diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2014-08-30 17:31:50 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-05 17:29:56 +0200 |
| commit | 61b58801f1e37c054affc99f6fe900f7b3ef7972 (patch) | |
| tree | 9a284c9e4d8995d3fa9acb939ae9350adebf58c0 | |
| parent | 6b104b0f1cf3f74b56a59458f40922919e3eae0c (diff) | |
| download | sssd-61b58801f1e37c054affc99f6fe900f7b3ef7972.tar.gz sssd-61b58801f1e37c054affc99f6fe900f7b3ef7972.tar.xz sssd-61b58801f1e37c054affc99f6fe900f7b3ef7972.zip | |
NSS: Use right domain for group members with fq names
If we query group from subdomain it can contain users from different domains.
All members from subdomain have fully qualified name, but member from main
domain aren't. In function fill_members, we extracted name and domain with
function fill_members. Later, we called function sss_fqname the first time
with queried group domain and the second time with parsed domain.
It caused following error in nss responder:
[fill_members] (0x0040): Failed to generate a fully qualified name for member
[user2_dom1@sssdad_tree.com] of group [group2_dom2@sssdad_tree.com]! Skipping
The test test_nss_getgrnam_mix_dom_fqdn passed, because name of main domain
and name of subdomain had the same length, Therefore there was not problem
in function fill_members with calling sss_fqname with different domains.
This patch also changes name of subdomain to prevent such problems in future.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
| -rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 3 | ||||
| -rw-r--r-- | src/tests/cmocka/test_nss_srv.c | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index bf578f394..560578428 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -2498,7 +2498,8 @@ static int fill_members(struct sss_packet *packet, } if (add_domain) { - nlen = sss_fqname(NULL, 0, dom->names, dom, name.str); + nlen = sss_fqname(NULL, 0, member_dom->names, member_dom, + name.str); if (nlen >= 0) { nlen += 1; } else { diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c index e7d6540cc..644468dbb 100644 --- a/src/tests/cmocka/test_nss_srv.c +++ b/src/tests/cmocka/test_nss_srv.c @@ -37,7 +37,7 @@ #define TEST_CONF_DB "test_nss_conf.ldb" #define TEST_DOM_NAME "nss_test" #define TEST_SYSDB_FILE "cache_"TEST_DOM_NAME".ldb" -#define TEST_SUBDOM_NAME "test.sub" +#define TEST_SUBDOM_NAME "test.subdomain" #define TEST_ID_PROVIDER "ldap" struct nss_test_ctx { |