diff options
Diffstat (limited to 'src/providers/ipa/ipa_s2n_exop.c')
-rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 54 |
1 files changed, 50 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 1a81c8609..8fc22819b 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -591,6 +591,9 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) uint64_t timeout = 10*60*60; /* FIXME: find a better timeout ! */ const char *homedir = NULL; struct sysdb_attrs *user_attrs = NULL; + char *name; + char *realm; + char *upn; ret = ipa_s2n_exop_recv(subreq, state, &result, &retoid, &retdata); talloc_zfree(subreq); @@ -640,21 +643,64 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) goto done; } - ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, - attrs->a.user.pw_name); + /* we always use the fully qualified name for subdomain users */ + name = talloc_asprintf(state, state->dom->names->fq_fmt, + attrs->a.user.pw_name, state->dom->name); + if (!name) { + DEBUG(SSSDBG_OP_FAILURE, ("failed to format user name.\n")); + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, name); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); + goto done; + } + + /* We also have to store a fake UPN here, because otherwise the + * krb5 child later won't be able to properly construct one as + * the username is fully qualified but the child doesn't have + * access to the regex to deconstruct it */ + /* FIXME: The real UPN is available from the PAC, we should get + * it from there. */ + realm = get_uppercase_realm(state, state->dom->name); + if (!realm) { + DEBUG(SSSDBG_OP_FAILURE, ("failed to get realm.\n")); + ret = ENOMEM; + goto done; + } + upn = talloc_asprintf(state, "%s@%s", + attrs->a.user.pw_name, realm); + if (!upn) { + DEBUG(SSSDBG_OP_FAILURE, ("failed to format UPN.\n")); + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, upn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } - ret = sysdb_store_domuser(state->dom, attrs->a.user.pw_name, NULL, + ret = sysdb_store_domuser(state->dom, name, NULL, attrs->a.user.pw_uid, 0, NULL, /* gecos */ homedir, NULL, user_attrs, NULL, timeout, now); break; case RESP_GROUP: - ret = sysdb_store_domgroup(state->dom, attrs->a.group.gr_name, + /* we always use the fully qualified name for subdomain users */ + name = talloc_asprintf(state, state->dom->names->fq_fmt, + attrs->a.group.gr_name, state->dom->name); + if (!name) { + DEBUG(SSSDBG_OP_FAILURE, ("failed to format user name,\n")); + ret = ENOMEM; + goto done; + } + + ret = sysdb_store_domgroup(state->dom, name, attrs->a.group.gr_gid, NULL, timeout, now); break; |