On Thu, Aug 13, 2015 at 12:23:02PM +0200, Pavel Březina wrote:
On 08/06/2015 02:31 PM, Pavel Reichl wrote:
>
>On 08/05/2015 02:44 PM, Pavel Březina wrote:
>>On 08/05/2015 12:11 PM, Pavel Reichl wrote:
>>>
>>>
>>>On 08/05/2015 11:34 AM, Pavel Březina wrote:
>>>>On 08/04/2015 03:52 PM, Pavel Reichl wrote:
>>>>>Hello,
>>>>>
>>>>>please see 2 simple patches attached.
>>>>>
>>>>>I could not find function to sanitize DN so it could be used as
>>>>>part of
>>>>>filter (sanitize ()*/\...) so I had to write one.
>>>>>
>>>>> sysdb_dn_sanitize is not the right choice,
>>>>>
>>>>>sysdb_dn_sanitize("name=expired-group(2016),cn=groups,cn=LOCAL,cn=sysdb")
>>>>>
>>>>>->
>>>>>"name\\3Dexpired-group(2016)\\,cn\\3Dgroups\\,cn\\3DLOCAL\\,cn\\3Dsysdb"
>>>>>
>>>>>
>>>>>Thanks!
>>>>
>>>>Hi, I did just a quick read of your patches... can you take one more
>>>>step with creating a sanitized dn and create a more generic function
>>>>for that?
>>>>
>>>>Have you considered to modify sysdb_dn_sanitize to also escape
>>>>parentheses (that's what is misssing, isn't it)?
>>>no because sysdb_dn_sanitize escapes also ',' and '=' and I
need them to
>>>stat as they are
>>>
>>>This is what I have:
>>>"name=expired-group(2016),cn=groups,cn=LOCAL,cn=sysdb"
>>>This is what I need:
>>>"name=expired-group\282016\29,cn=groups,cn=LOCAL,cn=sysdb" //
just
>>>escape '(' and ')'
>>>This is what sysdb_dn_sanitize returns:
>>>"name\\3Dexpired-group(2016)\\,cn\\3Dgroups\\,cn\\3DLOCAL\\,cn\\3Dsysdb"
>>>
>>>Failing filter:
>>>(&(objectClass=user)(|(memberOf=name=VDI-US02_Corporate-Environment(2013),cn=groups,cn=qut.edu.au,cn=sysdb)
>>>
>>>
>>>Corrent filter
>>>(&(objectClass=user)(|(memberOf=name=VDI-US02_Corporate-Environment\282013\29,cn=groups,cn=qut.edu.au,cn=sysdb)
>>>
>>>
>>>
>>>I hope it's clearer now.
>>
>>Of course... sysdb_dn_sanitize is not supposed to be called on the
>>whole dn. Just on the name part. It mean "sanitize value so it can be
>>used in dn". But changing it to also escape parentheses would require
>>sysdb and code update, so it is not worth it.
>>
>>>+static errno_t
>>>+get_group_dn_with_filter_sanitized_name(TALLOC_CTX *mem_ctx,
>>>+ struct sss_domain_info *domain,
>>>+ const char *grp_name,
>>>+ const char **_grp_dn);
>>
>>Can you use group_name and _group_dn? Two characters won't kill
>>anybody :-) Otherwise we can keep the code as is. I have just one
>>recommendation for tests:
>Sure, done.
>>
>>>+ /* let records to expire */
>>>+ usleep(1100000);
>>
>>It will be better to expire the records manually by setting expiration
>>time to zero. I'm not sure if we have already a function for that, if
>>not, please write one. It may be quite useful for tests.
>I agree with you and I know that you would prefer the function to be
>generic and part of sysdb. But I am afraid that It would take too much
>time to do it properly and we should also handle code duplication that
>would be introduced to sss_cache.c. Would static function in this test
>be sufficient temporal solution for now? I would also file a ticket for
>proper solution. Is this OK with you?
>
>Thanks!
Ack from me.
* master:
* e2e334b2f51118cb14c7391c4e4e44ff247ef638
* 4772d3f1fe5015a25ba1fb4c3779ee3117ec6fcb