diff options
author | Sumit Bose <sbose@redhat.com> | 2013-11-26 10:27:50 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-12-19 10:24:16 +0100 |
commit | c246e2315cb8df1e347bec3b728f91b0c1264f93 (patch) | |
tree | b935fded5b7a7cebd3bce3befc41547edca80766 /src/tools/sss_cache.c | |
parent | d2791a492d8f0a9df73fc7a683b3f712abf80f3f (diff) | |
download | sssd-c246e2315cb8df1e347bec3b728f91b0c1264f93.tar.gz sssd-c246e2315cb8df1e347bec3b728f91b0c1264f93.tar.xz sssd-c246e2315cb8df1e347bec3b728f91b0c1264f93.zip |
sss_cache: fix case-sensitivity issue
For case-insensitive domains the lower-case name for case-insensitive
searches is stored in SYSDB_NAME_ALIAS.
Related to https://fedorahosted.org/sssd/ticket/1741
Diffstat (limited to 'src/tools/sss_cache.c')
-rw-r--r-- | src/tools/sss_cache.c | 63 |
1 files changed, 36 insertions, 27 deletions
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c index 6412d71bb..9f22862e9 100644 --- a/src/tools/sss_cache.c +++ b/src/tools/sss_cache.c @@ -195,6 +195,8 @@ static errno_t update_filter(struct cache_tool_ctx *tctx, TALLOC_CTX *tmp_ctx = NULL; char *use_name = NULL; char *filter; + char *sanitized; + char *lc_sanitized; if (!name || !update) { /* Nothing to do */ @@ -214,6 +216,14 @@ static errno_t update_filter(struct cache_tool_ctx *tctx, goto done; } + if (parsed_domain != NULL && strcasecmp(dinfo->name, parsed_domain) != 0) { + /* We were able to parse the domain from given fqdn, but it + * does not match with currently processed domain. */ + filter = NULL; + ret = EOK; + goto done; + } + if (!dinfo->case_sensitive && !force_case_sensitivity) { use_name = sss_tc_utf8_str_tolower(tmp_ctx, parsed_name); if (!use_name) { @@ -231,41 +241,40 @@ static errno_t update_filter(struct cache_tool_ctx *tctx, ret = ENOMEM; goto done; } + } - if (!strcasecmp(dinfo->name, parsed_domain)) { - if (fmt) { - filter = talloc_asprintf(tmp_ctx, fmt, - SYSDB_NAME, use_name); - } else { - filter = talloc_strdup(tmp_ctx, use_name); - } - if (filter == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); - ret = ENOMEM; - goto done; - } + ret = sss_filter_sanitize_for_dom(tmp_ctx, use_name, dinfo, + &sanitized, &lc_sanitized); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to sanitize the given name.\n")); + goto done; + } + + if (fmt) { + if (!dinfo->case_sensitive && !force_case_sensitivity) { + filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)(%s=%s))", + SYSDB_NAME_ALIAS, lc_sanitized, + SYSDB_NAME_ALIAS, sanitized); } else { - /* We were able to parse the domain from given fqdn, but it - * does not match with currently processed domain. */ - filter = NULL; + filter = talloc_asprintf(tmp_ctx, fmt, SYSDB_NAME, sanitized); } } else { - if (fmt) { - filter = talloc_asprintf(tmp_ctx, fmt, SYSDB_NAME, name); - } else { - filter = talloc_strdup(tmp_ctx, name); - } - if (filter == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); - ret = ENOMEM; - goto done; - } + filter = talloc_strdup(tmp_ctx, sanitized); + } + if (filter == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); + ret = ENOMEM; + goto done; } - talloc_free(*_filter); - *_filter = talloc_steal(tctx, filter); ret = EOK; + done: + if (ret == EOK) { + talloc_free(*_filter); + *_filter = talloc_steal(tctx, filter); + } + talloc_free(tmp_ctx); return ret; |