On (06/08/15 14:31), Pavel Reichl wrote:
On 08/05/2015 02:44 PM, Pavel Březina wrote:
>On 08/05/2015 12:11 PM, Pavel Reichl wrote:
>>On 08/05/2015 11:34 AM, Pavel Březina wrote:
>>>On 08/04/2015 03:52 PM, Pavel Reichl wrote:
>>>>please see 2 simple patches attached.
>>>>I could not find function to sanitize DN so it could be used as part
>>>>filter (sanitize ()*/\...) so I had to write one.
>>>> sysdb_dn_sanitize is not the right choice,
>>>Hi, I did just a quick read of your patches... can you take one more
>>>step with creating a sanitized dn and create a more generic function
>>>Have you considered to modify sysdb_dn_sanitize to also escape
>>>parentheses (that's what is misssing, isn't it)?
>>no because sysdb_dn_sanitize escapes also ',' and '=' and I need
>>stat as they are
>>This is what I have:
>>This is what I need:
>>"name=expired-group\282016\29,cn=groups,cn=LOCAL,cn=sysdb" // just
>>escape '(' and ')'
>>This is what sysdb_dn_sanitize returns:
>>I hope it's clearer now.
>Of course... sysdb_dn_sanitize is not supposed to be called on the whole
>dn. Just on the name part. It mean "sanitize value so it can be used in
>dn". But changing it to also escape parentheses would require sysdb and
>code update, so it is not worth it.
>>+ struct sss_domain_info *domain,
>>+ const char *grp_name,
>>+ const char **_grp_dn);
>Can you use group_name and _group_dn? Two characters won't kill anybody :-)
>Otherwise we can keep the code as is. I have just one recommendation for
>>+ /* let records to expire */
>It will be better to expire the records manually by setting expiration time
>to zero. I'm not sure if we have already a function for that, if not,
>please write one. It may be quite useful for tests.
I agree with you and I know that you would prefer the function to be generic
and part of sysdb. But I am afraid that It would take too much time to do it
properly and we should also handle code duplication that would be introduced
to sss_cache.c. Would static function in this test be sufficient temporal
solution for now? I would also file a ticket for proper solution. Is this OK
I didn't try but I have an idea.
sysdb_group_dn calls sysdb_dn_sanitize to sanitize name and then
it creates "struct ldb_dn".
It might be goot to try use sysdb_group_dn + convert dn to string.
I hope it should be properly escaped.