diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2015-09-01 08:26:00 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-18 17:20:40 +0200 |
commit | 3d8b576bf49a79d5776574b96c6ef9535bbc46ac (patch) | |
tree | 34e91e2f070d7d7d256b94da918f612b45157aec | |
parent | 9c563db822758732b25a3c8c61ffac90a7deffc3 (diff) | |
download | sssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.tar.gz sssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.tar.xz sssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.zip |
Partially revert "LDAP: sanitize group name when used in filter"
This reverts commit e2e334b2f51118cb14c7391c4e4e44ff247ef638.
+ temporary disable unit test
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r-- | Makefile.am | 1 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id_cleanup.c | 88 |
2 files changed, 5 insertions, 84 deletions
diff --git a/Makefile.am b/Makefile.am index 3eaf578a8..5a99c9784 100644 --- a/Makefile.am +++ b/Makefile.am @@ -219,7 +219,6 @@ if HAVE_CMOCKA sss_sifp-tests \ test_search_bases \ test_ldap_auth \ - test_ldap_id_cleanup \ test_sdap_access \ sdap-tests \ test_sysdb_views \ diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c index 43df5b83b..461e1834e 100644 --- a/src/providers/ldap/ldap_id_cleanup.c +++ b/src/providers/ldap/ldap_id_cleanup.c @@ -32,12 +32,6 @@ #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" -static errno_t -get_group_dn_with_filter_sanitized_name(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *group_name, - const char **_group_dn); - /* ==Cleanup-Task========================================================= */ struct ldap_id_cleanup_ctx { struct sdap_id_ctx *ctx; @@ -375,6 +369,7 @@ static int cleanup_groups(TALLOC_CTX *memctx, const char *attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL }; time_t now = time(NULL); char *subfilter; + const char *dn; gid_t gid; struct ldb_message **msgs; size_t count; @@ -415,25 +410,10 @@ static int cleanup_groups(TALLOC_CTX *memctx, } for (i = 0; i < count; i++) { - const char *dn; - const char *group_name; - - group_name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); - if (group_name == NULL) { - DEBUG(SSSDBG_MINOR_FAILURE, "No '%s' attribute.\n", SYSDB_NAME); - ret = EINVAL; - goto done; - } - - /* DN might contain characters that need not to be sanitized in DN, - * but need to be sanitized in filter - e.g. '(', ')' - */ - ret = get_group_dn_with_filter_sanitized_name(tmpctx, domain, group_name, - &dn); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - "get_group_dn_with_filter_sanitized_name failed: %s:[%d].\n", - sss_strerror(ret), ret); + dn = ldb_dn_get_linearized(msgs[i]->dn); + if (!dn) { + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot linearize DN!\n"); + ret = EFAULT; goto done; } @@ -500,61 +480,3 @@ done: talloc_zfree(tmpctx); return ret; } - -static errno_t -get_group_dn_with_filter_sanitized_name(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *group_name, - const char **_group_dn) -{ - errno_t ret; - TALLOC_CTX *tmp_ctx; - const char *dn; - const char *sanitized_dn; - char *sanitized_group_name; - struct ldb_dn *group_base_dn; - - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - ret = ENOMEM; - } - - /* sanitize group name */ - ret = sss_filter_sanitize(tmp_ctx, group_name, &sanitized_group_name); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, "sss_filter_sanitize failed: %s:[%d]\n", - sss_strerror(ret), ret); - goto done; - } - - /* group base dn */ - group_base_dn = sysdb_group_base_dn(tmp_ctx, domain); - if (group_base_dn == NULL) { - DEBUG(SSSDBG_MINOR_FAILURE, "Cannot get group base DN!\n"); - ret = EFAULT; - goto done; - } - - dn = ldb_dn_get_linearized(group_base_dn); - if (dn == NULL) { - DEBUG(SSSDBG_MINOR_FAILURE, "Cannot linearize DN!\n"); - ret = EFAULT; - goto done; - } - - /* complete group DN with filter sanitized name */ - sanitized_dn = talloc_asprintf(tmp_ctx, "%s=%s,%s", - SYSDB_NAME, sanitized_group_name, dn); - if (sanitized_dn == NULL) { - DEBUG(SSSDBG_MINOR_FAILURE, "Failed to build DN\n"); - ret = ENOMEM; - goto done; - } - - ret = EOK; - *_group_dn = talloc_steal(mem_ctx, sanitized_dn); - -done: - talloc_free(tmp_ctx); - return ret; -} |