providers/ldap/sdap_utils.c

25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina/*
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    Authors:
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        Simo Sorce <ssorce@redhat.com>
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    Copyright (C) 2013 Red Hat
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    This program is free software; you can redistribute it and/or modify
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    it under the terms of the GNU General Public License as published by
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    the Free Software Foundation; either version 3 of the License, or
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    (at your option) any later version.
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    This program is distributed in the hope that it will be useful,
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    but WITHOUT ANY WARRANTY; without even the implied warranty of
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    GNU General Public License for more details.
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    You should have received a copy of the GNU General Public License
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    along with this program.  If not, see <http://www.gnu.org/licenses/>.
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina*/
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina#include <ctype.h>
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina#include "util/util.h"
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina#include "providers/ldap/sdap_async.h"
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březinaerrno_t
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březinasdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs,
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                         const char *attr_name,
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                         const char *attr_desc,
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                         bool multivalued,
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                         const char *name,
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                         struct sysdb_attrs *attrs)
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina{
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    errno_t ret;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    struct ldb_message_element *el;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    const char *objname = name ?: "object";
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    const char *desc = attr_desc ?: attr_name;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    unsigned int num_values, i;
32445affe3612428eddde043cdc672a01c189714Jakub Hrozek    char *printable;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    ret = sysdb_attrs_get_el(ldap_attrs, attr_name, &el);
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    if (ret) {
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        DEBUG(SSSDBG_OP_FAILURE, "Could not get %s from the "
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina              "list of the LDAP attributes [%d]: %s\n",
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina              attr_name, ret, strerror(ret));
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        return ret;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    if (el->num_values == 0) {
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        DEBUG(SSSDBG_TRACE_INTERNAL, "%s is not available "
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina              "for [%s].\n", desc, objname);
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    } else {
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        num_values = multivalued ? el->num_values : 1;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        for (i = 0; i < num_values; i++) {
32445affe3612428eddde043cdc672a01c189714Jakub Hrozek            printable = ldb_binary_encode(ldap_attrs, el->values[i]);
32445affe3612428eddde043cdc672a01c189714Jakub Hrozek            if (printable == NULL) {
32445affe3612428eddde043cdc672a01c189714Jakub Hrozek                DEBUG(SSSDBG_MINOR_FAILURE, "ldb_binary_encode failed..\n");
32445affe3612428eddde043cdc672a01c189714Jakub Hrozek                continue;
32445affe3612428eddde043cdc672a01c189714Jakub Hrozek            }
32445affe3612428eddde043cdc672a01c189714Jakub Hrozek
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina            DEBUG(SSSDBG_TRACE_INTERNAL, "Adding %s [%s] to attributes "
32445affe3612428eddde043cdc672a01c189714Jakub Hrozek                  "of [%s].\n", desc, printable, objname);
32445affe3612428eddde043cdc672a01c189714Jakub Hrozek
32445affe3612428eddde043cdc672a01c189714Jakub Hrozek            talloc_zfree(printable);
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina            ret = sysdb_attrs_add_mem(attrs, attr_name, el->values[i].data,
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                                      el->values[i].length);
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina            if (ret) {
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                return ret;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina            }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    return EOK;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina}
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březinaerrno_t
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březinasdap_save_all_names(const char *name,
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                    struct sysdb_attrs *ldap_attrs,
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                    struct sss_domain_info *dom,
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek                    enum sysdb_member_type entry_type,
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                    struct sysdb_attrs *attrs)
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina{
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    const char **aliases = NULL;
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek    const char *sysdb_alias;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    errno_t ret;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    TALLOC_CTX *tmp_ctx;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    int i;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    bool lowercase = !dom->case_sensitive;
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek    bool store_as_fqdn;
9a310913d696d190db14c625080678db853a33fdSumit Bose    const char **emails;
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek    switch (entry_type) {
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek    case SYSDB_MEMBER_USER:
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek    case SYSDB_MEMBER_GROUP:
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek        store_as_fqdn = true;
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek        break;
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek    default:
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek        store_as_fqdn = false;
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek        break;
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek    }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    tmp_ctx = talloc_new(NULL);
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    if (!tmp_ctx) {
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        ret = ENOMEM;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        goto done;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    ret = sysdb_attrs_get_aliases(tmp_ctx, ldap_attrs, name,
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                                  lowercase, &aliases);
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    if (ret != EOK) {
87f8bee53ee1b4ca87b602ff8536bc5fd5b5b595Lukas Slebodnik        DEBUG(SSSDBG_OP_FAILURE, "Failed to get the alias list\n");
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        goto done;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    for (i = 0; aliases[i]; i++) {
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek        if (store_as_fqdn) {
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek            sysdb_alias = sss_create_internal_fqname(tmp_ctx, aliases[i],
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek                                                 dom->name);
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek        } else {
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek            sysdb_alias = aliases[i];
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek        }
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek        if (sysdb_alias == NULL) {
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina            ret = ENOMEM;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina            goto done;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        if (lowercase) {
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek            ret = sysdb_attrs_add_lc_name_alias(attrs, sysdb_alias);
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina            if (ret) {
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                DEBUG(SSSDBG_OP_FAILURE, "Failed to add lower-cased version "
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                                          "of alias [%s] into the "
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                                          "attribute list\n", aliases[i]);
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                goto done;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina            }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        } else {
7cc19286547260350afed9ef7176712f8fc66652Michal Zidek            ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, sysdb_alias);
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina            if (ret) {
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                DEBUG(SSSDBG_OP_FAILURE, "Failed to add alias [%s] into the "
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                                          "attribute list\n", aliases[i]);
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina                goto done;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina            }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina        }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    }
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina
9a310913d696d190db14c625080678db853a33fdSumit Bose    ret = sysdb_attrs_get_string_array(ldap_attrs, SYSDB_USER_EMAIL, tmp_ctx,
9a310913d696d190db14c625080678db853a33fdSumit Bose                                       &emails);
9a310913d696d190db14c625080678db853a33fdSumit Bose    if (ret == EOK) {
9a310913d696d190db14c625080678db853a33fdSumit Bose        for (i = 0; emails[i] != NULL; i++) {
9a310913d696d190db14c625080678db853a33fdSumit Bose            if (is_email_from_domain(emails[i], dom)) {
9a310913d696d190db14c625080678db853a33fdSumit Bose                ret = sysdb_attrs_add_lc_name_alias_safe(attrs, emails[i]);
9a310913d696d190db14c625080678db853a33fdSumit Bose                if (ret) {
9a310913d696d190db14c625080678db853a33fdSumit Bose                    DEBUG(SSSDBG_OP_FAILURE,
9a310913d696d190db14c625080678db853a33fdSumit Bose                          "Failed to add lower-cased version of email [%s] "
9a310913d696d190db14c625080678db853a33fdSumit Bose                          "into the alias list\n", emails[i]);
9a310913d696d190db14c625080678db853a33fdSumit Bose                    goto done;
9a310913d696d190db14c625080678db853a33fdSumit Bose                }
9a310913d696d190db14c625080678db853a33fdSumit Bose            }
9a310913d696d190db14c625080678db853a33fdSumit Bose        }
9a310913d696d190db14c625080678db853a33fdSumit Bose    } else if (ret == ENOENT) {
9a310913d696d190db14c625080678db853a33fdSumit Bose        DEBUG(SSSDBG_TRACE_ALL, "No email addresses available.\n");
9a310913d696d190db14c625080678db853a33fdSumit Bose    } else {
9a310913d696d190db14c625080678db853a33fdSumit Bose        DEBUG(SSSDBG_OP_FAILURE,
9a310913d696d190db14c625080678db853a33fdSumit Bose              "sysdb_attrs_get_string_array failed, skipping ...\n");
9a310913d696d190db14c625080678db853a33fdSumit Bose    }
9a310913d696d190db14c625080678db853a33fdSumit Bose
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    ret = EOK;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březinadone:
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    talloc_free(tmp_ctx);
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina    return ret;
25ac7bda643c8872b5a29bc856c374e76a7f8363Pavel Březina}
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březinaerrno_t deref_string_to_val(const char *str, int *val)
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina{
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina    if (strcasecmp(str, "never") == 0) {
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina        *val = LDAP_DEREF_NEVER;
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina    } else if (strcasecmp(str, "searching") == 0) {
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina        *val = LDAP_DEREF_SEARCHING;
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina    } else if (strcasecmp(str, "finding") == 0) {
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina        *val = LDAP_DEREF_FINDING;
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina    } else if (strcasecmp(str, "always") == 0) {
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina        *val = LDAP_DEREF_ALWAYS;
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina    } else {
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Illegal deref option [%s].\n", str);
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina        return EINVAL;
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina    }
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina    return EOK;
44d0fd9bfdcab991f00ba33c91f49527f8cce595Pavel Březina}
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březinastatic char *
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březinasdap_combine_filters_ex(TALLOC_CTX *mem_ctx,
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina                        char operator,
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina                        const char *base_filter,
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina                        const char *extra_filter)
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina{
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina    char *filter = NULL;
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina
1d3f5fc2802c218916e6d6bc98eeaed79c66bafePavel Březina    if (extra_filter == NULL || extra_filter[0] == '\0') {
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina        return talloc_strdup(mem_ctx, base_filter);
1d3f5fc2802c218916e6d6bc98eeaed79c66bafePavel Březina    } else if (base_filter == NULL || base_filter[0] == '\0') {
1d3f5fc2802c218916e6d6bc98eeaed79c66bafePavel Březina        return talloc_strdup(mem_ctx, extra_filter);
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina    }
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina    if (extra_filter[0] == '(') {
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina        filter = talloc_asprintf(mem_ctx, "(%c%s%s)",
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina                                 operator, base_filter, extra_filter);
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina    } else {
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina        filter = talloc_asprintf(mem_ctx, "(%c%s(%s))",
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina                                 operator, base_filter, extra_filter);
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina    }
1d3f5fc2802c218916e6d6bc98eeaed79c66bafePavel Březina
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina    return filter; /* NULL or not */
430cc9ad62e0d7d1bd8dc7c65be2bfcf087c5e5cPavel Březina}
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březinachar *sdap_or_filters(TALLOC_CTX *mem_ctx,
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina                      const char *base_filter,
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina                      const char *extra_filter)
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina{
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina    return sdap_combine_filters_ex(mem_ctx, '|', base_filter, extra_filter);
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina}
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březinachar *sdap_combine_filters(TALLOC_CTX *mem_ctx,
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina                           const char *base_filter,
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina                           const char *extra_filter)
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina{
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina    return sdap_combine_filters_ex(mem_ctx, '&', base_filter, extra_filter);
ad5a48c4947183fda49308259e3411d17a8b0a13Pavel Březina}
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bosechar *get_enterprise_principal_string_filter(TALLOC_CTX *mem_ctx,
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose                                             const char *attr_name,
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose                                             const char *princ,
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose                                             struct dp_option *sdap_basic_opts)
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose{
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose    const char *realm;
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose    char *p;
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose    if (attr_name == NULL || princ == NULL || sdap_basic_opts == NULL) {
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose        return NULL;
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose    }
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose    realm = dp_opt_get_cstring(sdap_basic_opts, SDAP_KRB5_REALM);
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose    if (realm == NULL) {
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose        return NULL;
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose    }
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose    p = strchr(princ, '@');
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose    if (p == NULL) {
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose        return NULL;
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose    }
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose    return talloc_asprintf(mem_ctx, "(%s=%.*s\\\\@%s@%s)", attr_name,
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose                                                           (int) (p - princ),
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose                                                           princ,
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose                                                           p + 1, realm);
50a7a92f92e1584702bf25e61a50cb1c09c7e260Sumit Bose}