From 68cf1c69d2a19caca93d838745389f005ad66f5c Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Sun, 5 Feb 2017 20:25:23 +0100
Subject: [PATCH 162/162] SUDO: Only store lowercased attribute value once
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The current code doesn't handle the situation where lowercasing the
sudoUser attribute would yield the same value again.

For example:
    sudoUser:   TUSER
    sudoUser    tuser
would break.

This patch switches to using the utility function
sysdb_attrs_add_lower_case_string() which already checks for duplicates.

Resolves:
https://fedorahosted.org/sssd/ticket/3301

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit a5ecc93abb01cece628fdef04ebad43bba267419)
(cherry picked from commit d5ddca8b44d00b92d4a70ea90d48247635a4e1ca)
---
 src/db/sysdb_sudo.c                | 17 +++--------------
 src/tests/cmocka/test_sysdb_sudo.c |  5 +++++
 2 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index f5160f19012028f92723b9012fad85d803aa5137..97a1bee99c0255579f42cc7263d3d755429cd417 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -857,7 +857,6 @@ static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain,
 {
     TALLOC_CTX *tmp_ctx;
     const char **users = NULL;
-    const char *lowered = NULL;
     errno_t ret;
 
     if (domain->case_sensitive == true || rule == NULL) {
@@ -884,19 +883,9 @@ static errno_t sysdb_sudo_add_lowered_users(struct sss_domain_info *domain,
     }
 
     for (int i = 0; users[i] != NULL; i++) {
-        lowered = sss_tc_utf8_str_tolower(tmp_ctx, users[i]);
-        if (lowered == NULL) {
-            DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
-            ret = ENOMEM;
-            goto done;
-        }
-
-        if (strcmp(users[i], lowered) == 0) {
-            /* It protects us from adding duplicate. */
-            continue;
-        }
-
-        ret = sysdb_attrs_add_string(rule, SYSDB_SUDO_CACHE_AT_USER, lowered);
+        ret = sysdb_attrs_add_lower_case_string(rule, true,
+                                                SYSDB_SUDO_CACHE_AT_USER,
+                                                users[i]);
         if (ret != EOK) {
             DEBUG(SSSDBG_OP_FAILURE,
                   "Unable to add %s attribute [%d]: %s\n",
diff --git a/src/tests/cmocka/test_sysdb_sudo.c b/src/tests/cmocka/test_sysdb_sudo.c
index f21ff3655efbdc5b66a1fdbc24a51ec8174c3c8c..34afe120d97e99e3213a85bf7489a5e0f6309e4b 100644
--- a/src/tests/cmocka/test_sysdb_sudo.c
+++ b/src/tests/cmocka/test_sysdb_sudo.c
@@ -335,6 +335,11 @@ void test_store_sudo_case_insensitive(void **state)
 
     test_ctx->tctx->dom->case_sensitive = false;
 
+    ret = sysdb_attrs_add_lower_case_string(rule, false,
+                                            SYSDB_SUDO_CACHE_AT_USER,
+                                            users[0].name);
+    assert_int_equal(ret, EOK);
+
     ret = sysdb_sudo_store(test_ctx->tctx->dom, &rule, 1);
     assert_int_equal(ret, EOK);
 
-- 
2.9.3