Use find_or_guess_upn() where needed

4 files changed, 49 insertions, 34 deletions

diff --git a/src/providers/krb5/krb5_access.c b/src/providers/krb5/krb5_access.c
index afa3a89df..25612807d 100644
--- a/src/providers/krb5/krb5_access.c
+++ b/src/providers/krb5/krb5_access.c
@@ -25,6 +25,7 @@
 #include "util/util.h"
 #include "providers/krb5/krb5_auth.h"
 #include "providers/krb5/krb5_common.h"
+#include "providers/krb5/krb5_utils.h"
 
 struct krb5_access_state {
     struct tevent_context *ev;
@@ -101,15 +102,12 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
         goto done;
         break;
     case 1:
-        state->kr->upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_UPN,
-                                                     NULL);
-        if (state->kr->upn == NULL) {
-            ret = krb5_get_simple_upn(state, krb5_ctx, pd->user,
-                                      &state->kr->upn);
-            if (ret != EOK) {
-                DEBUG(1, ("krb5_get_simple_upn failed.\n"));
-                goto done;
-            }
+        ret = find_or_guess_upn(state, res->msgs[0], krb5_ctx,
+                                be_ctx->domain->name, pd->user, pd->domain,
+                                &state->kr->upn);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n"));
+            goto done;
         }
 
         state->kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM,
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 98dc8d840..c1f9f14b1 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -420,20 +420,19 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
         break;
 
     case 1:
-        kr->upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_UPN, NULL);
-        if (kr->upn == NULL) {
-            ret = krb5_get_simple_upn(state, krb5_ctx, pd->user, &kr->upn);
-            if (ret != EOK) {
-                DEBUG(1, ("krb5_get_simple_upn failed.\n"));
-                goto done;
-            }
-        } else {
-            ret = compare_principal_realm(kr->upn, realm,
-                                          &kr->upn_from_different_realm);
-            if (ret != 0) {
-                DEBUG(SSSDBG_OP_FAILURE, ("compare_principal_realm failed.\n"));
-                goto done;
-            }
+        ret = find_or_guess_upn(state, res->msgs[0], krb5_ctx,
+                                be_ctx->domain->name, pd->user, pd->domain,
+                                &kr->upn);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n"));
+            goto done;
+        }
+
+        ret = compare_principal_realm(kr->upn, realm,
+                                      &kr->upn_from_different_realm);
+        if (ret != 0) {
+            DEBUG(SSSDBG_OP_FAILURE, ("compare_principal_realm failed.\n"));
+            goto done;
         }
 
         kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR,
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
index bf49f7cfd..9133472ab 100644
--- a/src/providers/krb5/krb5_auth.h
+++ b/src/providers/krb5/krb5_auth.h
@@ -45,7 +45,7 @@ struct krb5child_req {
     const char *ccname;
     const char *old_ccname;
     const char *homedir;
-    const char *upn;
+    char *upn;
     uid_t uid;
     gid_t gid;
     bool is_offline;
diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c
index 217e03d32..ccb7e6af6 100644
--- a/src/providers/krb5/krb5_renew_tgt.c
+++ b/src/providers/krb5/krb5_renew_tgt.c
@@ -381,9 +381,11 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
     struct ldb_message **msgs = NULL;
     size_t c;
     const char *ccache_file;
-    const char *upn;
+    char *upn;
     const char *user_name;
     struct ldb_dn *base_dn;
+    const struct ldb_val *user_dom_val;
+    char *user_dom;
 
     tmp_ctx = talloc_new(NULL);
     if (tmp_ctx == NULL) {
@@ -421,15 +423,31 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
             continue;
         }
 
-        upn = ldb_msg_find_attr_as_string(msgs[c], SYSDB_UPN, NULL);
-        if (upn == NULL) {
-            ret = krb5_get_simple_upn(tmp_ctx, renew_tgt_ctx->krb5_ctx,
-                                      user_name, &upn);
-            if (ret != EOK) {
-                DEBUG(1, ("krb5_get_simple_upn failed.\n"));
-                continue;
-            }
-            DEBUG(9, ("No upn stored in cache, using [%s].\n", upn));
+        /* The DNs of users in sysdb ends with ...,cn=domain.name,cn=sysdb, so
+         * the value of the component before the last (index 1) is the domain
+         * name. */
+
+        user_dom_val = ldb_dn_get_component_val(msgs[c]->dn, 1);
+        if (user_dom_val == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE, ("Invalid user DN [%s].\n",
+                                      ldb_dn_get_linearized(msgs[c]->dn)));
+            ret = EINVAL;
+            goto done;
+        }
+        user_dom = talloc_strndup(tmp_ctx, (char *) user_dom_val->data,
+                                 user_dom_val->length);
+        if (user_dom == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE, ("talloc_strndup failed,\n"));
+            ret = ENOMEM;
+            goto done;
+        }
+
+        ret = find_or_guess_upn(tmp_ctx, msgs[c], renew_tgt_ctx->krb5_ctx,
+                                renew_tgt_ctx->be_ctx->domain->name,
+                                user_name, user_dom, &upn);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n"));
+            goto done;
         }
 
         ccache_file = ldb_msg_find_attr_as_string(msgs[c], SYSDB_CCACHE_FILE,