[ipfire-3.x.git] / sssd / patches / 0017-SYSDB-Split-sysdb_try_to_find_expected_dn-into-small.patch

From e6c3d9e680eab264777348389b4bcda73bd5ba6d Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 28 Oct 2016 13:46:02 +0200
Subject: [PATCH 17/39] SYSDB: Split sysdb_try_to_find_expected_dn() into
 smaller functions

The function sysdb_try_to_find_expected_dn was performing several matching
algorithms and thus it was getting big and hard to extend. This patch
doesn't contain any functional changes, only shuffles the code around
and splits the monolithic sysdb_try_to_find_expected_dn function into
smaller blocks.

Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit e5a984093ad7921c83da75272cede2b0e52ba2d6)
(cherry picked from commit 3f3dc8c737a8e8cfc4a29d7dbaf526ec3973c7a0)
---
 src/db/sysdb_subdomains.c | 278 +++++++++++++++++++++++++++++-----------------
 1 file changed, 179 insertions(+), 99 deletions(-)

diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index ff83f914f..b011bad6c 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -1145,74 +1145,29 @@ done:
     return ret;
 }
 
-errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom,
-                                      const char *domain_component_name,
-                                      struct sysdb_attrs **usr_attrs,
-                                      size_t count,
-                                      struct sysdb_attrs **exp_usr)
+static errno_t match_cn_users(TALLOC_CTX *tmp_ctx,
+                              struct sysdb_attrs **usr_attrs,
+                              size_t count,
+                              const char *dom_basedn,
+                              struct sysdb_attrs **_result)
 {
-    char *dom_basedn;
-    size_t dom_basedn_len;
-    char *expected_basedn;
-    size_t expected_basedn_len;
-    size_t dn_len;
+    errno_t ret;
     const char *orig_dn;
-    size_t c = 0;
-    int ret;
-    TALLOC_CTX *tmp_ctx;
-    struct ldb_context *ldb_ctx;
-    struct ldb_dn *ldb_dom_basedn;
-    int dom_basedn_comp_num;
-    struct ldb_dn *ldb_dn;
-    int dn_comp_num;
-    const char *component_name;
+    size_t dn_len;
     struct sysdb_attrs *result = NULL;
     const char *result_dn_str = NULL;
+    char *cn_users_basedn;
+    size_t cn_users_basedn_len;
 
-    if (dom == NULL || domain_component_name == NULL || usr_attrs == NULL
-            || count == 0) {
-        return EINVAL;
-    }
-
-    tmp_ctx = talloc_new(NULL);
-    if (tmp_ctx == NULL) {
-        DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
-        return ENOMEM;
-    }
-
-    ret = domain_to_basedn(tmp_ctx, dom->name, &dom_basedn);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_OP_FAILURE, "domain_to_basedn failed.\n");
-        goto done;
-    }
-    expected_basedn = talloc_asprintf(tmp_ctx, "%s%s", "cn=users,", dom_basedn);
-    if (expected_basedn == NULL) {
-        ret = ENOMEM;
-        goto done;
-    }
-
-    ldb_ctx = sysdb_ctx_get_ldb(dom->sysdb);
-    if (ldb_ctx == NULL) {
-        DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n");
-        ret = EINVAL;
-        goto done;
-    }
-
-    ldb_dom_basedn = ldb_dn_new(tmp_ctx, ldb_ctx, dom_basedn);
-    if (ldb_dom_basedn == NULL) {
-        DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
+    cn_users_basedn = talloc_asprintf(tmp_ctx, "%s%s", "cn=users,", dom_basedn);
+    if (cn_users_basedn == NULL) {
         ret = ENOMEM;
         goto done;
     }
+    cn_users_basedn_len = strlen(cn_users_basedn);
+    DEBUG(SSSDBG_TRACE_ALL, "cn=users baseDN is [%s].\n", cn_users_basedn);
 
-    dom_basedn_comp_num = ldb_dn_get_comp_num(ldb_dom_basedn);
-    dom_basedn_comp_num++;
-
-    DEBUG(SSSDBG_TRACE_ALL, "Expected BaseDN is [%s].\n", expected_basedn);
-    expected_basedn_len = strlen(expected_basedn);
-    dom_basedn_len = strlen(dom_basedn);
-
-    for (c = 0; c < count; c++) {
+    for (size_t c = 0; c < count; c++) {
         ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn);
         if (ret != EOK) {
             DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
@@ -1220,9 +1175,9 @@ errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom,
         }
         dn_len = strlen(orig_dn);
 
-        if (dn_len > expected_basedn_len
-                && strcasecmp(orig_dn + (dn_len - expected_basedn_len),
-                              expected_basedn) == 0) {
+        if (dn_len > cn_users_basedn_len
+                && strcasecmp(orig_dn + (dn_len - cn_users_basedn_len),
+                              cn_users_basedn) == 0) {
             DEBUG(SSSDBG_TRACE_ALL,
                   "Found matching dn [%s].\n", orig_dn);
             if (result != NULL) {
@@ -1237,52 +1192,177 @@ errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom,
         }
     }
 
-    if (result == NULL) {
-        for (c = 0; c < count; c++) {
-            ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn);
-            if (ret != EOK) {
-                DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
+    ret = EOK;
+done:
+    *_result = result;
+    return ret;
+}
+
+static errno_t match_non_dc_comp(TALLOC_CTX *tmp_ctx,
+                                 struct sss_domain_info *dom,
+                                 struct sysdb_attrs **usr_attrs,
+                                 size_t count,
+                                 struct ldb_dn *ldb_basedn,
+                                 const char *basedn,
+                                 const char *domain_component_name,
+                                 struct sysdb_attrs **_result)
+{
+    errno_t ret;
+    const char *orig_dn;
+    size_t orig_dn_len;
+    size_t basedn_len;
+    struct ldb_context *ldb_ctx;
+    struct ldb_dn *ldb_orig_dn;
+    int dn_comp_num;
+    int basedn_comp_num;
+    const char *component_name;
+    struct sysdb_attrs *result = NULL;
+    const char *result_dn_str = NULL;
+
+    ldb_ctx = sysdb_ctx_get_ldb(dom->sysdb);
+    if (ldb_ctx == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n");
+        ret = EINVAL;
+        goto done;
+    }
+
+    basedn_len = strlen(basedn);
+
+    basedn_comp_num = ldb_dn_get_comp_num(ldb_basedn);
+    basedn_comp_num++;
+
+    for (size_t c = 0; c < count; c++) {
+        ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
+            goto done;
+        }
+        orig_dn_len = strlen(orig_dn);
+
+        if (orig_dn_len > basedn_len
+                /* Does the user's original DN with the non-domain part
+                 * stripped match the domain base DN?
+                 */
+                && strcasecmp(orig_dn + (orig_dn_len - basedn_len),
+                              basedn) == 0) {
+            ldb_orig_dn = ldb_dn_new(tmp_ctx, ldb_ctx, orig_dn);
+            if (ldb_orig_dn == NULL) {
+                DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed");
+                ret = ENOMEM;
                 goto done;
             }
-            dn_len = strlen(orig_dn);
-
-            if (dn_len > dom_basedn_len
-                    && strcasecmp(orig_dn + (dn_len - dom_basedn_len),
-                                  dom_basedn) == 0) {
-                ldb_dn = ldb_dn_new(tmp_ctx, ldb_ctx, orig_dn);
-                if (ldb_dn == NULL) {
-                    DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed");
-                    ret = ENOMEM;
-                    goto done;
-                }
 
-                dn_comp_num = ldb_dn_get_comp_num(ldb_dn);
-                if (dn_comp_num > dom_basedn_comp_num) {
-                    component_name = ldb_dn_get_component_name(ldb_dn,
-                                           (dn_comp_num - dom_basedn_comp_num));
-                    DEBUG(SSSDBG_TRACE_ALL, "Comparing [%s] and [%s].\n",
-                                            component_name,
-                                            domain_component_name);
-                    if (component_name != NULL
-                            && strcasecmp(component_name,
-                                          domain_component_name) != 0) {
-                        DEBUG(SSSDBG_TRACE_ALL,
-                              "Found matching dn [%s].\n", orig_dn);
-                        if (result != NULL) {
-                            DEBUG(SSSDBG_OP_FAILURE,
-                                 "Found 2 matching DN [%s] and [%s], "
-                                 "expecting only 1.\n", result_dn_str, orig_dn);
-                            ret = EINVAL;
-                            goto done;
-                        }
-                        result = usr_attrs[c];
-                        result_dn_str = orig_dn;
+            dn_comp_num = ldb_dn_get_comp_num(ldb_orig_dn);
+            if (dn_comp_num > basedn_comp_num) {
+                component_name = ldb_dn_get_component_name(ldb_orig_dn,
+                        (dn_comp_num - basedn_comp_num));
+                DEBUG(SSSDBG_TRACE_ALL, "Comparing [%s] and [%s].\n",
+                      component_name,
+                      domain_component_name);
+                /* If the component is NOT a DC component, then the entry
+                 * must come from our domain, perhaps from a child container.
+                 * If it matched the DC component, the entry was from a child
+                 * subdomain different from this one.
+                 */
+                if (component_name != NULL
+                        && strcasecmp(component_name,
+                                      domain_component_name) != 0) {
+                    DEBUG(SSSDBG_TRACE_ALL,
+                            "Found matching dn [%s].\n", orig_dn);
+                    if (result != NULL) {
+                        DEBUG(SSSDBG_OP_FAILURE,
+                                "Found 2 matching DN [%s] and [%s], "
+                                "expecting only 1.\n", result_dn_str, orig_dn);
+                        ret = EINVAL;
+                        goto done;
                     }
+                    result = usr_attrs[c];
+                    result_dn_str = orig_dn;
                 }
             }
         }
     }
 
+    ret = EOK;
+    *_result = result;
+done:
+    return ret;
+}
+
+static errno_t match_basedn(TALLOC_CTX *tmp_ctx,
+                            struct sss_domain_info *dom,
+                            struct sysdb_attrs **usr_attrs,
+                            size_t count,
+                            const char *dom_basedn,
+                            const char *domain_component_name,
+                            struct sysdb_attrs **_result)
+{
+    struct ldb_context *ldb_ctx;
+    struct ldb_dn *ldb_dom_basedn;
+
+    ldb_ctx = sysdb_ctx_get_ldb(dom->sysdb);
+    if (ldb_ctx == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n");
+        return EINVAL;
+    }
+
+
+    ldb_dom_basedn = ldb_dn_new(tmp_ctx, ldb_ctx, dom_basedn);
+    if (ldb_dom_basedn == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
+        return ENOMEM;
+    }
+
+    return match_non_dc_comp(tmp_ctx, dom,
+                             usr_attrs, count,
+                             ldb_dom_basedn, dom_basedn,
+                             domain_component_name,
+                             _result);
+}
+
+errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom,
+                                      const char *domain_component_name,
+                                      struct sysdb_attrs **usr_attrs,
+                                      size_t count,
+                                      struct sysdb_attrs **exp_usr)
+{
+    char *dom_basedn;
+    int ret;
+    TALLOC_CTX *tmp_ctx;
+    struct sysdb_attrs *result = NULL;
+
+    if (dom == NULL || domain_component_name == NULL
+            || usr_attrs == NULL || count == 0) {
+        return EINVAL;
+    }
+
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
+        return ENOMEM;
+    }
+
+    ret = domain_to_basedn(tmp_ctx, dom->name, &dom_basedn);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, "domain_to_basedn failed.\n");
+        ret = EINVAL;
+        goto done;
+    }
+
+    ret = match_cn_users(tmp_ctx, usr_attrs, count, dom_basedn, &result);
+    if (ret != EOK) {
+        goto done;
+    }
+
+    if (result == NULL) {
+        ret = match_basedn(tmp_ctx, dom, usr_attrs,
+                           count, dom_basedn, domain_component_name,
+                           &result);
+        if (ret != EOK) {
+            goto done;
+        }
+    }
+
     if (result == NULL) {
         DEBUG(SSSDBG_OP_FAILURE, "No matching DN found.\n");
         ret = ENOENT;
-- 
2.11.0
Commit	Line	Data
92ae11e3 SS	1	From e6c3d9e680eab264777348389b4bcda73bd5ba6d Mon Sep 17 00:00:00 2001
	2	From: Jakub Hrozek <jhrozek@redhat.com>
	3	Date: Fri, 28 Oct 2016 13:46:02 +0200
	4	Subject: [PATCH 17/39] SYSDB: Split sysdb_try_to_find_expected_dn() into
	5	smaller functions
	6
	7	The function sysdb_try_to_find_expected_dn was performing several matching
	8	algorithms and thus it was getting big and hard to extend. This patch
	9	doesn't contain any functional changes, only shuffles the code around
	10	and splits the monolithic sysdb_try_to_find_expected_dn function into
	11	smaller blocks.
	12
	13	Reviewed-by: Sumit Bose <sbose@redhat.com>
	14	(cherry picked from commit e5a984093ad7921c83da75272cede2b0e52ba2d6)
	15	(cherry picked from commit 3f3dc8c737a8e8cfc4a29d7dbaf526ec3973c7a0)
	16	---
	17	src/db/sysdb_subdomains.c \| 278 +++++++++++++++++++++++++++++-----------------
	18	1 file changed, 179 insertions(+), 99 deletions(-)
	19
	20	diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
	21	index ff83f914f..b011bad6c 100644
	22	--- a/src/db/sysdb_subdomains.c
	23	+++ b/src/db/sysdb_subdomains.c
	24	@@ -1145,74 +1145,29 @@ done:
	25	return ret;
	26	}
	27
	28	-errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom,
	29	- const char *domain_component_name,
	30	- struct sysdb_attrs **usr_attrs,
	31	- size_t count,
	32	- struct sysdb_attrs **exp_usr)
	33	+static errno_t match_cn_users(TALLOC_CTX *tmp_ctx,
	34	+ struct sysdb_attrs **usr_attrs,
	35	+ size_t count,
	36	+ const char *dom_basedn,
	37	+ struct sysdb_attrs **_result)
	38	{
	39	- char *dom_basedn;
	40	- size_t dom_basedn_len;
	41	- char *expected_basedn;
	42	- size_t expected_basedn_len;
	43	- size_t dn_len;
	44	+ errno_t ret;
	45	const char *orig_dn;
	46	- size_t c = 0;
	47	- int ret;
	48	- TALLOC_CTX *tmp_ctx;
	49	- struct ldb_context *ldb_ctx;
	50	- struct ldb_dn *ldb_dom_basedn;
	51	- int dom_basedn_comp_num;
	52	- struct ldb_dn *ldb_dn;
	53	- int dn_comp_num;
	54	- const char *component_name;
	55	+ size_t dn_len;
	56	struct sysdb_attrs *result = NULL;
	57	const char *result_dn_str = NULL;
	58	+ char *cn_users_basedn;
	59	+ size_t cn_users_basedn_len;
	60
	61	- if (dom == NULL \|\| domain_component_name == NULL \|\| usr_attrs == NULL
	62	- \|\| count == 0) {
	63	- return EINVAL;
	64	- }
65	-
66	- tmp_ctx = talloc_new(NULL);
67	- if (tmp_ctx == NULL) {
68	- DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
69	- return ENOMEM;
70	- }
71	-
72	- ret = domain_to_basedn(tmp_ctx, dom->name, &dom_basedn);
73	- if (ret != EOK) {
74	- DEBUG(SSSDBG_OP_FAILURE, "domain_to_basedn failed.\n");
75	- goto done;
76	- }
77	- expected_basedn = talloc_asprintf(tmp_ctx, "%s%s", "cn=users,", dom_basedn);
78	- if (expected_basedn == NULL) {
79	- ret = ENOMEM;
80	- goto done;
81	- }
82	-
83	- ldb_ctx = sysdb_ctx_get_ldb(dom->sysdb);
84	- if (ldb_ctx == NULL) {
85	- DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n");
86	- ret = EINVAL;
87	- goto done;
88	- }
89	-
90	- ldb_dom_basedn = ldb_dn_new(tmp_ctx, ldb_ctx, dom_basedn);
91	- if (ldb_dom_basedn == NULL) {
92	- DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
93	+ cn_users_basedn = talloc_asprintf(tmp_ctx, "%s%s", "cn=users,", dom_basedn);
94	+ if (cn_users_basedn == NULL) {
95	ret = ENOMEM;
96	goto done;
97	}
98	+ cn_users_basedn_len = strlen(cn_users_basedn);
99	+ DEBUG(SSSDBG_TRACE_ALL, "cn=users baseDN is [%s].\n", cn_users_basedn);
100
101	- dom_basedn_comp_num = ldb_dn_get_comp_num(ldb_dom_basedn);
102	- dom_basedn_comp_num++;
103	-
104	- DEBUG(SSSDBG_TRACE_ALL, "Expected BaseDN is [%s].\n", expected_basedn);
105	- expected_basedn_len = strlen(expected_basedn);
106	- dom_basedn_len = strlen(dom_basedn);
107	-
108	- for (c = 0; c < count; c++) {
109	+ for (size_t c = 0; c < count; c++) {
110	ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn);
111	if (ret != EOK) {
112	DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
113	@@ -1220,9 +1175,9 @@ errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom,
114	}
115	dn_len = strlen(orig_dn);
116
117	- if (dn_len > expected_basedn_len
118	- && strcasecmp(orig_dn + (dn_len - expected_basedn_len),
119	- expected_basedn) == 0) {
120	+ if (dn_len > cn_users_basedn_len
121	+ && strcasecmp(orig_dn + (dn_len - cn_users_basedn_len),
122	+ cn_users_basedn) == 0) {
123	DEBUG(SSSDBG_TRACE_ALL,
124	"Found matching dn [%s].\n", orig_dn);
125	if (result != NULL) {
126	@@ -1237,52 +1192,177 @@ errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom,
127	}
128	}
129
130	- if (result == NULL) {
131	- for (c = 0; c < count; c++) {
132	- ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn);
133	- if (ret != EOK) {
134	- DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
135	+ ret = EOK;
136	+done:
137	+ *_result = result;
138	+ return ret;
139	+}
140	+
141	+static errno_t match_non_dc_comp(TALLOC_CTX *tmp_ctx,
142	+ struct sss_domain_info *dom,
143	+ struct sysdb_attrs **usr_attrs,
144	+ size_t count,
145	+ struct ldb_dn *ldb_basedn,
146	+ const char *basedn,
147	+ const char *domain_component_name,
148	+ struct sysdb_attrs **_result)
149	+{
150	+ errno_t ret;
151	+ const char *orig_dn;
152	+ size_t orig_dn_len;
153	+ size_t basedn_len;
154	+ struct ldb_context *ldb_ctx;
155	+ struct ldb_dn *ldb_orig_dn;
156	+ int dn_comp_num;
157	+ int basedn_comp_num;
158	+ const char *component_name;
159	+ struct sysdb_attrs *result = NULL;
160	+ const char *result_dn_str = NULL;
161	+
162	+ ldb_ctx = sysdb_ctx_get_ldb(dom->sysdb);
163	+ if (ldb_ctx == NULL) {
164	+ DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n");
165	+ ret = EINVAL;
166	+ goto done;
167	+ }
168	+
169	+ basedn_len = strlen(basedn);
170	+
171	+ basedn_comp_num = ldb_dn_get_comp_num(ldb_basedn);
172	+ basedn_comp_num++;
173	+
174	+ for (size_t c = 0; c < count; c++) {
175	+ ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn);
176	+ if (ret != EOK) {
177	+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
178	+ goto done;
179	+ }
180	+ orig_dn_len = strlen(orig_dn);
181	+
182	+ if (orig_dn_len > basedn_len
183	+ /* Does the user's original DN with the non-domain part
184	+ * stripped match the domain base DN?
185	+ */
186	+ && strcasecmp(orig_dn + (orig_dn_len - basedn_len),
187	+ basedn) == 0) {
188	+ ldb_orig_dn = ldb_dn_new(tmp_ctx, ldb_ctx, orig_dn);
189	+ if (ldb_orig_dn == NULL) {
190	+ DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed");
191	+ ret = ENOMEM;
192	goto done;
193	}
194	- dn_len = strlen(orig_dn);
195	-
196	- if (dn_len > dom_basedn_len
197	- && strcasecmp(orig_dn + (dn_len - dom_basedn_len),
198	- dom_basedn) == 0) {
199	- ldb_dn = ldb_dn_new(tmp_ctx, ldb_ctx, orig_dn);
200	- if (ldb_dn == NULL) {
201	- DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed");
202	- ret = ENOMEM;
203	- goto done;
204	- }
205
206	- dn_comp_num = ldb_dn_get_comp_num(ldb_dn);
207	- if (dn_comp_num > dom_basedn_comp_num) {
208	- component_name = ldb_dn_get_component_name(ldb_dn,
209	- (dn_comp_num - dom_basedn_comp_num));
210	- DEBUG(SSSDBG_TRACE_ALL, "Comparing [%s] and [%s].\n",
211	- component_name,
212	- domain_component_name);
213	- if (component_name != NULL
214	- && strcasecmp(component_name,
215	- domain_component_name) != 0) {
216	- DEBUG(SSSDBG_TRACE_ALL,
217	- "Found matching dn [%s].\n", orig_dn);
218	- if (result != NULL) {
219	- DEBUG(SSSDBG_OP_FAILURE,
220	- "Found 2 matching DN [%s] and [%s], "
221	- "expecting only 1.\n", result_dn_str, orig_dn);
222	- ret = EINVAL;
223	- goto done;
224	- }
225	- result = usr_attrs[c];
226	- result_dn_str = orig_dn;
227	+ dn_comp_num = ldb_dn_get_comp_num(ldb_orig_dn);
228	+ if (dn_comp_num > basedn_comp_num) {
229	+ component_name = ldb_dn_get_component_name(ldb_orig_dn,
230	+ (dn_comp_num - basedn_comp_num));
231	+ DEBUG(SSSDBG_TRACE_ALL, "Comparing [%s] and [%s].\n",
232	+ component_name,
233	+ domain_component_name);
234	+ /* If the component is NOT a DC component, then the entry
235	+ * must come from our domain, perhaps from a child container.
236	+ * If it matched the DC component, the entry was from a child
237	+ * subdomain different from this one.
238	+ */
239	+ if (component_name != NULL
240	+ && strcasecmp(component_name,
241	+ domain_component_name) != 0) {
242	+ DEBUG(SSSDBG_TRACE_ALL,
243	+ "Found matching dn [%s].\n", orig_dn);
244	+ if (result != NULL) {
245	+ DEBUG(SSSDBG_OP_FAILURE,
246	+ "Found 2 matching DN [%s] and [%s], "
247	+ "expecting only 1.\n", result_dn_str, orig_dn);
248	+ ret = EINVAL;
249	+ goto done;
250	}
251	+ result = usr_attrs[c];
252	+ result_dn_str = orig_dn;
253	}
254	}
255	}
256	}
257
258	+ ret = EOK;
259	+ *_result = result;
260	+done:
261	+ return ret;
262	+}
263	+
264	+static errno_t match_basedn(TALLOC_CTX *tmp_ctx,
265	+ struct sss_domain_info *dom,
266	+ struct sysdb_attrs **usr_attrs,
267	+ size_t count,
268	+ const char *dom_basedn,
269	+ const char *domain_component_name,
270	+ struct sysdb_attrs **_result)
271	+{
272	+ struct ldb_context *ldb_ctx;
273	+ struct ldb_dn *ldb_dom_basedn;
274	+
275	+ ldb_ctx = sysdb_ctx_get_ldb(dom->sysdb);
276	+ if (ldb_ctx == NULL) {
277	+ DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n");
278	+ return EINVAL;
279	+ }
280	+
281	+
282	+ ldb_dom_basedn = ldb_dn_new(tmp_ctx, ldb_ctx, dom_basedn);
283	+ if (ldb_dom_basedn == NULL) {
284	+ DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
285	+ return ENOMEM;
286	+ }
287	+
288	+ return match_non_dc_comp(tmp_ctx, dom,
289	+ usr_attrs, count,
290	+ ldb_dom_basedn, dom_basedn,
291	+ domain_component_name,
292	+ _result);
293	+}
294	+
295	+errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom,
296	+ const char *domain_component_name,
297	+ struct sysdb_attrs **usr_attrs,
298	+ size_t count,
299	+ struct sysdb_attrs **exp_usr)
300	+{
301	+ char *dom_basedn;
302	+ int ret;
303	+ TALLOC_CTX *tmp_ctx;
304	+ struct sysdb_attrs *result = NULL;
305	+
306	+ if (dom == NULL \|\| domain_component_name == NULL
307	+ \|\| usr_attrs == NULL \|\| count == 0) {
308	+ return EINVAL;
309	+ }
310	+
311	+ tmp_ctx = talloc_new(NULL);
312	+ if (tmp_ctx == NULL) {
313	+ DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
314	+ return ENOMEM;
315	+ }
316	+
317	+ ret = domain_to_basedn(tmp_ctx, dom->name, &dom_basedn);
318	+ if (ret != EOK) {
319	+ DEBUG(SSSDBG_OP_FAILURE, "domain_to_basedn failed.\n");
320	+ ret = EINVAL;
321	+ goto done;
322	+ }
323	+
324	+ ret = match_cn_users(tmp_ctx, usr_attrs, count, dom_basedn, &result);
325	+ if (ret != EOK) {
326	+ goto done;
327	+ }
328	+
329	+ if (result == NULL) {
330	+ ret = match_basedn(tmp_ctx, dom, usr_attrs,
331	+ count, dom_basedn, domain_component_name,
332	+ &result);
333	+ if (ret != EOK) {
334	+ goto done;
335	+ }
336	+ }
337	+
338	if (result == NULL) {
339	DEBUG(SSSDBG_OP_FAILURE, "No matching DN found.\n");
340	ret = ENOENT;
341	--
342	2.11.0
343