sssd/0030-sysdb-remove-sysdb_getpwupn.patch
Alexey Tikhonov fbc22ccc53 Resolves: RHEL-168415 - [Addition] Crash in 'sss_client/autofs/sss_autofs.c' [rhel-8.10.z]
Resolves: RHEL-168363 - sss_override does not work on AD UPN [rhel-8.10.z]
Resolves: RHEL-192053 - CVE-2026-14474: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation [rhel-8.10.z]
Resolves: RHEL-192076 - CVE-2026-14476: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass [rhel-8.10.z]
2026-07-09 09:49:09 +02:00

96 lines
3.3 KiB
Diff

From 9937664e29e45706100b2b6ea5fd6570b848089b Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 12 Jun 2025 19:52:10 +0200
Subject: [PATCH 30/32] sysdb:: remove sysdb_getpwupn()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit fe61b85b440380bd88d5859819a1111878ca36ea)
---
src/db/sysdb.h | 6 ------
src/db/sysdb_search.c | 30 --------------------------
src/tests/cmocka/test_sysdb_ts_cache.c | 6 ------
3 files changed, 42 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 3a0259ec9..8c030bd07 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -852,12 +852,6 @@ int sysdb_getpwuid(TALLOC_CTX *mem_ctx,
uid_t uid,
struct ldb_result **res);
-int sysdb_getpwupn(TALLOC_CTX *mem_ctx,
- struct sss_domain_info *domain,
- bool domain_scope,
- const char *upn,
- struct ldb_result **res);
-
int sysdb_enumpwent(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
struct ldb_result **res);
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index f59312b72..49362beb0 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -598,36 +598,6 @@ static char *enum_filter(TALLOC_CTX *mem_ctx,
return filter;
}
-int sysdb_getpwupn(TALLOC_CTX *mem_ctx,
- struct sss_domain_info *domain,
- bool domain_scope,
- const char *upn,
- struct ldb_result **_res)
-{
- TALLOC_CTX *tmp_ctx;
- struct ldb_result *res;
- static const char *attrs[] = SYSDB_PW_ATTRS;
- errno_t ret;
-
- tmp_ctx = talloc_new(NULL);
- if (tmp_ctx == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
- return ENOMEM;
- }
-
- ret = sysdb_search_user_by_upn_res(tmp_ctx, domain, domain_scope, upn, attrs, &res);
- if (ret != EOK && ret != ENOENT) {
- DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_upn_res() failed.\n");
- goto done;
- }
-
- *_res = talloc_steal(mem_ctx, res);
-
-done:
- talloc_free(tmp_ctx);
- return ret;
-}
-
errno_t sysdb_search_ts_matches(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
const char *attrs[],
diff --git a/src/tests/cmocka/test_sysdb_ts_cache.c b/src/tests/cmocka/test_sysdb_ts_cache.c
index f349b7061..531de72ab 100644
--- a/src/tests/cmocka/test_sysdb_ts_cache.c
+++ b/src/tests/cmocka/test_sysdb_ts_cache.c
@@ -1303,12 +1303,6 @@ static void test_user_byupn(void **state)
TEST_NOW_2);
assert_int_equal(ret, EOK);
- ret = sysdb_getpwupn(test_ctx, test_ctx->tctx->dom, false, TEST_USER_UPN, &res);
- assert_int_equal(ret, EOK);
- assert_int_equal(res->count, 1);
- assert_ts_attrs_res(res, TEST_NOW_2 + TEST_CACHE_TIMEOUT, TEST_NOW_2);
- talloc_free(res);
-
ret = sysdb_search_user_by_upn_res(test_ctx, test_ctx->tctx->dom,
false, TEST_USER_UPN, pw_fetch_attrs,
&res);
--
2.54.0