diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-08 19:10:41 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-25 21:02:43 +0200 |
commit | dd2f33603228005a44675f1484c294ea647dbce3 (patch) | |
tree | b05644883c5197070983fd62fc6bb67717aca1de | |
parent | 443eb8217741df57d9f58f2098487b91e3404e71 (diff) | |
download | sssd-dd2f33603228005a44675f1484c294ea647dbce3.tar.gz sssd-dd2f33603228005a44675f1484c294ea647dbce3.tar.xz sssd-dd2f33603228005a44675f1484c294ea647dbce3.zip |
LDAP: Parse FQDN into name/domain for subdomain users
Related:
https://fedorahosted.org/sssd/ticket/2082
When a subdomain user logs in, the username the account request receives
is a FQDN. This hackish patch parses the FQDN and only uses the name to
search the LDAP.
-rw-r--r-- | src/providers/ldap/sdap_access.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 267a2b863..6b387271a 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -644,6 +644,8 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, const char *basedn; char *clean_username; errno_t ret = ERR_INTERNAL; + char *name; + char *domname; req = tevent_req_create(mem_ctx, &state, struct sdap_access_filter_req_ctx); if (req == NULL) { @@ -694,8 +696,16 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, } /* Construct the filter */ + /* Subdomain users are identified by FQDN. We need to use just the username */ + ret = sss_parse_name(state, domain->names, username, &domname, &name); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Could not parse [%s] into name and " + "domain components, access might fail\n", username)); + name = discard_const(username); + } - ret = sss_filter_sanitize(state, state->username, &clean_username); + ret = sss_filter_sanitize(state, name, &clean_username); if (ret != EOK) { goto done; } |