IPA: properly handle mixed-case trusted domains

In the SSSD cache domain names are handled case-sensitive. As a result
fully-qualified names in RDN contain the domain part in the original
spelling. When IPA client lookup up group-memberships on the IPA server
via the extdom plugin the names returned are all lower case. To make
sure new DNs are generated correctly the domain part must adjusted.

Related to https://fedorahosted.org/sssd/ticket/2159

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

2 files changed, 75 insertions, 0 deletions

diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index e04b90576..e0f1120e3 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -777,3 +777,75 @@ done:
 
     return ret;
 }
+
+errno_t fix_domain_in_name_list(TALLOC_CTX *mem_ctx,
+                                struct sss_domain_info *dom,
+                                char **in, char ***_out)
+{
+    int ret;
+    size_t c;
+    TALLOC_CTX *tmp_ctx;
+    char **out;
+    struct sss_domain_info *head;
+    struct sss_domain_info *out_domain;
+    char *in_name;
+    char *in_domain;
+
+    head = get_domains_head(dom);
+
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
+        return ENOMEM;
+    }
+
+    /* count elements */
+    for (c = 0; in[c] != NULL; c++);
+
+    out = talloc_zero_array(tmp_ctx, char *, c + 1);
+    if (out == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE, "talloc_array failed.\n");
+        ret = ENOMEM;
+        goto done;
+    }
+
+    for (c = 0; in[c] != NULL; c++) {
+        ret = sss_parse_name(tmp_ctx, head->names, in[c], &in_domain,
+                              &in_name);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, "sss_parse_name failed for [%s].\n",
+                                      in[c]);
+            goto done;
+        }
+
+        if (in_domain == NULL) {
+            out[c] = talloc_strdup(out, in_name);
+        } else {
+            out_domain = find_domain_by_name(head, in_domain, true);
+            if (out_domain == NULL) {
+                DEBUG(SSSDBG_CRIT_FAILURE,
+                      "Cannot find domain with name [%s].\n", in_domain);
+                ret = EINVAL;
+                goto done;
+            }
+
+            out[c] = sss_tc_fqname(out, head->names, out_domain, in_name);
+        }
+
+        if (out[c] == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE, "%s failed.\n",
+                  in_domain == NULL ? "talloc_strdup" : "sss_tc_fqname");
+            ret = ENOMEM;
+            goto done;
+        }
+    }
+
+    *_out = talloc_steal(mem_ctx, out);
+
+    ret = EOK;
+
+done:
+    talloc_free(tmp_ctx);
+
+    return ret;
+}
diff --git a/src/util/util.h b/src/util/util.h
index 45efd1aef..23624c815 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -589,6 +589,9 @@ errno_t get_dom_names(TALLOC_CTX *mem_ctx,
                       char ***_dom_names,
                       int *_dom_names_count);
 
+errno_t fix_domain_in_name_list(TALLOC_CTX *mem_ctx,
+                                struct sss_domain_info *dom,
+                                char **in, char ***_out);
 /* from util_lock.c */
 errno_t sss_br_lock_file(int fd, size_t start, size_t len,
                          int num_tries, useconds_t wait);