Use find_or_guess_upn() where needed

author: Sumit Bose <sbose@redhat.com> 2012-10-24 09:47:21 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2012-11-05 00:14:05 +0100
commit: 983fab6286fa68b8586d7f20850491dc5ec22188 (patch)
tree: c24fe8f66b4bda86f07b9cbcf7294484bba48df3
parent: b598728537c67557f20d760e2e4127ec868a434b (diff)
download: sssd-983fab6286fa68b8586d7f20850491dc5ec22188.tar.gz
sssd-983fab6286fa68b8586d7f20850491dc5ec22188.tar.xz
sssd-983fab6286fa68b8586d7f20850491dc5ec22188.zip
6 files changed, 52 insertions, 36 deletions
diff --git a/src/providers/krb5/krb5_access.c b/src/providers/krb5/krb5_access.c
index afa3a89df..25612807d 100644
--- a/src/providers/krb5/krb5_access.c
+++ b/src/providers/krb5/krb5_access.c
@@ -25,6 +25,7 @@
 #include "util/util.h"
 #include "providers/krb5/krb5_auth.h"
 #include "providers/krb5/krb5_common.h"
+#include "providers/krb5/krb5_utils.h"
 
 struct krb5_access_state {
     struct tevent_context *ev;
@@ -101,15 +102,12 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
         goto done;
         break;
     case 1:
-        state->kr->upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_UPN,
-                                                     NULL);
-        if (state->kr->upn == NULL) {
-            ret = krb5_get_simple_upn(state, krb5_ctx, pd->user,
-                                      &state->kr->upn);
-            if (ret != EOK) {
-                DEBUG(1, ("krb5_get_simple_upn failed.\n"));
-                goto done;
-            }
+        ret = find_or_guess_upn(state, res->msgs[0], krb5_ctx,
+                                be_ctx->domain->name, pd->user, pd->domain,
+                                &state->kr->upn);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n"));
+            goto done;
         }
 
         state->kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM,
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 98dc8d840..c1f9f14b1 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -420,20 +420,19 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
         break;
 
     case 1:
-        kr->upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_UPN, NULL);
-        if (kr->upn == NULL) {
-            ret = krb5_get_simple_upn(state, krb5_ctx, pd->user, &kr->upn);
-            if (ret != EOK) {
-                DEBUG(1, ("krb5_get_simple_upn failed.\n"));
-                goto done;
-            }
-        } else {
-            ret = compare_principal_realm(kr->upn, realm,
-                                          &kr->upn_from_different_realm);
-            if (ret != 0) {
-                DEBUG(SSSDBG_OP_FAILURE, ("compare_principal_realm failed.\n"));
-                goto done;
-            }
+        ret = find_or_guess_upn(state, res->msgs[0], krb5_ctx,
+                                be_ctx->domain->name, pd->user, pd->domain,
+                                &kr->upn);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n"));
+            goto done;
+        }
+
+        ret = compare_principal_realm(kr->upn, realm,
+                                      &kr->upn_from_different_realm);
+        if (ret != 0) {
+            DEBUG(SSSDBG_OP_FAILURE, ("compare_principal_realm failed.\n"));
+            goto done;
         }
 
         kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR,
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
index bf49f7cfd..9133472ab 100644
--- a/src/providers/krb5/krb5_auth.h
+++ b/src/providers/krb5/krb5_auth.h
@@ -45,7 +45,7 @@ struct krb5child_req {
     const char *ccname;
     const char *old_ccname;
     const char *homedir;
-    const char *upn;
+    char *upn;
     uid_t uid;
     gid_t gid;
     bool is_offline;
diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c
index 217e03d32..ccb7e6af6 100644
--- a/src/providers/krb5/krb5_renew_tgt.c
+++ b/src/providers/krb5/krb5_renew_tgt.c
@@ -381,9 +381,11 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
     struct ldb_message **msgs = NULL;
     size_t c;
     const char *ccache_file;
-    const char *upn;
+    char *upn;
     const char *user_name;
     struct ldb_dn *base_dn;
+    const struct ldb_val *user_dom_val;
+    char *user_dom;
 
     tmp_ctx = talloc_new(NULL);
     if (tmp_ctx == NULL) {
@@ -421,15 +423,31 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
             continue;
         }
 
-        upn = ldb_msg_find_attr_as_string(msgs[c], SYSDB_UPN, NULL);
-        if (upn == NULL) {
-            ret = krb5_get_simple_upn(tmp_ctx, renew_tgt_ctx->krb5_ctx,
-                                      user_name, &upn);
-            if (ret != EOK) {
-                DEBUG(1, ("krb5_get_simple_upn failed.\n"));
-                continue;
-            }
-            DEBUG(9, ("No upn stored in cache, using [%s].\n", upn));
+        /* The DNs of users in sysdb ends with ...,cn=domain.name,cn=sysdb, so
+         * the value of the component before the last (index 1) is the domain
+         * name. */
+
+        user_dom_val = ldb_dn_get_component_val(msgs[c]->dn, 1);
+        if (user_dom_val == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE, ("Invalid user DN [%s].\n",
+                                      ldb_dn_get_linearized(msgs[c]->dn)));
+            ret = EINVAL;
+            goto done;
+        }
+        user_dom = talloc_strndup(tmp_ctx, (char *) user_dom_val->data,
+                                 user_dom_val->length);
+        if (user_dom == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE, ("talloc_strndup failed,\n"));
+            ret = ENOMEM;
+            goto done;
+        }
+
+        ret = find_or_guess_upn(tmp_ctx, msgs[c], renew_tgt_ctx->krb5_ctx,
+                                renew_tgt_ctx->be_ctx->domain->name,
+                                user_name, user_dom, &upn);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n"));
+            goto done;
         }
 
         ccache_file = ldb_msg_find_attr_as_string(msgs[c], SYSDB_CCACHE_FILE,
diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c
index b07592a46..d55eec077 100644
--- a/src/tests/krb5_child-test.c
+++ b/src/tests/krb5_child-test.c
@@ -221,7 +221,8 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
     /* PAM Data structure */
     kr->pd = create_dummy_pam_data(kr, user, password);
 
-    ret = krb5_get_simple_upn(kr, kr->krb5_ctx, kr->pd->user, &kr->upn);
+    ret = krb5_get_simple_upn(kr, kr->krb5_ctx, NULL, kr->pd->user, NULL,
+                              &kr->upn);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("krb5_get_simple_upn failed.\n"));
         goto fail;
diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c
index 636bcd403..fe5d8423f 100644
--- a/src/tests/krb5_utils-tests.c
+++ b/src/tests/krb5_utils-tests.c
@@ -433,7 +433,7 @@ void setup_talloc_context(void)
 
     pd->user = discard_const(USERNAME);
     kr->uid = atoi(UID);
-    kr->upn = PRINCIPAL_NAME;
+    kr->upn = discard_const(PRINCIPAL_NAME);
     pd->cli_pid = atoi(PID);
 
     krb5_ctx->opts = talloc_zero_array(tmp_ctx, struct dp_option, KRB5_OPTS);
author	Sumit Bose <sbose@redhat.com>	2012-10-24 09:47:21 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-11-05 00:14:05 +0100
commit	983fab6286fa68b8586d7f20850491dc5ec22188 (patch)
tree	c24fe8f66b4bda86f07b9cbcf7294484bba48df3
parent	b598728537c67557f20d760e2e4127ec868a434b (diff)
download	sssd-983fab6286fa68b8586d7f20850491dc5ec22188.tar.gz sssd-983fab6286fa68b8586d7f20850491dc5ec22188.tar.xz sssd-983fab6286fa68b8586d7f20850491dc5ec22188.zip