2 files changed, 62 insertions, 0 deletions

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index fb5e6450..e91143c1 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -154,6 +154,8 @@
 #define SYSDB_NETGR_FILTER "(&("SYSDB_NC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
 #define SYSDB_NETGR_TRIPLES_FILTER "(|("SYSDB_NAME"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_MEMBEROF"=%s))"
 
+#define SYSDB_SID_FILTER "(&(|("SYSDB_UC")("SYSDB_GC"))("SYSDB_SID_STR"=%s))"
+
 #define SYSDB_HAS_ENUMERATED "has_enumerated"
 
 #define SYSDB_DEFAULT_ATTRS SYSDB_LAST_UPDATE, \
@@ -848,4 +850,10 @@ errno_t sysdb_idmap_get_mappings(TALLOC_CTX *mem_ctx,
                                  struct sss_domain_info *domain,
                                  struct ldb_result **_result);
 
+errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx,
+                                   struct sysdb_ctx *sysdb,
+                                   struct sss_domain_info *domain,
+                                   const char *sid_str,
+                                   const char **attrs,
+                                   struct ldb_result **msg);
 #endif /* __SYS_DB_H__ */
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 45a7265c..710a23b0 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -3174,3 +3174,57 @@ done:
     talloc_free(msg);
     return ret;
 }
+
+errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx,
+                                   struct sysdb_ctx *sysdb,
+                                   struct sss_domain_info *domain,
+                                   const char *sid_str,
+                                   const char **attrs,
+                                   struct ldb_result **msg)
+{
+    TALLOC_CTX *tmp_ctx;
+    const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, SYSDB_GIDNUM,
+                                SYSDB_OBJECTCLASS, NULL };
+    struct ldb_dn *basedn;
+    int ret;
+    struct ldb_result *res = NULL;
+
+    tmp_ctx = talloc_new(NULL);
+    if (!tmp_ctx) {
+        return ENOMEM;
+    }
+
+    basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, domain->name);
+    if (basedn == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, ("ldb_dn_new_fmt failed.\n"));
+        ret = ENOMEM;
+        goto done;
+    }
+
+    ret = ldb_search(sysdb->ldb, tmp_ctx, &res,
+                     basedn, LDB_SCOPE_SUBTREE, attrs?attrs:def_attrs,
+                     SYSDB_SID_FILTER, sid_str);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, ("ldb_search failed.\n"));
+        goto done;
+    }
+
+    if (res->count > 1) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Search for SID [%s] returned more than " \
+                                    "one object.\n", sid_str));
+        ret = EINVAL;
+        goto done;
+    }
+
+    *msg = talloc_steal(mem_ctx, res);
+
+done:
+    if (ret == ENOENT) {
+        DEBUG(SSSDBG_TRACE_FUNC, ("No such entry.\n"));
+    } else if (ret) {
+        DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
+    }
+
+    talloc_zfree(tmp_ctx);
+    return ret;
+}