SYSDB: Removing of sysdb_try_to_find_expected_dn()

Currently in order to match multiple LDAP search results we
use two different functions - we have sysdb_try_to_find_expected_dn()
but also sdap_object_in_domain().

This patch removes sysdb_try_to_find_expected_dn() and add new
sdap_search_initgr_user_in_batch() based on sdap_object_in_domain().
This function covers necessary logic.

Resolves:
https://fedorahosted.org/sssd/ticket/3230

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

3 files changed, 30 insertions, 8 deletions

diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index eb460d93b..bfb7fc6d2 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -1673,9 +1673,9 @@ char *sdap_make_oc_list(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map)
     }
 }
 
-static bool sdap_object_in_domain(struct sdap_options *opts,
-                                  struct sysdb_attrs *obj,
-                                  struct sss_domain_info *dom)
+bool sdap_object_in_domain(struct sdap_options *opts,
+                           struct sysdb_attrs *obj,
+                           struct sss_domain_info *dom)
 {
     errno_t ret;
     const char *original_dn = NULL;
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index e3cb8464f..6d4543ed4 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -616,4 +616,8 @@ size_t sdap_steal_objects_in_dom(struct sdap_options *opts,
                                  size_t count,
                                  bool filter);
 
+bool sdap_object_in_domain(struct sdap_options *opts,
+                           struct sysdb_attrs *obj,
+                           struct sss_domain_info *dom);
+
 #endif /* _SDAP_H_ */
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 2cd9c15b9..8c7a65bf3 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -23,6 +23,7 @@
 
 #include "util/util.h"
 #include "db/sysdb.h"
+#include "providers/ldap/sdap.h"
 #include "providers/ldap/sdap_async_private.h"
 #include "providers/ldap/ldap_common.h"
 #include "providers/ldap/sdap_idmap.h"
@@ -2890,6 +2891,25 @@ static errno_t sdap_get_initgr_next_base(struct tevent_req *req)
     return EOK;
 }
 
+static int sdap_search_initgr_user_in_batch(struct sdap_get_initgr_state *state,
+                                            struct sysdb_attrs **users,
+                                            size_t count)
+{
+    int ret = EINVAL;
+
+    for (size_t i = 0; i < count; i++) {
+        if (sdap_object_in_domain(state->opts, users[i], state->dom) == false) {
+            continue;
+        }
+
+        state->orig_user = talloc_steal(state, users[i]);
+        ret = EOK;
+        break;
+    }
+
+    return ret;
+}
+
 static void sdap_get_initgr_user(struct tevent_req *subreq)
 {
     struct tevent_req *req = tevent_req_callback_data(subreq,
@@ -2951,13 +2971,11 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
          * the first search base because all bases in a single domain would
          * have the same DC= components
          */
-        ret = sysdb_try_to_find_expected_dn(state->dom, "dc",
-                                            state->sdom->search_bases[0]->basedn,
-                                            usr_attrs, count,
-                                            &state->orig_user);
+        ret = sdap_search_initgr_user_in_batch(state, usr_attrs, count);
         if (ret != EOK) {
             DEBUG(SSSDBG_OP_FAILURE,
-                  "try_to_find_expected_dn failed. No matching DN found.\n");
+                  "sdap_search_initgr_user_in_batch failed. "
+                  "No matching DN found.\n");
             tevent_req_error(req, EINVAL);
             return;
         }