diff options
author | Sumit Bose <sbose@redhat.com> | 2015-05-29 16:37:54 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-01 15:49:23 +0200 |
commit | d0b7e5fcfca7d0db9e3d19be7b51f34d03d3d720 (patch) | |
tree | d4176e9edac1fda91763676e11e33e8fdef73a30 /src | |
parent | 176244cb1e9df96ce36d36556de1fd766582b1dc (diff) | |
download | sssd-d0b7e5fcfca7d0db9e3d19be7b51f34d03d3d720.tar.gz sssd-d0b7e5fcfca7d0db9e3d19be7b51f34d03d3d720.tar.xz sssd-d0b7e5fcfca7d0db9e3d19be7b51f34d03d3d720.zip |
ldap: use proper sysdb name in groups_by_user_done()
In a recent change set_initgroups_expire_attribute() was added to
groups_by_user_done() to make sure that the initgroups timeout is only
added to the user object until all groups added to the cache.
This change (and the original code in groups_by_user_done() as well)
didn't took sub-domain users into account where the name in sysdb might
different form the original request and the domain is not the configured
domain. This patch tries to ensure that the right name and domain are
used.
https://fedorahosted.org/sssd/ticket/2663
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/ldap_id.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index ed132e59c..d4f46f1dc 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -1125,6 +1125,7 @@ static void groups_by_user_done(struct tevent_req *subreq) struct groups_by_user_state); int dp_error = DP_ERR_FATAL; int ret; + const char *cname; ret = sdap_get_initgr_recv(subreq); talloc_zfree(subreq); @@ -1148,16 +1149,24 @@ static void groups_by_user_done(struct tevent_req *subreq) return; } + /* state->name is still the name used for the original request. The cached + * object might have a different name, e.g. a fully-qualified name. */ + ret = sysdb_get_real_name(state, state->domain, state->name, &cname); + if (ret != EOK) { + cname = state->name; + DEBUG(SSSDBG_OP_FAILURE, "Failed to canonicalize name, using [%s].\n", + cname); + } + if (ret == ENOENT && state->noexist_delete == true) { - ret = sysdb_delete_user(state->ctx->be->domain, state->name, 0); + ret = sysdb_delete_user(state->domain, cname, 0); if (ret != EOK && ret != ENOENT) { tevent_req_error(req, ret); return; } } - ret = set_initgroups_expire_attribute(state->ctx->be->domain, - state->name); + ret = set_initgroups_expire_attribute(state->domain, cname); if (ret != EOK) { state->dp_error = DP_ERR_FATAL; tevent_req_error(req, ret); |