diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2014-12-01 17:29:49 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-12-08 10:43:01 +0100 |
commit | b02eda90e9c6d6666af55041b1b12f5ac2f47b73 (patch) | |
tree | ffc59184318906efd7bda73075ef8d05af61e7e4 /src/providers/ipa/ipa_selinux.c | |
parent | babaca78cc196e7e0dcc3e972347951a081159f2 (diff) | |
download | sssd-b02eda90e9c6d6666af55041b1b12f5ac2f47b73.tar.gz sssd-b02eda90e9c6d6666af55041b1b12f5ac2f47b73.tar.xz sssd-b02eda90e9c6d6666af55041b1b12f5ac2f47b73.zip |
IPA: Do not append domain name to fq name
Usernames from AD subdomains are already in fqdn we should not append
domain name in this case.
Resolves:
https://fedorahosted.org/sssd/ticket/2512
Reviewed-by: Michal Židek <mzidek@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_selinux.c')
-rw-r--r-- | src/providers/ipa/ipa_selinux.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 531258dac..c4e70cfcb 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -812,6 +812,7 @@ selinux_child_setup(TALLOC_CTX *mem_ctx, char *ptr; char *username; char *username_final; + char *domain_name = NULL; TALLOC_CTX *tmp_ctx; struct selinux_child_input *sci; @@ -849,10 +850,22 @@ selinux_child_setup(TALLOC_CTX *mem_ctx, } if (dom->fqnames) { - username_final = talloc_asprintf(tmp_ctx, dom->names->fq_fmt, - username, dom->name); - if (username_final == NULL) { - ret = ENOMEM; + ret = sss_parse_name(tmp_ctx, dom->names, username, &domain_name, + NULL); + if (ret == EOK && domain_name != NULL) { + /* username is already a fully qualified name */ + username_final = username; + } else if ((ret == EOK && domain_name == NULL) + || ret == ERR_REGEX_NOMATCH) { + username_final = talloc_asprintf(tmp_ctx, dom->names->fq_fmt, + username, dom->name); + if (username_final == NULL) { + ret = ENOMEM; + goto done; + } + } else { + DEBUG(SSSDBG_OP_FAILURE, + "sss_parse_name failed: [%d] %s", ret, sss_strerror(ret)); goto done; } } else { |