summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-10-16 18:00:03 +0200
committerJakub Hrozek <jhrozek@redhat.com>2012-11-05 00:14:05 +0100
commit09d59c60dc9fae1fdc70ea4f1a073591a4eff456 (patch)
tree3cd3fe9293764b5e44bd2215f3eb7c370b195772
parent127baf2d277fc26c59ddabe3743dff8ac229ca77 (diff)
downloadsssd-09d59c60dc9fae1fdc70ea4f1a073591a4eff456.tar.gz
sssd-09d59c60dc9fae1fdc70ea4f1a073591a4eff456.tar.xz
sssd-09d59c60dc9fae1fdc70ea4f1a073591a4eff456.zip
pac responder: use only lower case user name
Since winbind can only return lower-cased user name the pac responder must do the same to avoid inconsistent behaviour.
-rw-r--r--src/responder/pac/pacsrv_cmd.c12
-rw-r--r--src/responder/pac/pacsrv_utils.c8
2 files changed, 15 insertions, 5 deletions
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index b7edf81d5..4cbf14b5c 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -113,13 +113,21 @@ static errno_t pac_add_pac_user(struct cli_ctx *cctx)
goto done;
}
- pr_ctx->user_name = pr_ctx->logon_info->info3.base.account_name.string;
- if (pr_ctx->user_name == NULL) {
+ if (pr_ctx->logon_info->info3.base.account_name.string == NULL) {
ret = EINVAL;
DEBUG(SSSDBG_FATAL_FAILURE, ("Missing account name in PAC.\n"));
goto done;
}
+ /* To be compatible with winbind based lookups we have to use lower case
+ * names only, effectively making the domain case-insenvitive. */
+ pr_ctx->user_name = sss_tc_utf8_str_tolower(pr_ctx,
+ pr_ctx->logon_info->info3.base.account_name.string);
+ if (pr_ctx->user_name == NULL) {
+ ret = ENOMEM;
+ DEBUG(SSSDBG_FATAL_FAILURE, ("sss_tc_utf8_str_tolower failed.\n"));
+ goto done;
+ }
pr_ctx->dom = responder_get_domain(pr_ctx, cctx->rctx, pr_ctx->domain_name);
if (pr_ctx->dom == NULL) {
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index 48caae643..4b55ef3e5 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -510,10 +510,12 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx,
base_info = &logon_info->info3.base;
if (base_info->account_name.size != 0) {
- pwd->pw_name = talloc_strdup(pwd,
- base_info->account_name.string);
+ /* To be compatible with winbind based lookups we have to use lower
+ * case names only, effectively making the domain case-insenvitive. */
+ pwd->pw_name = sss_tc_utf8_str_tolower(pwd,
+ base_info->account_name.string);
if (pwd->pw_name == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, ("sss_tc_utf8_str_tolower failed.\n"));
ret = ENOMEM;
goto done;
}