SYSDB: When searching for UPNs, search either the whole DB or only the given domain

The search-by-UPN functions always searched for the whole domain. In
some cases, the caller depends on the result coming from the domain
specified by the 'domain' parameter. This is the case in the cache_req
code at least. Even though it should be safe to just switch to always
searching the whole domain, in order to allow us to examine the code
carefully and test each codepath, let's introduce a boolean option to
the search functions. Currently it defaults to false in all codepaths
and as we test the individual ones, we can flip the option to true until
we finally remove the option altogether.

Reviewed-by: Sumit Bose <sbose@redhat.com>

1 files changed, 4 insertions, 3 deletions

diff --git a/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c b/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c
index 9c6957309..2453430e4 100644
--- a/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c
+++ b/src/responder/common/cache_req/plugins/cache_req_user_by_upn.c
@@ -85,11 +85,12 @@ cache_req_user_by_upn_lookup(TALLOC_CTX *mem_ctx,
                              struct ldb_result **_result)
 {
     if (data->attrs == NULL) {
-        return sysdb_getpwupn(mem_ctx, domain, data->name.lookup, _result);
+        return sysdb_getpwupn(mem_ctx, domain, false, data->name.lookup, _result);
     }
 
-    return sysdb_search_user_by_upn_res(mem_ctx, domain, data->name.lookup,
-                                        data->attrs, _result);
+    return sysdb_search_user_by_upn_res(mem_ctx, domain, false,
+                                        data->name.lookup, data->attrs,
+                                        _result);
 }
 
 static struct tevent_req *