From 9efaade255e59b4a2f5cff2ab78c1db61132a40a Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Thu, 21 Jun 2018 12:27:32 +0200

Subject: [PATCH] Revert "LDAP/IPA: add local email address to aliases"

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

This reverts commit 9a310913d696d190db14c625080678db853a33fd.

Storing the e-mail address as a nameAlias was a performance optimization

to avoid having to fall back to the UPN lookup, but had the disadvantage

of returning multiple results for cases where an e-mail address is the

same as a user's fully qualified name.

Since the e-mail lookups would still work without this optimization,

just after one more lookup, let's revert the patch.

Resolves:

https://pagure.io/SSSD/sssd/issue/3607

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

(cherry picked from commit b0ec3875da281a9c29eda2cb19c1026510866d5b)

DOWNSTREAM:

Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully

---

 src/providers/ipa/ipa_s2n_exop.c | 49 --------------------------------

 src/providers/ldap/sdap_utils.c  | 22 --------------

 2 files changed, 71 deletions(-)

diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c

index 9cb735526293ff5a209d732366b86fdb95dc8679..6f3974637a08b9d70e32fb6d79724be4f6e8dbde 100644

--- a/src/providers/ipa/ipa_s2n_exop.c

+++ b/src/providers/ipa/ipa_s2n_exop.c

@@ -2118,49 +2118,6 @@ done:

     return ret;

 }

-static errno_t add_emails_to_aliases(struct sysdb_attrs *attrs,

-                                     struct sss_domain_info *dom)

-{

-    int ret;

-    const char **emails;

-    size_t c;

-    TALLOC_CTX *tmp_ctx;

-

-    tmp_ctx = talloc_new(NULL);

-    if (tmp_ctx == NULL) {

-        DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");

-        return ENOMEM;

-    }

-

-    ret = sysdb_attrs_get_string_array(attrs, SYSDB_USER_EMAIL, tmp_ctx,

-                                       &emails);

-    if (ret == EOK) {

-        for (c = 0; emails[c] != NULL; c++) {

-            if (is_email_from_domain(emails[c], dom)) {

-                ret = sysdb_attrs_add_lc_name_alias_safe(attrs, emails[c]);

-                if (ret != EOK) {

-                    DEBUG(SSSDBG_OP_FAILURE,

-                          "Failed to add lower-cased version of email [%s] "

-                          "into the alias list\n", emails[c]);

-                    goto done;

-                }

-            }

-        }

-    } else if (ret == ENOENT) {

-        DEBUG(SSSDBG_TRACE_ALL, "No email addresses available.\n");

-    } else {

-        DEBUG(SSSDBG_OP_FAILURE,

-              "sysdb_attrs_get_string_array failed, skipping ...\n");

-    }

-

-    ret = EOK;

-

-done:

-    talloc_free(tmp_ctx);

-

-    return ret;

-}

-

 static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,

                                     struct req_input *req_input,

                                     struct resp_attrs *attrs,

@@ -2314,12 +2271,6 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,

                 goto done;

             }

-            ret = add_emails_to_aliases(attrs->sysdb_attrs, dom);

-            if (ret != EOK) {

-                DEBUG(SSSDBG_OP_FAILURE,

-                      "add_emails_to_aliases failed, skipping ...\n");

-            }

-

             if (upn == NULL) {

                 /* We also have to store a fake UPN here, because otherwise the

                  * krb5 child later won't be able to properly construct one as

diff --git a/src/providers/ldap/sdap_utils.c b/src/providers/ldap/sdap_utils.c

index 0ac3ab2e416d887d00480b5123859c611f514274..6d543101f06ce3cd3925a675af6cabdacb8ebcaa 100644

--- a/src/providers/ldap/sdap_utils.c

+++ b/src/providers/ldap/sdap_utils.c

@@ -87,7 +87,6 @@ sdap_save_all_names(const char *name,

     int i;

     bool lowercase = !dom->case_sensitive;

     bool store_as_fqdn;

-    const char **emails;

     switch (entry_type) {

     case SYSDB_MEMBER_USER:

@@ -144,27 +143,6 @@ sdap_save_all_names(const char *name,

     }

-    ret = sysdb_attrs_get_string_array(ldap_attrs, SYSDB_USER_EMAIL, tmp_ctx,

-                                       &emails);

-    if (ret == EOK) {

-        for (i = 0; emails[i] != NULL; i++) {

-            if (is_email_from_domain(emails[i], dom)) {

-                ret = sysdb_attrs_add_lc_name_alias_safe(attrs, emails[i]);

-                if (ret) {

-                    DEBUG(SSSDBG_OP_FAILURE,

-                          "Failed to add lower-cased version of email [%s] "

-                          "into the alias list\n", emails[i]);

-                    goto done;

-                }

-            }

-        }

-    } else if (ret == ENOENT) {

-        DEBUG(SSSDBG_TRACE_ALL, "No email addresses available.\n");

-    } else {

-        DEBUG(SSSDBG_OP_FAILURE,

-              "sysdb_attrs_get_string_array failed, skipping ...\n");

-    }

-

     ret = EOK;

 done:

     talloc_free(tmp_ctx);

-- 

2.17.1