Partially revert "LDAP: sanitize group name when used in filter"

This reverts commit e2e334b2f51118cb14c7391c4e4e44ff247ef638. + temporary disable unit test Reviewed-by: Pavel Březina <pbrezina@redhat.com>
author: Lukas Slebodnik <lslebodn@redhat.com> 2015-09-01 08:26:00 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-09-18 17:20:40 +0200
commit: 3d8b576bf49a79d5776574b96c6ef9535bbc46ac (patch)
tree: 34e91e2f070d7d7d256b94da918f612b45157aec
parent: 9c563db822758732b25a3c8c61ffac90a7deffc3 (diff)
download: sssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.tar.gz
sssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.tar.xz
sssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.zip
2 files changed, 5 insertions, 84 deletions
diff --git a/Makefile.am b/Makefile.am
index 3eaf578a8..5a99c9784 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -219,7 +219,6 @@ if HAVE_CMOCKA
         sss_sifp-tests \
         test_search_bases \
         test_ldap_auth \
-        test_ldap_id_cleanup \
         test_sdap_access \
         sdap-tests \
         test_sysdb_views \
diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c
index 43df5b83b..461e1834e 100644
--- a/src/providers/ldap/ldap_id_cleanup.c
+++ b/src/providers/ldap/ldap_id_cleanup.c
@@ -32,12 +32,6 @@
 #include "providers/ldap/ldap_common.h"
 #include "providers/ldap/sdap_async.h"
 
-static errno_t
-get_group_dn_with_filter_sanitized_name(TALLOC_CTX *mem_ctx,
-                                        struct sss_domain_info *domain,
-                                        const char *group_name,
-                                        const char **_group_dn);
-
 /* ==Cleanup-Task========================================================= */
 struct ldap_id_cleanup_ctx {
     struct sdap_id_ctx *ctx;
@@ -375,6 +369,7 @@ static int cleanup_groups(TALLOC_CTX *memctx,
     const char *attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL };
     time_t now = time(NULL);
     char *subfilter;
+    const char *dn;
     gid_t gid;
     struct ldb_message **msgs;
     size_t count;
@@ -415,25 +410,10 @@ static int cleanup_groups(TALLOC_CTX *memctx,
     }
 
     for (i = 0; i < count; i++) {
-        const char *dn;
-        const char *group_name;
-
-        group_name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
-        if (group_name == NULL) {
-            DEBUG(SSSDBG_MINOR_FAILURE, "No '%s' attribute.\n", SYSDB_NAME);
-            ret = EINVAL;
-            goto done;
-        }
-
-        /* DN might contain characters that need not to be sanitized in DN,
-         * but need to be sanitized in filter - e.g. '(', ')'
-         */
-        ret = get_group_dn_with_filter_sanitized_name(tmpctx, domain, group_name,
-                                                      &dn);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_MINOR_FAILURE,
-                  "get_group_dn_with_filter_sanitized_name failed: %s:[%d].\n",
-                  sss_strerror(ret), ret);
+        dn = ldb_dn_get_linearized(msgs[i]->dn);
+        if (!dn) {
+            DEBUG(SSSDBG_CRIT_FAILURE, "Cannot linearize DN!\n");
+            ret = EFAULT;
             goto done;
         }
 
@@ -500,61 +480,3 @@ done:
     talloc_zfree(tmpctx);
     return ret;
 }
-
-static errno_t
-get_group_dn_with_filter_sanitized_name(TALLOC_CTX *mem_ctx,
-                                        struct sss_domain_info *domain,
-                                        const char *group_name,
-                                        const char **_group_dn)
-{
-    errno_t ret;
-    TALLOC_CTX *tmp_ctx;
-    const char *dn;
-    const char *sanitized_dn;
-    char *sanitized_group_name;
-    struct ldb_dn *group_base_dn;
-
-    tmp_ctx = talloc_new(NULL);
-    if (tmp_ctx == NULL) {
-        ret = ENOMEM;
-    }
-
-    /* sanitize group name */
-    ret = sss_filter_sanitize(tmp_ctx, group_name, &sanitized_group_name);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_MINOR_FAILURE, "sss_filter_sanitize failed: %s:[%d]\n",
-              sss_strerror(ret), ret);
-        goto done;
-    }
-
-    /* group base dn */
-    group_base_dn = sysdb_group_base_dn(tmp_ctx, domain);
-    if (group_base_dn == NULL) {
-        DEBUG(SSSDBG_MINOR_FAILURE, "Cannot get group base DN!\n");
-        ret = EFAULT;
-        goto done;
-    }
-
-    dn = ldb_dn_get_linearized(group_base_dn);
-    if (dn == NULL) {
-        DEBUG(SSSDBG_MINOR_FAILURE, "Cannot linearize DN!\n");
-        ret = EFAULT;
-        goto done;
-    }
-
-    /* complete group DN with filter sanitized name */
-    sanitized_dn = talloc_asprintf(tmp_ctx, "%s=%s,%s",
-                                   SYSDB_NAME, sanitized_group_name, dn);
-    if (sanitized_dn == NULL) {
-        DEBUG(SSSDBG_MINOR_FAILURE, "Failed to build DN\n");
-        ret = ENOMEM;
-        goto done;
-    }
-
-    ret = EOK;
-    *_group_dn = talloc_steal(mem_ctx, sanitized_dn);
-
-done:
-    talloc_free(tmp_ctx);
-    return ret;
-}
author	Lukas Slebodnik <lslebodn@redhat.com>	2015-09-01 08:26:00 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-09-18 17:20:40 +0200
commit	3d8b576bf49a79d5776574b96c6ef9535bbc46ac (patch)
tree	34e91e2f070d7d7d256b94da918f612b45157aec
parent	9c563db822758732b25a3c8c61ffac90a7deffc3 (diff)
download	sssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.tar.gz sssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.tar.xz sssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.zip