnam_r_wrapper(void **state) +{ + int ret; + struct passwd pwd; + char *buf; + size_t buf_len; + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getpwnam_r_wrapper(MAX_BUF, "non_exisiting_user", &pwd, &buf, + &buf_len); + assert_int_equal(ret, ENOENT); + + ret = getpwnam_r_wrapper(MAX_BUF, "user", &pwd, &buf, &buf_len); + assert_int_equal(ret, 0); + assert_string_equal(pwd.pw_name, "user"); + assert_string_equal(pwd.pw_passwd, "x"); + assert_int_equal(pwd.pw_uid, 12345); + assert_int_equal(pwd.pw_gid, 23456); + assert_string_equal(pwd.pw_gecos, "gecos"); + assert_string_equal(pwd.pw_dir, "/home/user"); + assert_string_equal(pwd.pw_shell, "/bin/shell"); + free(buf); + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getpwnam_r_wrapper(MAX_BUF, "user_big", &pwd, &buf, &buf_len); + assert_int_equal(ret, 0); + assert_string_equal(pwd.pw_name, "user_big"); + assert_string_equal(pwd.pw_passwd, "x"); + assert_int_equal(pwd.pw_uid, 12346); + assert_int_equal(pwd.pw_gid, 23457); + assert_int_equal(strlen(pwd.pw_gecos), 4000 * strlen("gecos")); + assert_string_equal(pwd.pw_dir, "/home/user_big"); + assert_string_equal(pwd.pw_shell, "/bin/shell"); + free(buf); + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getpwnam_r_wrapper(1024, "user_big", &pwd, &buf, &buf_len); + assert_int_equal(ret, ERANGE); + free(buf); +} + +void test_getpwuid_r_wrapper(void **state) +{ + int ret; + struct passwd pwd; + char *buf; + size_t buf_len; + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getpwuid_r_wrapper(MAX_BUF, 99999, &pwd, &buf, &buf_len); + assert_int_equal(ret, ENOENT); + + ret = getpwuid_r_wrapper(MAX_BUF, 12345, &pwd, &buf, &buf_len); + assert_int_equal(ret, 0); + assert_string_equal(pwd.pw_name, "user"); + assert_string_equal(pwd.pw_passwd, "x"); + assert_int_equal(pwd.pw_uid, 12345); + assert_int_equal(pwd.pw_gid, 23456); + assert_string_equal(pwd.pw_gecos, "gecos"); + assert_string_equal(pwd.pw_dir, "/home/user"); + assert_string_equal(pwd.pw_shell, "/bin/shell"); + free(buf); + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getpwuid_r_wrapper(MAX_BUF, 12346, &pwd, &buf, &buf_len); + assert_int_equal(ret, 0); + assert_string_equal(pwd.pw_name, "user_big"); + assert_string_equal(pwd.pw_passwd, "x"); + assert_int_equal(pwd.pw_uid, 12346); + assert_int_equal(pwd.pw_gid, 23457); + assert_int_equal(strlen(pwd.pw_gecos), 4000 * strlen("gecos")); + assert_string_equal(pwd.pw_dir, "/home/user_big"); + assert_string_equal(pwd.pw_shell, "/bin/shell"); + free(buf); + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getpwuid_r_wrapper(1024, 12346, &pwd, &buf, &buf_len); + assert_int_equal(ret, ERANGE); + free(buf); +} + +void test_getgrnam_r_wrapper(void **state) +{ + int ret; + struct group grp; + char *buf; + size_t buf_len; + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getgrnam_r_wrapper(MAX_BUF, "non_exisiting_group", &grp, &buf, &buf_len); + assert_int_equal(ret, ENOENT); + + ret = getgrnam_r_wrapper(MAX_BUF, "group", &grp, &buf, &buf_len); + assert_int_equal(ret, 0); + assert_string_equal(grp.gr_name, "group"); + assert_string_equal(grp.gr_passwd, "x"); + assert_int_equal(grp.gr_gid, 11111); + assert_string_equal(grp.gr_mem[0], "member0001"); + assert_string_equal(grp.gr_mem[1], "member0002"); + assert_null(grp.gr_mem[2]); + free(buf); + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getgrnam_r_wrapper(MAX_BUF, "group_big", &grp, &buf, &buf_len); + assert_int_equal(ret, 0); + assert_string_equal(grp.gr_name, "group_big"); + assert_string_equal(grp.gr_passwd, "x"); + assert_int_equal(grp.gr_gid, 22222); + assert_string_equal(grp.gr_mem[0], "member0001"); + assert_string_equal(grp.gr_mem[1], "member0002"); + free(buf); + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getgrnam_r_wrapper(1024, "group_big", &grp, &buf, &buf_len); + assert_int_equal(ret, ERANGE); + free(buf); +} + +void test_getgrgid_r_wrapper(void **state) +{ + int ret; + struct group grp; + char *buf; + size_t buf_len; + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getgrgid_r_wrapper(MAX_BUF, 99999, &grp, &buf, &buf_len); + assert_int_equal(ret, ENOENT); + + ret = getgrgid_r_wrapper(MAX_BUF, 11111, &grp, &buf, &buf_len); + assert_int_equal(ret, 0); + assert_string_equal(grp.gr_name, "group"); + assert_string_equal(grp.gr_passwd, "x"); + assert_int_equal(grp.gr_gid, 11111); + assert_string_equal(grp.gr_mem[0], "member0001"); + assert_string_equal(grp.gr_mem[1], "member0002"); + assert_null(grp.gr_mem[2]); + free(buf); + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getgrgid_r_wrapper(MAX_BUF, 22222, &grp, &buf, &buf_len); + assert_int_equal(ret, 0); + assert_string_equal(grp.gr_name, "group_big"); + assert_string_equal(grp.gr_passwd, "x"); + assert_int_equal(grp.gr_gid, 22222); + assert_string_equal(grp.gr_mem[0], "member0001"); + assert_string_equal(grp.gr_mem[1], "member0002"); + free(buf); + + ret = get_buffer(&buf_len, &buf); + assert_int_equal(ret, 0); + + ret = getgrgid_r_wrapper(1024, 22222, &grp, &buf, &buf_len); + assert_int_equal(ret, ERANGE); + free(buf); +} + +int main(int argc, const char *argv[]) +{ + const UnitTest tests[] = { + unit_test(test_getpwnam_r_wrapper), + unit_test(test_getpwuid_r_wrapper), + unit_test(test_getgrnam_r_wrapper), + unit_test(test_getgrgid_r_wrapper), + }; + + return run_tests(tests); +} diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c index 20fdd62b20f28f5384cf83b8be5819f721c6c3db..cbe336963ffbafadd5a7b8029a65fafe506f75e8 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c @@ -49,6 +49,188 @@ #define MAX(a,b) (((a)>(b))?(a):(b)) #define SSSD_DOMAIN_SEPARATOR '@' +#define MAX_BUF (1024*1024*1024) + + + +int get_buffer(size_t *_buf_len, char **_buf) +{ + long pw_max; + long gr_max; + size_t buf_len; + char *buf; + + pw_max = sysconf(_SC_GETPW_R_SIZE_MAX); + gr_max = sysconf(_SC_GETGR_R_SIZE_MAX); + + buf_len = MAX(16384, MAX(pw_max, gr_max)); + + buf = malloc(sizeof(char) * buf_len); + if (buf == NULL) { + return LDAP_OPERATIONS_ERROR; + } + + *_buf_len = buf_len; + *_buf = buf; + + return LDAP_SUCCESS; +} + +static int inc_buffer(size_t buf_max, size_t *_buf_len, char **_buf) +{ + size_t tmp_len; + char *tmp_buf; + + tmp_buf = *_buf; + tmp_len = *_buf_len; + + tmp_len *= 2; + if (tmp_len > buf_max) { + return ERANGE; + } + + tmp_buf = realloc(tmp_buf, tmp_len); + if (tmp_buf == NULL) { + return ENOMEM; + } + + *_buf_len = tmp_len; + *_buf = tmp_buf; + + return 0; +} + +int getpwnam_r_wrapper(size_t buf_max, const char *name, + struct passwd *pwd, char **_buf, size_t *_buf_len) +{ + char *buf = NULL; + size_t buf_len = 0; + int ret; + struct passwd *result = NULL; + + buf = *_buf; + buf_len = *_buf_len; + + while (buf != NULL + && (ret = getpwnam_r(name, pwd, buf, buf_len, &result)) == ERANGE) { + ret = inc_buffer(buf_max, &buf_len, &buf); + if (ret != 0) { + if (ret == ERANGE) { + LOG("Buffer too small, increase ipaExtdomMaxNssBufSize.\n"); + } + goto done; + } + } + + if (ret == 0 && result == NULL) { + ret = ENOENT; + } + +done: + *_buf = buf; + *_buf_len = buf_len; + + return ret; +} + +int getpwuid_r_wrapper(size_t buf_max, uid_t uid, + struct passwd *pwd, char **_buf, size_t *_buf_len) +{ + char *buf = NULL; + size_t buf_len = 0; + int ret; + struct passwd *result = NULL; + + buf = *_buf; + buf_len = *_buf_len; + + while (buf != NULL + && (ret = getpwuid_r(uid, pwd, buf, buf_len, &result)) == ERANGE) { + ret = inc_buffer(buf_max, &buf_len, &buf); + if (ret != 0) { + if (ret == ERANGE) { + LOG("Buffer too small, increase ipaExtdomMaxNssBufSize.\n"); + } + goto done; + } + } + + if (ret == 0 && result == NULL) { + ret = ENOENT; + } + +done: + *_buf = buf; + *_buf_len = buf_len; + + return ret; +} + +int getgrnam_r_wrapper(size_t buf_max, const char *name, + struct group *grp, char **_buf, size_t *_buf_len) +{ + char *buf = NULL; + size_t buf_len = 0; + int ret; + struct group *result = NULL; + + buf = *_buf; + buf_len = *_buf_len; + + while (buf != NULL + && (ret = getgrnam_r(name, grp, buf, buf_len, &result)) == ERANGE) { + ret = inc_buffer(buf_max, &buf_len, &buf); + if (ret != 0) { + if (ret == ERANGE) { + LOG("Buffer too small, increase ipaExtdomMaxNssBufSize.\n"); + } + goto done; + } + } + + if (ret == 0 && result == NULL) { + ret = ENOENT; + } + +done: + *_buf = buf; + *_buf_len = buf_len; + + return ret; +} + +int getgrgid_r_wrapper(size_t buf_max, gid_t gid, + struct group *grp, char **_buf, size_t *_buf_len) +{ + char *buf = NULL; + size_t buf_len = 0; + int ret; + struct group *result = NULL; + + buf = *_buf; + buf_len = *_buf_len; + + while (buf != NULL + && (ret = getgrgid_r(gid, grp, buf, buf_len, &result)) == ERANGE) { + ret = inc_buffer(buf_max, &buf_len, &buf); + if (ret != 0) { + if (ret == ERANGE) { + LOG("Buffer too small, increase ipaExtdomMaxNssBufSize.\n"); + } + goto done; + } + } + + if (ret == 0 && result == NULL) { + ret = ENOENT; + } + +done: + *_buf = buf; + *_buf_len = buf_len; + + return ret; +} int parse_request_data(struct berval *req_val, struct extdom_req **_req) { @@ -191,33 +373,6 @@ int check_request(struct extdom_req *req, enum extdom_version version) return LDAP_SUCCESS; } -static int get_buffer(size_t *_buf_len, char **_buf) -{ - long pw_max; - long gr_max; - size_t buf_len; - char *buf; - - pw_max = sysconf(_SC_GETPW_R_SIZE_MAX); - gr_max = sysconf(_SC_GETGR_R_SIZE_MAX); - - if (pw_max == -1 && gr_max == -1) { - buf_len = 16384; - } else { - buf_len = MAX(pw_max, gr_max); - } - - buf = malloc(sizeof(char) * buf_len); - if (buf == NULL) { - return LDAP_OPERATIONS_ERROR; - } - - *_buf_len = buf_len; - *_buf = buf; - - return LDAP_SUCCESS; -} - static int get_user_grouplist(const char *name, gid_t gid, size_t *_ngroups, gid_t **_groups ) { @@ -323,7 +478,6 @@ static int pack_ber_user(enum response_types response_type, size_t buf_len; char *buf = NULL; struct group grp; - struct group *grp_result; size_t c; char *locat; char *short_user_name = NULL; @@ -375,13 +529,13 @@ static int pack_ber_user(enum response_types response_type, } for (c = 0; c < ngroups; c++) { - ret = getgrgid_r(groups[c], &grp, buf, buf_len, &grp_result); + ret = getgrgid_r_wrapper(MAX_BUF, groups[c], &grp, &buf, &buf_len); if (ret != 0) { - ret = LDAP_NO_SUCH_OBJECT; - goto done; - } - if (grp_result == NULL) { - ret = LDAP_NO_SUCH_OBJECT; + if (ret == ENOMEM || ret == ERANGE) { + ret = LDAP_OPERATIONS_ERROR; + } else { + ret = LDAP_NO_SUCH_OBJECT; + } goto done; } @@ -542,7 +696,6 @@ static int handle_uid_request(enum request_types request_type, uid_t uid, { int ret; struct passwd pwd; - struct passwd *pwd_result = NULL; char *sid_str = NULL; enum sss_id_type id_type; size_t buf_len; @@ -568,13 +721,13 @@ static int handle_uid_request(enum request_types request_type, uid_t uid, ret = pack_ber_sid(sid_str, berval); } else { - ret = getpwuid_r(uid, &pwd, buf, buf_len, &pwd_result); + ret = getpwuid_r_wrapper(MAX_BUF, uid, &pwd, &buf, &buf_len); if (ret != 0) { - ret = LDAP_NO_SUCH_OBJECT; - goto done; - } - if (pwd_result == NULL) { - ret = LDAP_NO_SUCH_OBJECT; + if (ret == ENOMEM || ret == ERANGE) { + ret = LDAP_OPERATIONS_ERROR; + } else { + ret = LDAP_NO_SUCH_OBJECT; + } goto done; } @@ -610,7 +763,6 @@ static int handle_gid_request(enum request_types request_type, gid_t gid, { int ret; struct group grp; - struct group *grp_result = NULL; char *sid_str = NULL; enum sss_id_type id_type; size_t buf_len; @@ -635,13 +787,13 @@ static int handle_gid_request(enum request_types request_type, gid_t gid, ret = pack_ber_sid(sid_str, berval); } else { - ret = getgrgid_r(gid, &grp, buf, buf_len, &grp_result); + ret = getgrgid_r_wrapper(MAX_BUF, gid, &grp, &buf, &buf_len); if (ret != 0) { - ret = LDAP_NO_SUCH_OBJECT; - goto done; - } - if (grp_result == NULL) { - ret = LDAP_NO_SUCH_OBJECT; + if (ret == ENOMEM || ret == ERANGE) { + ret = LDAP_OPERATIONS_ERROR; + } else { + ret = LDAP_NO_SUCH_OBJECT; + } goto done; } @@ -676,9 +828,7 @@ static int handle_sid_request(enum request_types request_type, const char *sid, { int ret; struct passwd pwd; - struct passwd *pwd_result = NULL; struct group grp; - struct group *grp_result = NULL; char *domain_name = NULL; char *fq_name = NULL; char *object_name = NULL; @@ -724,14 +874,13 @@ static int handle_sid_request(enum request_types request_type, const char *sid, switch(id_type) { case SSS_ID_TYPE_UID: case SSS_ID_TYPE_BOTH: - ret = getpwnam_r(fq_name, &pwd, buf, buf_len, &pwd_result); + ret = getpwnam_r_wrapper(MAX_BUF, fq_name, &pwd, &buf, &buf_len); if (ret != 0) { - ret = LDAP_NO_SUCH_OBJECT; - goto done; - } - - if (pwd_result == NULL) { - ret = LDAP_NO_SUCH_OBJECT; + if (ret == ENOMEM || ret == ERANGE) { + ret = LDAP_OPERATIONS_ERROR; + } else { + ret = LDAP_NO_SUCH_OBJECT; + } goto done; } @@ -755,14 +904,13 @@ static int handle_sid_request(enum request_types request_type, const char *sid, pwd.pw_shell, kv_list, berval); break; case SSS_ID_TYPE_GID: - ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result); + ret = getgrnam_r_wrapper(MAX_BUF, fq_name, &grp, &buf, &buf_len); if (ret != 0) { - ret = LDAP_NO_SUCH_OBJECT; - goto done; - } - - if (grp_result == NULL) { - ret = LDAP_NO_SUCH_OBJECT; + if (ret == ENOMEM || ret == ERANGE) { + ret = LDAP_OPERATIONS_ERROR; + } else { + ret = LDAP_NO_SUCH_OBJECT; + } goto done; } @@ -806,9 +954,7 @@ static int handle_name_request(enum request_types request_type, int ret; char *fq_name = NULL; struct passwd pwd; - struct passwd *pwd_result = NULL; struct group grp; - struct group *grp_result = NULL; char *sid_str = NULL; enum sss_id_type id_type; size_t buf_len; @@ -842,15 +988,8 @@ static int handle_name_request(enum request_types request_type, goto done; } - ret = getpwnam_r(fq_name, &pwd, buf, buf_len, &pwd_result); - if (ret != 0) { - /* according to the man page there are a couple of error codes - * which can indicate that the user was not found. To be on the - * safe side we fail back to the group lookup on all errors. */ - pwd_result = NULL; - } - - if (pwd_result != NULL) { + ret = getpwnam_r_wrapper(MAX_BUF, fq_name, &pwd, &buf, &buf_len); + if (ret == 0) { if (request_type == REQ_FULL_WITH_GROUPS) { ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type); if (ret != 0 || !(id_type == SSS_ID_TYPE_UID @@ -868,15 +1007,21 @@ static int handle_name_request(enum request_types request_type, domain_name, pwd.pw_name, pwd.pw_uid, pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir, pwd.pw_shell, kv_list, berval); + } else if (ret == ENOMEM || ret == ERANGE) { + ret = LDAP_OPERATIONS_ERROR; + goto done; } else { /* no user entry found */ - ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result); + /* according to the getpwnam() man page there are a couple of + * error codes which can indicate that the user was not found. To + * be on the safe side we fail back to the group lookup on all + * errors. */ + ret = getgrnam_r_wrapper(MAX_BUF, fq_name, &grp, &buf, &buf_len); if (ret != 0) { - ret = LDAP_NO_SUCH_OBJECT; - goto done; - } - - if (grp_result == NULL) { - ret = LDAP_NO_SUCH_OBJECT; + if (ret == ENOMEM || ret == ERANGE) { + ret = LDAP_OPERATIONS_ERROR; + } else { + ret = LDAP_NO_SUCH_OBJECT; + } goto done; } diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/group b/daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/group new file mode 100644 index 0000000000000000000000000000000000000000..8d1b012871b21cc9d5ffdba2168f35ef3e8a5f81 --- /dev/null +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/group @@ -0,0 +1,2 @@ +group:x:11111:member0001,member0002 +group_big:x:22222:member0001,member0002,member0003,member0004,member0005,member0006,member0007,member0008,member0009,member0010,member0011,member0012,member0013,member0014,member0015,member0016,member0017,member0018,member0019,member0020,member0021,member0022,member0023,member0024,member0025,member0026,member0027,member0028,member0029,member0030,member0031,member0032,member0033,member0034,member0035,member0036,member0037,member0038,member0039,member0040,member0041,member0042,member0043,member0044,member0045,member0046,member0047,member0048,member0049,member0050,member0051,member0052,member0053,member0054,member0055,member0056,member0057,member0058,member0059,member0060,member0061,member0062,member0063,member0064,member0065,member0066,member0067,member0068,member0069,member0070,member0071,member0072,member0073,member0074,member0075,member0076,member0077,member0078,member0079,member0080,member0081,member0082,member0083,member0084,member0085,member0086,member0087,member0088,member0089,member0090,member0091,member0092,member0093,member0094,member0095,member0096,member0097,member0098,member0099,member0100,member0101,member0102,member0103,member0104,member0105,member0106,member0107,member0108,member0109,member0110,member0111,member0112,member0113,member0114,member0115,member0116,member0117,member0118,member0119,member0120,member0121,member0122,member0123,member0124,member0125,member0126,member0127,member0128,member0129,member0130,member0131,member0132,member0133,member0134,member0135,member0136,member0137,member0138,member0139,member0140,member0141,member0142,member0143,member0144,member0145,member0146,member0147,member0148,member0149,member0150,member0151,member0152,member0153,member0154,member0155,member0156,member0157,member0158,member0159,member0160,member0161,member0162,member0163,member0164,member0165,member0166,member0167,member0168,member0169,member0170,member0171,member0172,member0173,member0174,member0175,member0176,member0177,member0178,member0179,member0180,member0181,member0182,member0183,member0184,member0185,member0186,member0187,member0188,member0189,member0190,member0191,member0192,member0193,member0194,member0195,member0196,member0197,member0198,member0199,member0200,member0201,member0202,member0203,member0204,member0205,member0206,member0207,member0208,member0209,member0210,member0211,member0212,member0213,member0214,member0215,member0216,member0217,member0218,member0219,member0220,member0221,member0222,member0223,member0224,member0225,member0226,member0227,member0228,member0229,member0230,member0231,member0232,member0233,member0234,member0235,member0236,member0237,member0238,member0239,member0240,member0241,member0242,member0243,member0244,member0245,member0246,member0247,member0248,member0249,member0250,member0251,member0252,member0253,member0254,member0255,member0256,member0257,member0258,member0259,member0260,member0261,member0262,member0263,member0264,member0265,member0266,member0267,member0268,member0269,member0270,member0271,member0272,member0273,member0274,member0275,member0276,member0277,member0278,member0279,member0280,member0281,member0282,member0283,member0284,member0285,member0286,member0287,member0288,member0289,member0290,member0291,member0292,member0293,member0294,member0295,member0296,member0297,member0298,member0299,member0300,member0301,member0302,member0303,member0304,member0305,member0306,member0307,member0308,member0309,member0310,member0311,member0312,member0313,member0314,member0315,member0316,member0317,member0318,member0319,member0320,member0321,member0322,member0323,member0324,member0325,member0326,member0327,member0328,member0329,member0330,member0331,member0332,member0333,member0334,member0335,member0336,member0337,member0338,member0339,member0340,member0341,member0342,member0343,member0344,member0345,member0346,member0347,member0348,member0349,member0350,member0351,member0352,member0353,member0354,member0355,member0356,member0357,member0358,member0359,member0360,member0361,member0362,member0363,member0364,member0365,member0366,member0367,member0368,member0369,member0370,member0371,member0372,member0373,member0374,member0375,member0376,member0377,member0378,member0379,member0380,member0381,member0382,member0383,member0384,member0385,member0386,member0387,member0388,member0389,member0390,member0391,member0392,member0393,member0394,member0395,member0396,member0397,member0398,member0399,member0400,member0401,member0402,member0403,member0404,member0405,member0406,member0407,member0408,member0409,member0410,member0411,member0412,member0413,member0414,member0415,member0416,member0417,member0418,member0419,member0420,member0421,member0422,member0423,member0424,member0425,member0426,member0427,member0428,member0429,member0430,member0431,member0432,member0433,member0434,member0435,member0436,member0437,member0438,member0439,member0440,member0441,member0442,member0443,member0444,member0445,member0446,member0447,member0448,member0449,member0450,member0451,member0452,member0453,member0454,member0455,member0456,member0457,member0458,member0459,member0460,member0461,member0462,member0463,member0464,member0465,member0466,member0467,member0468,member0469,member0470,member0471,member0472,member0473,member0474,member0475,member0476,member0477,member0478,member0479,member0480,member0481,member0482,member0483,member0484,member0485,member0486,member0487,member0488,member0489,member0490,member0491,member0492,member0493,member0494,member0495,member0496,member0497,member0498,member0499,member0500,member0501,member0502,member0503,member0504,member0505,member0506,member0507,member0508,member0509,member0510,member0511,member0512,member0513,member0514,member0515,member0516,member0517,member0518,member0519,member0520,member0521,member0522,member0523,member0524,member0525,member0526,member0527,member0528,member0529,member0530,member0531,member0532,member0533,member0534,member0535,member0536,member0537,member0538,member0539,member0540,member0541,member0542,member0543,member0544,member0545,member0546,member0547,member0548,member0549,member0550,member0551,member0552,member0553,member0554,member0555,member0556,member0557,member0558,member0559,member0560,member0561,member0562,member0563,member0564,member0565,member0566,member0567,member0568,member0569,member0570,member0571,member0572,member0573,member0574,member0575,member0576,member0577,member0578,member0579,member0580,member0581,member0582,member0583,member0584,member0585,member0586,member0587,member0588,member0589,member0590,member0591,member0592,member0593,member0594,member0595,member0596,member0597,member0598,member0599,member0600,member0601,member0602,member0603,member0604,member0605,member0606,member0607,member0608,member0609,member0610,member0611,member0612,member0613,member0614,member0615,member0616,member0617,member0618,member0619,member0620,member0621,member0622,member0623,member0624,member0625,member0626,member0627,member0628,member0629,member0630,member0631,member0632,member0633,member0634,member0635,member0636,member0637,member0638,member0639,member0640,member0641,member0642,member0643,member0644,member0645,member0646,member0647,member0648,member0649,member0650,member0651,member0652,member0653,member0654,member0655,member0656,member0657,member0658,member0659,member0660,member0661,member0662,member0663,member0664,member0665,member0666,member0667,member0668,member0669,member0670,member0671,member0672,member0673,member0674,member0675,member0676,member0677,member0678,member0679,member0680,member0681,member0682,member0683,member0684,member0685,member0686,member0687,member0688,member0689,member0690,member0691,member0692,member0693,member0694,member0695,member0696,member0697,member0698,member0699,member0700,member0701,member0702,member0703,member0704,member0705,member0706,member0707,member0708,member0709,member0710,member0711,member0712,member0713,member0714,member0715,member0716,member0717,member0718,member0719,member0720,member0721,member0722,member0723,member0724,member0725,member0726,member0727,member0728,member0729,member0730,member0731,member0732,member0733,member0734,member0735,member0736,member0737,member0738,member0739,member0740,member0741,member0742,member0743,member0744,member0745,member0746,member0747,member0748,member0749,member0750,member0751,member0752,member0753,member0754,member0755,member0756,member0757,member0758,member0759,member0760,member0761,member0762,member0763,member0764,member0765,member0766,member0767,member0768,member0769,member0770,member0771,member0772,member0773,member0774,member0775,member0776,member0777,member0778,member0779,member0780,member0781,member0782,member0783,member0784,member0785,member0786,member0787,member0788,member0789,member0790,member0791,member0792,member0793,member0794,member0795,member0796,member0797,member0798,member0799,member0800,member0801,member0802,member0803,member0804,member0805,member0806,member0807,member0808,member0809,member0810,member0811,member0812,member0813,member0814,member0815,member0816,member0817,member0818,member0819,member0820,member0821,member0822,member0823,member0824,member0825,member0826,member0827,member0828,member0829,member0830,member0831,member0832,member0833,member0834,member0835,member0836,member0837,member0838,member0839,member0840,member0841,member0842,member0843,member0844,member0845,member0846,member0847,member0848,member0849,member0850,member0851,member0852,member0853,member0854,member0855,member0856,member0857,member0858,member0859,member0860,member0861,member0862,member0863,member0864,member0865,member0866,member0867,member0868,member0869,member0870,member0871,member0872,member0873,member0874,member0875,member0876,member0877,member0878,member0879,member0880,member0881,member0882,member0883,member0884,member0885,member0886,member0887,member0888,member0889,member0890,member0891,member0892,member0893,member0894,member0895,member0896,member0897,member0898,member0899,member0900,member0901,member0902,member0903,member0904,member0905,member0906,member0907,member0908,member0909,member0910,member0911,member0912,member0913,member0914,member0915,member0916,member0917,member0918,member0919,member0920,member0921,member0922,member0923,member0924,member0925,member0926,member0927,member0928,member0929,member0930,member0931,member0932,member0933,member0934,member0935,member0936,member0937,member0938,member0939,member0940,member0941,member0942,member0943,member0944,member0945,member0946,member0947,member0948,member0949,member0950,member0951,member0952,member0953,member0954,member0955,member0956,member0957,member0958,member0959,member0960,member0961,member0962,member0963,member0964,member0965,member0966,member0967,member0968,member0969,member0970,member0971,member0972,member0973,member0974,member0975,member0976,member0977,member0978,member0979,member0980,member0981,member0982,member0983,member0984,member0985,member0986,member0987,member0988,member0989,member0990,member0991,member0992,member0993,member0994,member0995,member0996,member0997,member0998,member0999,member1000,member1001,member1002,member1003,member1004,member1005,member1006,member1007,member1008,member1009,member1010,member1011,member1012,member1013,member1014,member1015,member1016,member1017,member1018,member1019,member1020,member1021,member1022,member1023,member1024,member1025,member1026,member1027,member1028,member1029,member1030,member1031,member1032,member1033,member1034,member1035,member1036,member1037,member1038,member1039,member1040,member1041,member1042,member1043,member1044,member1045,member1046,member1047,member1048,member1049,member1050,member1051,member1052,member1053,member1054,member1055,member1056,member1057,member1058,member1059,member1060,member1061,member1062,member1063,member1064,member1065,member1066,member1067,member1068,member1069,member1070,member1071,member1072,member1073,member1074,member1075,member1076,member1077,member1078,member1079,member1080,member1081,member1082,member1083,member1084,member1085,member1086,member1087,member1088,member1089,member1090,member1091,member1092,member1093,member1094,member1095,member1096,member1097,member1098,member1099,member1100,member1101,member1102,member1103,member1104,member1105,member1106,member1107,member1108,member1109,member1110,member1111,member1112,member1113,member1114,member1115,member1116,member1117,member1118,member1119,member1120,member1121,member1122,member1123,member1124,member1125,member1126,member1127,member1128,member1129,member1130,member1131,member1132,member1133,member1134,member1135,member1136,member1137,member1138,member1139,member1140,member1141,member1142,member1143,member1144,member1145,member1146,member1147,member1148,member1149,member1150,member1151,member1152,member1153,member1154,member1155,member1156,member1157,member1158,member1159,member1160,member1161,member1162,member1163,member1164,member1165,member1166,member1167,member1168,member1169,member1170,member1171,member1172,member1173,member1174,member1175,member1176,member1177,member1178,member1179,member1180,member1181,member1182,member1183,member1184,member1185,member1186,member1187,member1188,member1189,member1190,member1191,member1192,member1193,member1194,member1195,member1196,member1197,member1198,member1199,member1200,member1201,member1202,member1203,member1204,member1205,member1206,member1207,member1208,member1209,member1210,member1211,member1212,member1213,member1214,member1215,member1216,member1217,member1218,member1219,member1220,member1221,member1222,member1223,member1224,member1225,member1226,member1227,member1228,member1229,member1230,member1231,member1232,member1233,member1234,member1235,member1236,member1237,member1238,member1239,member1240,member1241,member1242,member1243,member1244,member1245,member1246,member1247,member1248,member1249,member1250,member1251,member1252,member1253,member1254,member1255,member1256,member1257,member1258,member1259,member1260,member1261,member1262,member1263,member1264,member1265,member1266,member1267,member1268,member1269,member1270,member1271,member1272,member1273,member1274,member1275,member1276,member1277,member1278,member1279,member1280,member1281,member1282,member1283,member1284,member1285,member1286,member1287,member1288,member1289,member1290,member1291,member1292,member1293,member1294,member1295,member1296,member1297,member1298,member1299,member1300,member1301,member1302,member1303,member1304,member1305,member1306,member1307,member1308,member1309,member1310,member1311,member1312,member1313,member1314,member1315,member1316,member1317,member1318,member1319,member1320,member1321,member1322,member1323,member1324,member1325,member1326,member1327,member1328,member1329,member1330,member1331,member1332,member1333,member1334,member1335,member1336,member1337,member1338,member1339,member1340,member1341,member1342,member1343,member1344,member1345,member1346,member1347,member1348,member1349,member1350,member1351,member1352,member1353,member1354,member1355,member1356,member1357,member1358,member1359,member1360,member1361,member1362,member1363,member1364,member1365,member1366,member1367,member1368,member1369,member1370,member1371,member1372,member1373,member1374,member1375,member1376,member1377,member1378,member1379,member1380,member1381,member1382,member1383,member1384,member1385,member1386,member1387,member1388,member1389,member1390,member1391,member1392,member1393,member1394,member1395,member1396,member1397,member1398,member1399,member1400,member1401,member1402,member1403,member1404,member1405,member1406,member1407,member1408,member1409,member1410,member1411,member1412,member1413,member1414,member1415,member1416,member1417,member1418,member1419,member1420,member1421,member1422,member1423,member1424,member1425,member1426,member1427,member1428,member1429,member1430,member1431,member1432,member1433,member1434,member1435,member1436,member1437,member1438,member1439,member1440,member1441,member1442,member1443,member1444,member1445,member1446,member1447,member1448,member1449,member1450,member1451,member1452,member1453,member1454,member1455,member1456,member1457,member1458,member1459,member1460,member1461,member1462,member1463,member1464,member1465,member1466,member1467,member1468,member1469,member1470,member1471,member1472,member1473,member1474,member1475,member1476,member1477,member1478,member1479,member1480,member1481,member1482,member1483,member1484,member1485,member1486,member1487,member1488,member1489,member1490,member1491,member1492,member1493,member1494,member1495,member1496,member1497,member1498,member1499,member1500,member1501,member1502,member1503,member1504,member1505,member1506,member1507,member1508,member1509,member1510,member1511,member1512,member1513,member1514,member1515,member1516,member1517,member1518,member1519,member1520,member1521,member1522,member1523,member1524,member1525,member1526,member1527,member1528,member1529,member1530,member1531,member1532,member1533,member1534,member1535,member1536,member1537,member1538,member1539,member1540,member1541,member1542,member1543,member1544,member1545,member1546,member1547,member1548,member1549,member1550,member1551,member1552,member1553,member1554,member1555,member1556,member1557,member1558,member1559,member1560,member1561,member1562,member1563,member1564,member1565,member1566,member1567,member1568,member1569,member1570,member1571,member1572,member1573,member1574,member1575,member1576,member1577,member1578,member1579,member1580,member1581,member1582,member1583,member1584,member1585,member1586,member1587,member1588,member1589,member1590,member1591,member1592,member1593,member1594,member1595,member1596,member1597,member1598,member1599,member1600,member1601,member1602,member1603,member1604,member1605,member1606,member1607,member1608,member1609,member1610,member1611,member1612,member1613,member1614,member1615,member1616,member1617,member1618,member1619,member1620,member1621,member1622,member1623,member1624,member1625,member1626,member1627,member1628,member1629,member1630,member1631,member1632,member1633,member1634,member1635,member1636,member1637,member1638,member1639,member1640,member1641,member1642,member1643,member1644,member1645,member1646,member1647,member1648,member1649,member1650,member1651,member1652,member1653,member1654,member1655,member1656,member1657,member1658,member1659,member1660,member1661,member1662,member1663,member1664,member1665,member1666,member1667,member1668,member1669,member1670,member1671,member1672,member1673,member1674,member1675,member1676,member1677,member1678,member1679,member1680,member1681,member1682,member1683,member1684,member1685,member1686,member1687,member1688,member1689,member1690,member1691,member1692,member1693,member1694,member1695,member1696,member1697,member1698,member1699,member1700,member1701,member1702,member1703,member1704,member1705,member1706,member1707,member1708,member1709,member1710,member1711,member1712,member1713,member1714,member1715,member1716,member1717,member1718,member1719,member1720,member1721,member1722,member1723,member1724,member1725,member1726,member1727,member1728,member1729,member1730,member1731,member1732,member1733,member1734,member1735,member1736,member1737,member1738,member1739,member1740,member1741,member1742,member1743,member1744,member1745,member1746,member1747,member1748,member1749,member1750,member1751,member1752,member1753,member1754,member1755,member1756,member1757,member1758,member1759,member1760,member1761,member1762,member1763,member1764,member1765,member1766,member1767,member1768,member1769,member1770,member1771,member1772,member1773,member1774,member1775,member1776,member1777,member1778,member1779,member1780,member1781,member1782,member1783,member1784,member1785,member1786,member1787,member1788,member1789,member1790,member1791,member1792,member1793,member1794,member1795,member1796,member1797,member1798,member1799,member1800,member1801,member1802,member1803,member1804,member1805,member1806,member1807,member1808,member1809,member1810,member1811,member1812,member1813,member1814,member1815,member1816,member1817,member1818,member1819,member1820,member1821,member1822,member1823,member1824,member1825,member1826,member1827,member1828,member1829,member1830,member1831,member1832,member1833,member1834,member1835,member1836,member1837,member1838,member1839,member1840,member1841,member1842,member1843,member1844,member1845,member1846,member1847,member1848,member1849,member1850,member1851,member1852,member1853,member1854,member1855,member1856,member1857,member1858,member1859,member1860,member1861,member1862,member1863,member1864,member1865,member1866,member1867,member1868,member1869,member1870,member1871,member1872,member1873,member1874,member1875,member1876,member1877,member1878,member1879,member1880,member1881,member1882,member1883,member1884,member1885,member1886,member1887,member1888,member1889,member1890,member1891,member1892,member1893,member1894,member1895,member1896,member1897,member1898,member1899,member1900,member1901,member1902,member1903,member1904,member1905,member1906,member1907,member1908,member1909,member1910,member1911,member1912,member1913,member1914,member1915,member1916,member1917,member1918,member1919,member1920,member1921,member1922,member1923,member1924,member1925,member1926,member1927,member1928,member1929,member1930,member1931,member1932,member1933,member1934,member1935,member1936,member1937,member1938,member1939,member1940,member1941,member1942,member1943,member1944,member1945,member1946,member1947,member1948,member1949,member1950,member1951,member1952,member1953,member1954,member1955,member1956,member1957,member1958,member1959,member1960,member1961,member1962,member1963,member1964,member1965,member1966,member1967,member1968,member1969,member1970,member1971,member1972,member1973,member1974,member1975,member1976,member1977,member1978,member1979,member1980,member1981,member1982,member1983,member1984,member1985,member1986,member1987,member1988,member1989,member1990,member1991,member1992,member1993,member1994,member1995,member1996,member1997,member1998,member1999,member2000, diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/passwd b/daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/passwd new file mode 100644 index 0000000000000000000000000000000000000000..971e9bdb8a5d43d915ce0adc42ac29f2f95ade52 --- /dev/null +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/passwd @@ -0,0 +1,2 @@ +user:x:12345:23456:gecos:/home/user:/bin/shell +user_big:x:12346:23457::/home/user_big:/bin/shell diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/test_setup.sh b/daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/test_setup.sh new file mode 100644 index 0000000000000000000000000000000000000000..ad839f340efe989a91cd6902f59c9a41483f68e0 --- /dev/null +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/test_setup.sh @@ -0,0 +1,3 @@ +export LD_PRELOAD=$(pkg-config --libs nss_wrapper) +export NSS_WRAPPER_PASSWD=./test_data/passwd +export NSS_WRAPPER_GROUP=./test_data/group -- 2.1.0