On 08/06/2015 02:31 PM, Pavel Reichl wrote:
On 08/05/2015 02:44 PM, Pavel Březina wrote:
> On 08/05/2015 12:11 PM, Pavel Reichl wrote:
>>
>>
>> On 08/05/2015 11:34 AM, Pavel Březina wrote:
>>> On 08/04/2015 03:52 PM, Pavel Reichl wrote:
>>>> Hello,
>>>>
>>>> please see 2 simple patches attached.
>>>>
>>>> I could not find function to sanitize DN so it could be used as
>>>> part of
>>>> filter (sanitize ()*/\...) so I had to write one.
>>>>
>>>> sysdb_dn_sanitize is not the right choice,
>>>>
>>>>
sysdb_dn_sanitize("name=expired-group(2016),cn=groups,cn=LOCAL,cn=sysdb")
>>>>
>>>> ->
>>>>
"name\\3Dexpired-group(2016)\\,cn\\3Dgroups\\,cn\\3DLOCAL\\,cn\\3Dsysdb"
>>>>
>>>>
>>>> Thanks!
>>>
>>> Hi, I did just a quick read of your patches... can you take one more
>>> step with creating a sanitized dn and create a more generic function
>>> for that?
>>>
>>> Have you considered to modify sysdb_dn_sanitize to also escape
>>> parentheses (that's what is misssing, isn't it)?
>> no because sysdb_dn_sanitize escapes also ',' and '=' and I need
them to
>> stat as they are
>>
>> This is what I have:
>> "name=expired-group(2016),cn=groups,cn=LOCAL,cn=sysdb"
>> This is what I need:
>> "name=expired-group\282016\29,cn=groups,cn=LOCAL,cn=sysdb" // just
>> escape '(' and ')'
>> This is what sysdb_dn_sanitize returns:
>>
"name\\3Dexpired-group(2016)\\,cn\\3Dgroups\\,cn\\3DLOCAL\\,cn\\3Dsysdb"
>>
>> Failing filter:
>>
(&(objectClass=user)(|(memberOf=name=VDI-US02_Corporate-Environment(2013),cn=groups,cn=qut.edu.au,cn=sysdb)
>>
>>
>> Corrent filter
>>
(&(objectClass=user)(|(memberOf=name=VDI-US02_Corporate-Environment\282013\29,cn=groups,cn=qut.edu.au,cn=sysdb)
>>
>>
>>
>> I hope it's clearer now.
>
> Of course... sysdb_dn_sanitize is not supposed to be called on the
> whole dn. Just on the name part. It mean "sanitize value so it can be
> used in dn". But changing it to also escape parentheses would require
> sysdb and code update, so it is not worth it.
>
>> +static errno_t
>> +get_group_dn_with_filter_sanitized_name(TALLOC_CTX *mem_ctx,
>> + struct sss_domain_info *domain,
>> + const char *grp_name,
>> + const char **_grp_dn);
>
> Can you use group_name and _group_dn? Two characters won't kill
> anybody :-) Otherwise we can keep the code as is. I have just one
> recommendation for tests:
Sure, done.
>
>> + /* let records to expire */
>> + usleep(1100000);
>
> It will be better to expire the records manually by setting expiration
> time to zero. I'm not sure if we have already a function for that, if
> not, please write one. It may be quite useful for tests.
I agree with you and I know that you would prefer the function to be
generic and part of sysdb. But I am afraid that It would take too much
time to do it properly and we should also handle code duplication that
would be introduced to sss_cache.c. Would static function in this test
be sufficient temporal solution for now? I would also file a ticket for
proper solution. Is this OK with you?
Thanks!
Ack from me.