diff options
author | Sumit Bose <sbose@redhat.com> | 2015-04-22 16:57:37 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-04-29 11:33:22 +0200 |
commit | f70a1adbfc30b9acc302027439fb8157e0c6ea2a (patch) | |
tree | b65879cc54087e6e7fcc5aea4e2b86a4de3d1683 /src/db | |
parent | 82a958e6592c4a4078e45b7197bbe4751b70f511 (diff) | |
download | sssd-f70a1adbfc30b9acc302027439fb8157e0c6ea2a.tar.gz sssd-f70a1adbfc30b9acc302027439fb8157e0c6ea2a.tar.xz sssd-f70a1adbfc30b9acc302027439fb8157e0c6ea2a.zip |
IPA: allow initgroups by SID for AD users
If a user from a trusted AD domain is search with the help of an
override name the SID from the override anchor is used to search the
user in AD. Currently the initgroups request only allows searches by
name. With this patch a SID can be used as well.
Resolves https://fedorahosted.org/sssd/ticket/2632
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/db')
-rw-r--r-- | src/db/sysdb_search.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 7acefcedd..39b3abb55 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -1581,7 +1581,7 @@ done: errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *name_or_upn, + const char *name_or_upn_or_sid, const char **_cname) { errno_t ret; @@ -1595,20 +1595,28 @@ errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = sysdb_getpwnam(tmp_ctx, domain, name_or_upn, &res); + ret = sysdb_getpwnam(tmp_ctx, domain, name_or_upn_or_sid, &res); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot canonicalize username\n"); goto done; } if (res->count == 0) { - ret = sysdb_search_user_by_upn(tmp_ctx, domain, name_or_upn, NULL, - &msg); + ret = sysdb_search_user_by_upn(tmp_ctx, domain, name_or_upn_or_sid, + NULL, &msg); if (ret != EOK) { - /* User cannot be found in cache */ - DEBUG(SSSDBG_OP_FAILURE, "Cannot find user [%s] in cache\n", - name_or_upn); - goto done; + if (ret == ENOENT) { + ret = sysdb_search_user_by_sid_str(tmp_ctx, domain, + name_or_upn_or_sid, NULL, + &msg); + } + + if (ret != EOK) { + /* User cannot be found in cache */ + DEBUG(SSSDBG_OP_FAILURE, "Cannot find user [%s] in cache\n", + name_or_upn_or_sid); + goto done; + } } } else if (res->count == 1) { msg = res->msgs[0]; |