sssd/0101-SDAP-Use-sysdb_search_-_by_orig_dn-in-sdap_async_gro.patch

From e3d9ce0ac22796cb08ad2daed006021b44b28c69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Fri, 2 Jun 2017 14:12:29 +0200
Subject: [PATCH 101/115] SDAP: Use sysdb_search_*_by_orig_dn() in
 sdap_async_groups.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Methods for searching the users, groups and entries by their orig dn
have been introduced in one of the previous commit.

Let's make use of those whenever it makes sense.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 src/providers/ldap/sdap_async_groups.c | 23 ++---------------------
 1 file changed, 2 insertions(+), 21 deletions(-)

diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 81503798c4abc7598810a2b97b4d03fbebe7f953..536e3f13744c5350eed518c9bd35fd89e0899dc6 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -2498,14 +2498,12 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,
     errno_t ret, sret;
     struct ldb_message_element *el;
     const char *username;
-    char *clean_orig_dn;
     const char *original_dn;
     struct sss_domain_info *user_dom;
     struct sdap_domain *sdap_dom;
 
     TALLOC_CTX *tmp_ctx;
     struct ldb_message **msgs;
-    char *filter;
     const char *sysdb_name;
     struct sysdb_attrs *attrs;
     static const char *search_attrs[] = { SYSDB_NAME, NULL };
@@ -2553,14 +2551,6 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,
         }
         original_dn = (const char *) el->values[0].data;
 
-        ret = sss_filter_sanitize(tmp_ctx, original_dn,
-                                  &clean_orig_dn);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_CRIT_FAILURE,
-                  "Cannot sanitize originalDN [%s]\n", original_dn);
-            goto done;
-        }
-
         sdap_dom = sdap_domain_get_by_dn(opts, original_dn);
         user_dom = sdap_dom == NULL ? domain : sdap_dom->dom;
 
@@ -2573,19 +2563,10 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,
         }
 
         /* Check for the specified origDN in the sysdb */
-        filter = talloc_asprintf(tmp_ctx, "(%s=%s)",
-                                 SYSDB_ORIG_DN,
-                                 clean_orig_dn);
-        if (!filter) {
-            ret = ENOMEM;
-            goto done;
-        }
         PROBE(SDAP_NESTED_GROUP_POPULATE_SEARCH_USERS_PRE);
-        ret = sysdb_search_users(tmp_ctx, user_dom, filter,
-                                 search_attrs, &count, &msgs);
+        ret = sysdb_search_users_by_orig_dn(tmp_ctx, user_dom, original_dn,
+                                            search_attrs, &count, &msgs);
         PROBE(SDAP_NESTED_GROUP_POPULATE_SEARCH_USERS_POST);
-        talloc_zfree(filter);
-        talloc_zfree(clean_orig_dn);
         if (ret != EOK && ret != ENOENT) {
             DEBUG(SSSDBG_CRIT_FAILURE, "Error checking cache for user entry\n");
             goto done;
-- 
2.14.1
Fix few bugs/regressions Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied 2017-09-11 10:04:54 +00:00			`From e3d9ce0ac22796cb08ad2daed006021b44b28c69 Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>`
			`Date: Fri, 2 Jun 2017 14:12:29 +0200`
			`Subject: [PATCH 101/115] SDAP: Use sysdb_search_*_by_orig_dn() in`
			`sdap_async_groups.c`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`Methods for searching the users, groups and entries by their orig dn`
			`have been introduced in one of the previous commit.`

			`Let's make use of those whenever it makes sense.`

			`Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>`

			`Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>`
			`Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>`
			`---`
			`src/providers/ldap/sdap_async_groups.c \| 23 ++---------------------`
			`1 file changed, 2 insertions(+), 21 deletions(-)`

			`diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c`
			`index 81503798c4abc7598810a2b97b4d03fbebe7f953..536e3f13744c5350eed518c9bd35fd89e0899dc6 100644`
			`--- a/src/providers/ldap/sdap_async_groups.c`
			`+++ b/src/providers/ldap/sdap_async_groups.c`
			`@@ -2498,14 +2498,12 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,`
			`errno_t ret, sret;`
			`struct ldb_message_element *el;`
			`const char *username;`
			`- char *clean_orig_dn;`
			`const char *original_dn;`
			`struct sss_domain_info *user_dom;`
			`struct sdap_domain *sdap_dom;`

			`TALLOC_CTX *tmp_ctx;`
			`struct ldb_message **msgs;`
			`- char *filter;`
			`const char *sysdb_name;`
			`struct sysdb_attrs *attrs;`
			`static const char *search_attrs[] = { SYSDB_NAME, NULL };`
			`@@ -2553,14 +2551,6 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,`
			`}`
			`original_dn = (const char *) el->values[0].data;`

			`- ret = sss_filter_sanitize(tmp_ctx, original_dn,`
			`- &clean_orig_dn);`
			`- if (ret != EOK) {`
			`- DEBUG(SSSDBG_CRIT_FAILURE,`
			`- "Cannot sanitize originalDN [%s]\n", original_dn);`
			`- goto done;`
			`- }`
			`-`
			`sdap_dom = sdap_domain_get_by_dn(opts, original_dn);`
			`user_dom = sdap_dom == NULL ? domain : sdap_dom->dom;`

			`@@ -2573,19 +2563,10 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,`
			`}`

			`/* Check for the specified origDN in the sysdb */`
			`- filter = talloc_asprintf(tmp_ctx, "(%s=%s)",`
			`- SYSDB_ORIG_DN,`
			`- clean_orig_dn);`
			`- if (!filter) {`
			`- ret = ENOMEM;`
			`- goto done;`
			`- }`
			`PROBE(SDAP_NESTED_GROUP_POPULATE_SEARCH_USERS_PRE);`
			`- ret = sysdb_search_users(tmp_ctx, user_dom, filter,`
			`- search_attrs, &count, &msgs);`
			`+ ret = sysdb_search_users_by_orig_dn(tmp_ctx, user_dom, original_dn,`
			`+ search_attrs, &count, &msgs);`
			`PROBE(SDAP_NESTED_GROUP_POPULATE_SEARCH_USERS_POST);`
			`- talloc_zfree(filter);`
			`- talloc_zfree(clean_orig_dn);`
			`if (ret != EOK && ret != ENOENT) {`
			`DEBUG(SSSDBG_CRIT_FAILURE, "Error checking cache for user entry\n");`
			`goto done;`
			`--`
			`2.14.1`