summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Slebodnik <lslebodn@redhat.com>2015-09-01 08:26:00 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-09-18 17:20:40 +0200
commit3d8b576bf49a79d5776574b96c6ef9535bbc46ac (patch)
tree34e91e2f070d7d7d256b94da918f612b45157aec
parent9c563db822758732b25a3c8c61ffac90a7deffc3 (diff)
downloadsssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.tar.gz
sssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.tar.xz
sssd-3d8b576bf49a79d5776574b96c6ef9535bbc46ac.zip
Partially revert "LDAP: sanitize group name when used in filter"
This reverts commit e2e334b2f51118cb14c7391c4e4e44ff247ef638. + temporary disable unit test Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r--Makefile.am1
-rw-r--r--src/providers/ldap/ldap_id_cleanup.c88
2 files changed, 5 insertions, 84 deletions
diff --git a/Makefile.am b/Makefile.am
index 3eaf578a8..5a99c9784 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -219,7 +219,6 @@ if HAVE_CMOCKA
sss_sifp-tests \
test_search_bases \
test_ldap_auth \
- test_ldap_id_cleanup \
test_sdap_access \
sdap-tests \
test_sysdb_views \
diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c
index 43df5b83b..461e1834e 100644
--- a/src/providers/ldap/ldap_id_cleanup.c
+++ b/src/providers/ldap/ldap_id_cleanup.c
@@ -32,12 +32,6 @@
#include "providers/ldap/ldap_common.h"
#include "providers/ldap/sdap_async.h"
-static errno_t
-get_group_dn_with_filter_sanitized_name(TALLOC_CTX *mem_ctx,
- struct sss_domain_info *domain,
- const char *group_name,
- const char **_group_dn);
-
/* ==Cleanup-Task========================================================= */
struct ldap_id_cleanup_ctx {
struct sdap_id_ctx *ctx;
@@ -375,6 +369,7 @@ static int cleanup_groups(TALLOC_CTX *memctx,
const char *attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL };
time_t now = time(NULL);
char *subfilter;
+ const char *dn;
gid_t gid;
struct ldb_message **msgs;
size_t count;
@@ -415,25 +410,10 @@ static int cleanup_groups(TALLOC_CTX *memctx,
}
for (i = 0; i < count; i++) {
- const char *dn;
- const char *group_name;
-
- group_name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
- if (group_name == NULL) {
- DEBUG(SSSDBG_MINOR_FAILURE, "No '%s' attribute.\n", SYSDB_NAME);
- ret = EINVAL;
- goto done;
- }
-
- /* DN might contain characters that need not to be sanitized in DN,
- * but need to be sanitized in filter - e.g. '(', ')'
- */
- ret = get_group_dn_with_filter_sanitized_name(tmpctx, domain, group_name,
- &dn);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- "get_group_dn_with_filter_sanitized_name failed: %s:[%d].\n",
- sss_strerror(ret), ret);
+ dn = ldb_dn_get_linearized(msgs[i]->dn);
+ if (!dn) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot linearize DN!\n");
+ ret = EFAULT;
goto done;
}
@@ -500,61 +480,3 @@ done:
talloc_zfree(tmpctx);
return ret;
}
-
-static errno_t
-get_group_dn_with_filter_sanitized_name(TALLOC_CTX *mem_ctx,
- struct sss_domain_info *domain,
- const char *group_name,
- const char **_group_dn)
-{
- errno_t ret;
- TALLOC_CTX *tmp_ctx;
- const char *dn;
- const char *sanitized_dn;
- char *sanitized_group_name;
- struct ldb_dn *group_base_dn;
-
- tmp_ctx = talloc_new(NULL);
- if (tmp_ctx == NULL) {
- ret = ENOMEM;
- }
-
- /* sanitize group name */
- ret = sss_filter_sanitize(tmp_ctx, group_name, &sanitized_group_name);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "sss_filter_sanitize failed: %s:[%d]\n",
- sss_strerror(ret), ret);
- goto done;
- }
-
- /* group base dn */
- group_base_dn = sysdb_group_base_dn(tmp_ctx, domain);
- if (group_base_dn == NULL) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Cannot get group base DN!\n");
- ret = EFAULT;
- goto done;
- }
-
- dn = ldb_dn_get_linearized(group_base_dn);
- if (dn == NULL) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Cannot linearize DN!\n");
- ret = EFAULT;
- goto done;
- }
-
- /* complete group DN with filter sanitized name */
- sanitized_dn = talloc_asprintf(tmp_ctx, "%s=%s,%s",
- SYSDB_NAME, sanitized_group_name, dn);
- if (sanitized_dn == NULL) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Failed to build DN\n");
- ret = ENOMEM;
- goto done;
- }
-
- ret = EOK;
- *_group_dn = talloc_steal(mem_ctx, sanitized_dn);
-
-done:
- talloc_free(tmp_ctx);
- return ret;
-}