diff options
Diffstat (limited to 'src/providers/ipa')
-rw-r--r-- | src/providers/ipa/ipa_auth.c | 16 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_common.c | 10 | ||||
-rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 47 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains_id.c | 14 |
4 files changed, 62 insertions, 25 deletions
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index b1bfa3ffe..cfbead882 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -332,6 +332,14 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) int dp_err = DP_ERR_FATAL; int ret; int auth_timeout; + char *name; + TALLOC_CTX *tmpctx; + + tmpctx = talloc_new(NULL); + if (tmpctx == NULL) { + ret = ENOMEM; + goto done; + } ret = sdap_cli_connect_recv(req, state, NULL, &state->sh, NULL); talloc_zfree(req); @@ -355,7 +363,13 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) attrs[0] = SYSDB_ORIG_DN; attrs[1] = NULL; - ret = sysdb_search_user_by_name(state, be_ctx->domain, state->pd->user, + name = sss_ioname2internal(tmpctx, be_ctx->domain, state->pd->user); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_search_user_by_name(state, be_ctx->domain, name, attrs, &user_msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_name failed.\n"); diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 72a620ef0..9285a79dc 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -402,7 +402,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *username, + const char *pd_username, struct hbac_request_element **user_element); static errno_t @@ -506,7 +506,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *username, + const char *pd_username, struct hbac_request_element **user_element) { errno_t ret; @@ -528,7 +528,11 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, goto done; } - users->name = username; + users->name = sss_ioname2internal(tmp_ctx, domain, pd_username); + if (users->name == NULL) { + ret = ENOMEM; + goto done; + } /* Read the originalMemberOf attribute * This will give us the list of both POSIX and diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 1d233cd52..7bce94a63 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -1361,7 +1361,7 @@ done: static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - size_t ngroups, char **groups, + size_t ngroups, char **fq_groups, struct ldb_dn ***_dn_list, char ***_missing_groups) { @@ -1393,14 +1393,14 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, parent_domain = (dom->parent == NULL) ? dom : dom->parent; for (c = 0; c < ngroups; c++) { - obj_domain = find_domain_by_object_name(parent_domain, groups[c]); + obj_domain = find_domain_by_object_name(parent_domain, fq_groups[c]); if (obj_domain == NULL) { DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_object_name failed.\n"); ret = ENOMEM; goto done; } - ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, groups[c], NULL, + ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, fq_groups[c], NULL, &msg); if (ret == EOK) { dn_list[n_dns] = ldb_dn_copy(dn_list, msg->dn); @@ -1412,7 +1412,7 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, n_dns++; } else if (ret == ENOENT) { missing_groups[n_missing] = talloc_strdup(missing_groups, - groups[c]); + fq_groups[c]); if (missing_groups[n_missing] == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; @@ -1868,9 +1868,19 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, } if (name == NULL) { - /* we always use the fully qualified name for subdomain users */ - name = sss_tc_fqname(tmp_ctx, dom->names, dom, - attrs->a.user.pw_name); + char *domname; + char *shortname; + ret = sss_parse_name(tmp_ctx, dom->names, + attrs->a.user.pw_name, + &domname, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse user name.\n"); + goto done; + } + + name = sss_create_internal_fqname(tmp_ctx, shortname, + domname ? domname + : dom->name); if (!name) { DEBUG(SSSDBG_OP_FAILURE, "failed to format user name.\n"); ret = ENOMEM; @@ -2129,18 +2139,27 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, type = SYSDB_MEMBER_GROUP; if (name == NULL) { - name = attrs->a.group.gr_name; - } + char *domname; + char *shortname; + ret = sss_parse_name(tmp_ctx, dom->names, + attrs->a.group.gr_name, + &domname, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse group name.\n"); + goto done; + } - if (IS_SUBDOMAIN(dom)) { - /* we always use the fully qualified name for subdomain users */ - name = sss_get_domain_name(tmp_ctx, name, dom); - if (!name) { - DEBUG(SSSDBG_OP_FAILURE, "failed to format user name,\n"); + name = sss_create_internal_fqname(tmp_ctx, shortname, + domname ? domname + : dom->name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to format group name.\n"); ret = ENOMEM; goto done; } } + DEBUG(SSSDBG_TRACE_FUNC, "Processing group %s\n", name); ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs, name); diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 472985d4a..5e6a4e9d4 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -913,7 +913,7 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, SYSDB_GHOST, SYSDB_HOMEDIR, NULL }; - char *name; + char *fq_name; if (ar->filter_type == BE_FILTER_SECID) { ret = sysdb_search_object_by_sid(mem_ctx, dom, ar->filter_value, attrs, @@ -986,24 +986,24 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, goto done; } } else if (ar->filter_type == BE_FILTER_NAME) { - name = sss_get_domain_name(mem_ctx, ar->filter_value, dom); - if (name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sss_get_domain_name failed\n"); + /* is ar->filter_value already internal fq name? */ + fq_name = sss_ioname2internal(mem_ctx, dom, ar->filter_value); + if (fq_name == NULL) { ret = ENOMEM; goto done; } switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_GROUP: - ret = sysdb_search_group_by_name(mem_ctx, dom, name, attrs, &msg); + ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name, attrs, &msg); break; case BE_REQ_INITGROUPS: case BE_REQ_USER: case BE_REQ_USER_AND_GROUP: - ret = sysdb_search_user_by_name(mem_ctx, dom, name, attrs, &msg); + ret = sysdb_search_user_by_name(mem_ctx, dom, fq_name, attrs, &msg); if (ret == ENOENT && (ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_USER_AND_GROUP) { - ret = sysdb_search_group_by_name(mem_ctx, dom, name, + ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name, attrs, &msg); } break; |