From 0e69b0fca08a1e35eb50232bfaa10094101ea801 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 10 Dec 2015 15:10:37 +0100
Subject: [PATCH 21/49] SDAP: use ipa_get_rdn() in nested groups

Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit a6dd4a6c55773e81490dcafd61d4b9782705e9bf)
---
 Makefile.am                                   |  2 +
 src/providers/ldap/sdap_async_nested_groups.c | 80 +++------------------------
 2 files changed, 11 insertions(+), 71 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 6efb5ea7f81642292b39a44e7e2029a2757e47ea..59632f59f26f6d113de3398856e2ef0015d4ad16 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2092,6 +2092,7 @@ nestedgroups_tests_SOURCES = \
     src/tests/cmocka/common_mock_be.c \
     src/providers/ldap/sdap_async_nested_groups.c \
     src/providers/ldap/sdap_ad_groups.c \
+    src/providers/ipa/ipa_dn.c \
     $(NULL)
 nestedgroups_tests_CFLAGS = \
     $(AM_CFLAGS) \
@@ -2860,6 +2861,7 @@ libsss_ldap_common_la_SOURCES = \
     src/providers/ldap/sdap_domain.c \
     src/providers/ldap/sdap_ops.c \
     src/providers/ldap/sdap.c \
+    src/providers/ipa/ipa_dn.c \
     src/util/user_info_msg.c \
     src/util/sss_ldap.c \
     $(NULL)
diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c
index af25430eacd4de7ea2e2872b0d9e34c8515c22db..9d715225243d8672850563473bd3938d4cc5db6b 100644
--- a/src/providers/ldap/sdap_async_nested_groups.c
+++ b/src/providers/ldap/sdap_async_nested_groups.c
@@ -35,6 +35,7 @@
 #include "providers/ldap/sdap_async.h"
 #include "providers/ldap/sdap_async_private.h"
 #include "providers/ldap/sdap_idmap.h"
+#include "providers/ipa/ipa_dn.h"
 
 #define sdap_nested_group_sysdb_search_users(domain, filter) \
     sdap_nested_group_sysdb_search((domain), (filter), true)
@@ -1417,96 +1418,33 @@ static errno_t sdap_nested_group_single_recv(struct tevent_req *req)
     return EOK;
 }
 
-/* This should be a function pointer set from the IPA provider */
 static errno_t sdap_nested_group_get_ipa_user(TALLOC_CTX *mem_ctx,
                                               const char *user_dn,
                                               struct sysdb_ctx *sysdb,
                                               struct sysdb_attrs **_user)
 {
-    errno_t ret;
-    struct sysdb_attrs *user = NULL;
-    char *name;
-    struct ldb_dn *dn = NULL;
-    const char *rdn_name;
-    const char *users_comp_name;
-    const char *acct_comp_name;
-    const struct ldb_val *rdn_val;
-    const struct ldb_val *users_comp_val;
-    const struct ldb_val *acct_comp_val;
     TALLOC_CTX *tmp_ctx;
+    struct sysdb_attrs *user;
+    char *name;
+    errno_t ret;
 
     tmp_ctx = talloc_new(NULL);
-    if (!tmp_ctx) return ENOMEM;
-
-    /* return username if dn is in form:
-     * uid=username,cn=users,cn=accounts,dc=example,dc=com */
-
-    dn = ldb_dn_new(tmp_ctx, sysdb_ctx_get_ldb(sysdb), user_dn);
-    if (dn == NULL) {
-        ret = ENOMEM;
-        goto done;
-    }
-
-    /* rdn, users, accounts and least one domain component */
-    if (ldb_dn_get_comp_num(dn) < 4) {
-        ret = ENOENT;
-        goto done;
-    }
-
-    rdn_name = ldb_dn_get_rdn_name(dn);
-    if (rdn_name == NULL) {
-        ret = EINVAL;
-        goto done;
-    }
-
-    /* rdn must be 'uid' */
-    if (strcasecmp("uid", rdn_name) != 0) {
-        ret = ENOENT;
-        goto done;
-    }
-
-    /* second component must be 'cn=users' */
-    users_comp_name = ldb_dn_get_component_name(dn, 1);
-    if (strcasecmp("cn", users_comp_name) != 0) {
-        ret = ENOENT;
-        goto done;
-    }
-
-    users_comp_val = ldb_dn_get_component_val(dn, 1);
-    if (strncasecmp("users", (const char *) users_comp_val->data,
-                    users_comp_val->length) != 0) {
-        ret = ENOENT;
-        goto done;
-    }
-
-    /* third component must be 'cn=accounts' */
-    acct_comp_name = ldb_dn_get_component_name(dn, 2);
-    if (strcasecmp("cn", acct_comp_name) != 0) {
-        ret = ENOENT;
-        goto done;
+    if (tmp_ctx == NULL) {
+        return ENOMEM;
     }
 
-    acct_comp_val = ldb_dn_get_component_val(dn, 2);
-    if (strncasecmp("accounts", (const char *) acct_comp_val->data,
-                    acct_comp_val->length) != 0) {
-        ret = ENOENT;
+    ret = ipa_get_rdn(tmp_ctx, sysdb, user_dn, &name, "uid",
+                      "cn", "users", "cn", "accounts");
+    if (ret != EOK) {
         goto done;
     }
 
-    /* value of rdn is username */
     user = sysdb_new_attrs(tmp_ctx);
     if (user == NULL) {
         ret = ENOMEM;
         goto done;
     }
 
-    rdn_val = ldb_dn_get_rdn_val(dn);
-    name = talloc_strndup(user, (const char *)rdn_val->data, rdn_val->length);
-    if (name == NULL) {
-        ret = ENOMEM;
-        goto done;
-    }
-
     ret = sysdb_attrs_add_string(user, SYSDB_NAME, name);
     if (ret != EOK) {
         goto done;
-- 
2.5.0