Allow extdom exop to return flat domain name as well

There are case where the extdom extended operation will return the flat
or NetBIOS name of a domain instead of the DNS domain name. If this name
is available for the current domain we accept it as well.

Related to https://fedorahosted.org/sssd/ticket/1561

4 files changed, 37 insertions, 4 deletions

diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index 26cb0aad8..a96304d43 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -599,10 +599,14 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
         goto done;
     }
 
-    if (strcasecmp(state->dom->name, attrs->domain_name) != 0) {
+    if (!(strcasecmp(state->dom->name, attrs->domain_name) == 0 ||
+          (state->dom->flat_name != NULL &&
+           strcasecmp(state->dom->flat_name, attrs->domain_name) == 0))) {
         DEBUG(SSSDBG_OP_FAILURE, ("Unexpected domain name returned, "
-                                  "expected [%s], got [%s].\n",
-                                  state->dom->name, attrs->domain_name));
+                                  "expected [%s] or [%s], got [%s].\n",
+                     state->dom->name,
+                     state->dom->flat_name == NULL ? "" : state->dom->flat_name,
+                     attrs->domain_name));
         ret = EINVAL;
         goto done;
     }
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 1da2b8cd4..36ffafd92 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -80,6 +80,30 @@ struct ipa_subdomains_ctx {
     struct sysdb_subdom *subdoms;
 };
 
+const char *get_flat_name_from_subdomain_name(struct be_ctx *be_ctx,
+                                              const char *name)
+{
+    size_t c;
+    struct ipa_subdomains_ctx *ctx;
+
+    ctx = talloc_get_type(be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data,
+                          struct ipa_subdomains_ctx);
+    if (ctx == NULL) {
+        DEBUG(SSSDBG_TRACE_ALL, ("Subdomains are not configured.\n"));
+        return NULL;
+    }
+
+    for (c = 0; c < ctx->num_subdoms; c++) {
+        if (strcasecmp(ctx->subdoms[c].name, name) == 0 ||
+            (ctx->subdoms[c].flat_name != NULL &&
+             strcasecmp(ctx->subdoms[c].flat_name, name) == 0)) {
+            return ctx->subdoms[c].flat_name;
+        }
+    }
+
+    return NULL;
+}
+
 static void ipa_subdomains_reply(struct be_req *be_req, int dp_err, int result)
 {
     if (be_req) {
diff --git a/src/providers/ipa/ipa_subdomains.h b/src/providers/ipa/ipa_subdomains.h
index 9d24bccf2..35b42b41c 100644
--- a/src/providers/ipa/ipa_subdomains.h
+++ b/src/providers/ipa/ipa_subdomains.h
@@ -28,6 +28,9 @@
 #include "providers/dp_backend.h"
 #include "providers/ipa/ipa_common.h"
 
+const char *get_flat_name_from_subdomain_name(struct be_ctx *be_ctx,
+                                              const char *name);
+
 int ipa_subdom_init(struct be_ctx *be_ctx,
                     struct ipa_id_ctx *id_ctx,
                     struct bet_ops **ops,
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
index eed8170c9..5a4ab40b2 100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -30,6 +30,7 @@
 #include "providers/ldap/ldap_common.h"
 #include "providers/ldap/sdap_async.h"
 #include "providers/ipa/ipa_id.h"
+#include "providers/ipa/ipa_subdomains.h"
 
 struct ipa_user_get_state {
     struct tevent_context *ev;
@@ -74,7 +75,8 @@ struct tevent_req *ipa_get_subdomain_account_info_send(TALLOC_CTX *memctx,
     }
 
     state->domain = new_subdomain(state, state->ctx->be->domain, ar->domain,
-                                  NULL, NULL);
+                          get_flat_name_from_subdomain_name(ctx->be,ar->domain),
+                          NULL);
     if (state->domain == NULL) {
         DEBUG(SSSDBG_OP_FAILURE, ("new_subdomain failed.\n"));
         ret = ENOMEM;