diff options
| -rw-r--r-- | src/providers/ipa/ipa_selinux.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 531258dac..c4e70cfcb 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -812,6 +812,7 @@ selinux_child_setup(TALLOC_CTX *mem_ctx, char *ptr; char *username; char *username_final; + char *domain_name = NULL; TALLOC_CTX *tmp_ctx; struct selinux_child_input *sci; @@ -849,10 +850,22 @@ selinux_child_setup(TALLOC_CTX *mem_ctx, } if (dom->fqnames) { - username_final = talloc_asprintf(tmp_ctx, dom->names->fq_fmt, - username, dom->name); - if (username_final == NULL) { - ret = ENOMEM; + ret = sss_parse_name(tmp_ctx, dom->names, username, &domain_name, + NULL); + if (ret == EOK && domain_name != NULL) { + /* username is already a fully qualified name */ + username_final = username; + } else if ((ret == EOK && domain_name == NULL) + || ret == ERR_REGEX_NOMATCH) { + username_final = talloc_asprintf(tmp_ctx, dom->names->fq_fmt, + username, dom->name); + if (username_final == NULL) { + ret = ENOMEM; + goto done; + } + } else { + DEBUG(SSSDBG_OP_FAILURE, + "sss_parse_name failed: [%d] %s", ret, sss_strerror(ret)); goto done; } } else { |