From 0e5d9f481daeeaecefeb68cdc03e45a11dfd7091 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 7 Nov 2017 17:03:13 +0100
Subject: [PATCH 68/83] SDAP: Split out utility function
 sdap_get_object_domain() from sdap_object_in_domain()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The DP request that returns a domain of an entry to responder will need
this functionality in order to map the original DN of the entry found
to a domain name.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 37fdd9dc1ad5968067f8e3c43a51ed2ac9f3b104)
---
 src/providers/ldap/sdap.c | 26 ++++++++++++++++++++------
 src/providers/ldap/sdap.h |  4 ++++
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index b6b1c91cb7507ebb95cd559634a77ed44dfb5fc0..59d24fed53cc35751b5c24679e247a42f82e1d0a 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -1673,9 +1673,9 @@ char *sdap_make_oc_list(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map)
     }
 }
 
-bool sdap_object_in_domain(struct sdap_options *opts,
-                           struct sysdb_attrs *obj,
-                           struct sss_domain_info *dom)
+struct sss_domain_info *sdap_get_object_domain(struct sdap_options *opts,
+                                               struct sysdb_attrs *obj,
+                                               struct sss_domain_info *dom)
 {
     errno_t ret;
     const char *original_dn = NULL;
@@ -1685,7 +1685,7 @@ bool sdap_object_in_domain(struct sdap_options *opts,
     if (ret) {
         DEBUG(SSSDBG_FUNC_DATA,
               "The group has no original DN, assuming our domain\n");
-        return true;
+        return dom;
     }
 
     sdmatch = sdap_domain_get_by_dn(opts, original_dn);
@@ -1693,10 +1693,24 @@ bool sdap_object_in_domain(struct sdap_options *opts,
         DEBUG(SSSDBG_FUNC_DATA,
               "The original DN of the group cannot "
               "be related to any search base\n");
-        return true;
+        return dom;
     }
 
-    return (sdmatch->dom == dom);
+    return sdmatch->dom;
+}
+
+bool sdap_object_in_domain(struct sdap_options *opts,
+                           struct sysdb_attrs *obj,
+                           struct sss_domain_info *dom)
+{
+    struct sss_domain_info *obj_dom;
+
+    obj_dom = sdap_get_object_domain(opts, obj, dom);
+    if (obj_dom == NULL) {
+        return false;
+    }
+
+    return (obj_dom == dom);
 }
 
 size_t sdap_steal_objects_in_dom(struct sdap_options *opts,
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 2ba016ff52313198287ac5196e24517333882099..8b0f1f0ce0fef59554270f0f31cfd2d5f0aa57f5 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -644,6 +644,10 @@ size_t sdap_steal_objects_in_dom(struct sdap_options *opts,
                                  size_t count,
                                  bool filter);
 
+struct sss_domain_info *sdap_get_object_domain(struct sdap_options *opts,
+                                               struct sysdb_attrs *obj,
+                                               struct sss_domain_info *dom);
+
 bool sdap_object_in_domain(struct sdap_options *opts,
                            struct sysdb_attrs *obj,
                            struct sss_domain_info *dom);
-- 
2.14.3