pac responder: add user principal and name alias to cached user object

The principal name for the user is generated with the user name and the domain from the PAC. It is stored in the cache so that if e.g. can be used by password authentication. Additionally the name alias is stored to allow case-insensitive searches.
author: Sumit Bose <sbose@redhat.com> 2012-10-15 22:08:05 +0200
committer: Simo Sorce <simo@redhat.com> 2012-10-26 12:10:23 -0400
commit: 538db73bab04af295a8584454094fd109a4d0d14 (patch)
tree: d8d9df122a7d35ad9820880583ab0ede6f6959e4 /src/responder
parent: 8847542f065920e9626d6b37b10eaa350dad5163 (diff)
download: sssd-538db73bab04af295a8584454094fd109a4d0d14.tar.gz
sssd-538db73bab04af295a8584454094fd109a4d0d14.tar.xz
sssd-538db73bab04af295a8584454094fd109a4d0d14.zip
3 files changed, 46 insertions, 4 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h
index 08b4461f4..e088e212a 100644
--- a/src/responder/pac/pacsrv.h
+++ b/src/responder/pac/pacsrv.h
@@ -104,5 +104,6 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx,
                          struct pac_ctx *pac_ctx,
                          struct sss_domain_info *dom,
                          struct PAC_LOGON_INFO *logon_info,
-                         struct passwd **_pwd);
+                         struct passwd **_pwd,
+                         struct sysdb_attrs **_attrs);
 #endif /* __PACSRV_H__ */
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index 4cbf14b5c..777798387 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -231,6 +231,7 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx)
     struct ldb_message *msg;
     struct passwd *pwd = NULL;
     TALLOC_CTX *tmp_ctx = NULL;
+    struct sysdb_attrs *user_attrs = NULL;
 
     sysdb = pr_ctx->dom->sysdb;
     if (sysdb == NULL) {
@@ -252,7 +253,7 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx)
         /* TODO: check id uid and gid are equal. */
     } else if (ret == ENOENT) {
         ret = get_pwd_from_pac(tmp_ctx, pr_ctx->pac_ctx, pr_ctx->dom,
-                               pr_ctx->logon_info, &pwd);
+                               pr_ctx->logon_info, &pwd, &user_attrs);
         if (ret != EOK) {
             DEBUG(SSSDBG_OP_FAILURE, ("get_pwd_from_pac failed.\n"));
             goto done;
@@ -261,7 +262,7 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx)
         ret = sysdb_store_user(sysdb, pwd->pw_name, NULL,
                                pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos,
                                pwd->pw_dir,
-                               pwd->pw_shell, NULL, NULL,
+                               pwd->pw_shell, user_attrs, NULL,
                                pr_ctx->dom->user_timeout, 0);
         if (ret != EOK) {
             DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_user failed [%d][%s].\n",
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index 4b55ef3e5..101960f01 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -495,11 +495,15 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx,
                          struct pac_ctx *pac_ctx,
                          struct sss_domain_info *dom,
                          struct PAC_LOGON_INFO *logon_info,
-                         struct passwd **_pwd)
+                         struct passwd **_pwd,
+                         struct sysdb_attrs **_attrs)
 {
     struct passwd *pwd = NULL;
+    struct sysdb_attrs *attrs = NULL;
     struct netr_SamBaseInfo *base_info;
     int ret;
+    char *uc_realm;
+    char *upn;
 
     pwd = talloc_zero(mem_ctx, struct passwd);
     if (pwd == NULL) {
@@ -565,7 +569,43 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx,
 
     pwd->pw_shell = NULL; /* Using default */
 
+    attrs = sysdb_new_attrs(mem_ctx);
+    if (attrs == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n"));
+        ret = ENOMEM;
+        goto done;
+    }
+
+    uc_realm = get_uppercase_realm(mem_ctx, dom->name);
+    if (uc_realm == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n"));
+        ret = ENOMEM;
+        goto done;
+    }
+
+    upn = talloc_asprintf(mem_ctx, "%s@%s", pwd->pw_name, uc_realm);
+    talloc_free(uc_realm);
+    if (upn == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n"));
+        ret = ENOMEM;
+        goto done;
+    }
+
+    ret = sysdb_attrs_add_string(attrs, SYSDB_UPN, upn);
+    talloc_free(upn);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n"));
+        goto done;
+    }
+
+    ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, pwd->pw_name);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n"));
+        goto done;
+    }
+
     *_pwd = pwd;
+    *_attrs = attrs;
 
     ret = EOK;
author	Sumit Bose <sbose@redhat.com>	2012-10-15 22:08:05 +0200
committer	Simo Sorce <simo@redhat.com>	2012-10-26 12:10:23 -0400
commit	538db73bab04af295a8584454094fd109a4d0d14 (patch)
tree	d8d9df122a7d35ad9820880583ab0ede6f6959e4 /src/responder
parent	8847542f065920e9626d6b37b10eaa350dad5163 (diff)
download	sssd-538db73bab04af295a8584454094fd109a4d0d14.tar.gz sssd-538db73bab04af295a8584454094fd109a4d0d14.tar.xz sssd-538db73bab04af295a8584454094fd109a4d0d14.zip