diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-01-22 17:03:00 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-01-23 13:26:33 +0100 |
| commit | 79a818a4f473e3517b2bfe4ad03391e2d82fe33d (patch) | |
| tree | 846ea3bc0f3c9c4e787df0892caefdcc87bd4e52 /src/providers/ipa/ipa_s2n_exop.c | |
| parent | 7407b227b67749d854d1632cd04f6106606cbdda (diff) | |
| download | sssd-79a818a4f473e3517b2bfe4ad03391e2d82fe33d.tar.gz sssd-79a818a4f473e3517b2bfe4ad03391e2d82fe33d.tar.xz sssd-79a818a4f473e3517b2bfe4ad03391e2d82fe33d.zip | |
IPA: properly handle mixed-case trusted domains
In the SSSD cache domain names are handled case-sensitive. As a result
fully-qualified names in RDN contain the domain part in the original
spelling. When IPA client lookup up group-memberships on the IPA server
via the extdom plugin the names returned are all lower case. To make
sure new DNs are generated correctly the domain part must adjusted.
Related to https://fedorahosted.org/sssd/ticket/2159
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_s2n_exop.c')
| -rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index a9c2f1ae3..997d0dce8 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -1749,6 +1749,7 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, bool in_transaction = false; int tret; struct sysdb_attrs *gid_override_attrs = NULL; + char ** exop_grouplist; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -2000,8 +2001,19 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, goto done; } - ret = diff_string_lists(tmp_ctx, attrs->groups, sysdb_grouplist, - &add_groups, &del_groups, NULL); + /* names returned by extdom exop will be all lower case, since + * we handle domain names case sensitve in the cache we have + * to make sure we use the right case. */ + ret = fix_domain_in_name_list(tmp_ctx, dom, attrs->groups, + &exop_grouplist); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "fix_domain_name failed.\n"); + goto done; + } + + ret = diff_string_lists(tmp_ctx, exop_grouplist, + sysdb_grouplist, &add_groups, + &del_groups, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "diff_string_lists failed.\n"); goto done; |