summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLukas Slebodnik <lslebodn@redhat.com>2014-08-30 17:31:50 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-09-05 17:29:56 +0200
commit61b58801f1e37c054affc99f6fe900f7b3ef7972 (patch)
tree9a284c9e4d8995d3fa9acb939ae9350adebf58c0 /src
parent6b104b0f1cf3f74b56a59458f40922919e3eae0c (diff)
downloadsssd-61b58801f1e37c054affc99f6fe900f7b3ef7972.tar.gz
sssd-61b58801f1e37c054affc99f6fe900f7b3ef7972.tar.xz
sssd-61b58801f1e37c054affc99f6fe900f7b3ef7972.zip
NSS: Use right domain for group members with fq names
If we query group from subdomain it can contain users from different domains. All members from subdomain have fully qualified name, but member from main domain aren't. In function fill_members, we extracted name and domain with function fill_members. Later, we called function sss_fqname the first time with queried group domain and the second time with parsed domain. It caused following error in nss responder: [fill_members] (0x0040): Failed to generate a fully qualified name for member [user2_dom1@sssdad_tree.com] of group [group2_dom2@sssdad_tree.com]! Skipping The test test_nss_getgrnam_mix_dom_fqdn passed, because name of main domain and name of subdomain had the same length, Therefore there was not problem in function fill_members with calling sss_fqname with different domains. This patch also changes name of subdomain to prevent such problems in future. Reviewed-by: Pavel Reichl <preichl@redhat.com>
Diffstat (limited to 'src')
-rw-r--r--src/responder/nss/nsssrv_cmd.c3
-rw-r--r--src/tests/cmocka/test_nss_srv.c2
2 files changed, 3 insertions, 2 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index bf578f394..560578428 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -2498,7 +2498,8 @@ static int fill_members(struct sss_packet *packet,
}
if (add_domain) {
- nlen = sss_fqname(NULL, 0, dom->names, dom, name.str);
+ nlen = sss_fqname(NULL, 0, member_dom->names, member_dom,
+ name.str);
if (nlen >= 0) {
nlen += 1;
} else {
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index e7d6540cc..644468dbb 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -37,7 +37,7 @@
#define TEST_CONF_DB "test_nss_conf.ldb"
#define TEST_DOM_NAME "nss_test"
#define TEST_SYSDB_FILE "cache_"TEST_DOM_NAME".ldb"
-#define TEST_SUBDOM_NAME "test.sub"
+#define TEST_SUBDOM_NAME "test.subdomain"
#define TEST_ID_PROVIDER "ldap"
struct nss_test_ctx {