diff options
author | Sumit Bose <sbose@redhat.com> | 2012-06-01 13:08:04 +0200 |
---|---|---|
committer | Jan Zeleny <jzeleny@redhat.com> | 2012-06-08 14:42:09 +0200 |
commit | 2d07aa724c93bbaec2cd29470941c0754c74f715 (patch) | |
tree | a7bdafe74023d4f472e126fab25ba1108cbaa579 | |
parent | 2998435fcc95857b73049b3955af9889ab595f24 (diff) | |
download | sssd-2d07aa724c93bbaec2cd29470941c0754c74f715.tar.gz sssd-2d07aa724c93bbaec2cd29470941c0754c74f715.tar.bz2 sssd-2d07aa724c93bbaec2cd29470941c0754c74f715.zip |
sss_idmap: fix typo which prevents sub auth larger then 2^31
A test to cover this is added as well.
-rw-r--r-- | src/lib/idmap/sss_idmap_conv.c | 6 | ||||
-rw-r--r-- | src/tests/sss_idmap-tests.c | 37 |
2 files changed, 40 insertions, 3 deletions
diff --git a/src/lib/idmap/sss_idmap_conv.c b/src/lib/idmap/sss_idmap_conv.c index 1d3ffb3b..a3360422 100644 --- a/src/lib/idmap/sss_idmap_conv.c +++ b/src/lib/idmap/sss_idmap_conv.c @@ -263,7 +263,7 @@ enum idmap_error_code sss_idmap_sid_to_dom_sid(struct sss_idmap_ctx *ctx, } errno = 0; ul = strtoul(r, &r, 10); - if (errno != 0 || r == NULL) { + if (errno != 0 || r == NULL || ul > UINT32_MAX) { err = IDMAP_SID_INVALID; goto done; } @@ -301,8 +301,8 @@ enum idmap_error_code sss_idmap_sid_to_dom_sid(struct sss_idmap_ctx *ctx, } errno = 0; - ul = strtol(r, &end, 10); - if (errno != 0 || end == NULL || + ul = strtoul(r, &end, 10); + if (errno != 0 || ul > UINT32_MAX || end == NULL || (*end != '\0' && *end != '-')) { err = IDMAP_SID_INVALID; goto done; diff --git a/src/tests/sss_idmap-tests.c b/src/tests/sss_idmap-tests.c index 73c2d21d..e6d75372 100644 --- a/src/tests/sss_idmap-tests.c +++ b/src/tests/sss_idmap-tests.c @@ -38,6 +38,9 @@ size_t test_bin_sid_length = sizeof(test_bin_sid); struct dom_sid test_smb_sid = {1, 5, {0, 0, 0, 0, 0, 5}, {21, 2127521184, 1604012920, 1887927527, 72713, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}; +const char large_sid[] = "S-1-5-21-1-2-4294967295-1000"; +const char too_large_sid[] = "S-1-5-21-1-2-4294967296-1000"; + struct sss_idmap_ctx *idmap_ctx; static void *idmap_talloc(size_t size, void *pvt) @@ -324,6 +327,39 @@ START_TEST(idmap_test_sid2dom_sid) } END_TEST +START_TEST(idmap_test_large_and_too_large_sid) +{ + struct sss_dom_sid *dom_sid = NULL; + enum idmap_error_code err; + char *new_sid = NULL; + + err = sss_idmap_sid_to_dom_sid(idmap_ctx, large_sid, &dom_sid); + + fail_unless(err == IDMAP_SUCCESS, + "Failed to convert SID string with a UINT32_MAX component " + "to struct sss_dom_sid."); + + err = sss_idmap_dom_sid_to_sid(idmap_ctx, dom_sid, &new_sid); + fail_unless(err == IDMAP_SUCCESS, + "Failed to convert struct sss_dom_sid to SID string."); + + fail_unless(new_sid != NULL, "SID string not set"); + fail_unless(strlen(large_sid) == strlen(new_sid), + "Length of SID strings do not match."); + fail_unless(strcmp(large_sid, new_sid) == 0, + "SID strings do not match, expected [%s], got [%s]", + large_sid, new_sid); + + err = sss_idmap_sid_to_dom_sid(idmap_ctx, too_large_sid, &dom_sid); + fail_unless(err == IDMAP_SID_INVALID, + "Trying to convert a SID with a too large component " + "did not return IDMAP_SID_INVALID"); + + talloc_free(dom_sid); + talloc_free(new_sid); +} +END_TEST + START_TEST(idmap_test_sid2bin_sid) { enum idmap_error_code err; @@ -494,6 +530,7 @@ Suite *idmap_test_suite (void) tcase_add_test(tc_conv, idmap_test_bin_sid2smb_sid); tcase_add_test(tc_conv, idmap_test_smb_sid2sid); tcase_add_test(tc_conv, idmap_test_sid2smb_sid); + tcase_add_test(tc_conv, idmap_test_large_and_too_large_sid); suite_add_tcase(s, tc_conv); |