2 files changed, 56 insertions, 0 deletions

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 911430ee..17cd5110 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -481,6 +481,11 @@ int sysdb_get_netgroup_attr(TALLOC_CTX *mem_ctx,
                             const char **attributes,
                             struct ldb_result **res);
 
+errno_t sss_ldb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+                       struct ldb_result **_result, struct ldb_dn *base,
+                       enum ldb_scope scope, const char * const *attrs,
+                       const char *exp_fmt, ...) SSS_ATTRIBUTE_PRINTF(7, 8);
+
 /* functions that modify the databse
  * they have to be called within a transaction
  * See sysdb_transaction_send()/_recv() */
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 4d31cb6a..d16cfb92 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -74,6 +74,57 @@ static uint32_t get_attr_as_uint32(struct ldb_message *msg, const char *attr)
     return l;
 }
 
+
+/* Wrapper around ldb_search to ensure that if zero results are found then
+ * ENOENT is returned
+ */
+errno_t sss_ldb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
+                       struct ldb_result **_result, struct ldb_dn *base,
+                       enum ldb_scope scope, const char * const *attrs,
+                       const char *exp_fmt, ...)
+{
+    char *s;
+    int lret;
+    va_list ap;
+    errno_t ret;
+    TALLOC_CTX *tmp_ctx = NULL;
+
+    if (exp_fmt != NULL) {
+        tmp_ctx = talloc_new(NULL);
+        if (tmp_ctx == NULL) {
+            ret = ENOMEM;
+            goto done;
+        }
+
+        va_start(ap, exp_fmt);
+        s = talloc_vasprintf(tmp_ctx, exp_fmt, ap);
+        va_end(ap);
+
+        if (s == NULL) {
+            DEBUG(SSSDBG_MINOR_FAILURE, "Failed to process filter.\n");
+            ret = ENOMEM;
+            goto done;
+        }
+        lret = ldb_search(ldb, mem_ctx, _result, base, scope, attrs, "%s", s);
+    } else {
+        lret = ldb_search(ldb, mem_ctx, _result, base, scope, attrs, NULL);
+    }
+
+    ret = sysdb_error_to_errno(lret);
+    if (ret != EOK) {
+        goto done;
+    }
+
+    if ((*_result)->count == 0) {
+        ret = ENOENT;
+        goto done;
+    }
+
+done:
+    talloc_free(tmp_ctx);
+    return ret;
+}
+
 /*
  * The wrapper around ldb_modify that uses LDB_CONTROL_PERMISSIVE_MODIFY_OID
  * so that on adds entries that already exist are skipped and similarly