summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_auth.c16
-rw-r--r--src/providers/ipa/ipa_hbac_common.c10
-rw-r--r--src/providers/ipa/ipa_s2n_exop.c47
-rw-r--r--src/providers/ipa/ipa_subdomains_id.c14
4 files changed, 62 insertions, 25 deletions
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c
index b1bfa3ffe..cfbead882 100644
--- a/src/providers/ipa/ipa_auth.c
+++ b/src/providers/ipa/ipa_auth.c
@@ -332,6 +332,14 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req)
int dp_err = DP_ERR_FATAL;
int ret;
int auth_timeout;
+ char *name;
+ TALLOC_CTX *tmpctx;
+
+ tmpctx = talloc_new(NULL);
+ if (tmpctx == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
ret = sdap_cli_connect_recv(req, state, NULL, &state->sh, NULL);
talloc_zfree(req);
@@ -355,7 +363,13 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req)
attrs[0] = SYSDB_ORIG_DN;
attrs[1] = NULL;
- ret = sysdb_search_user_by_name(state, be_ctx->domain, state->pd->user,
+ name = sss_ioname2internal(tmpctx, be_ctx->domain, state->pd->user);
+ if (name == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = sysdb_search_user_by_name(state, be_ctx->domain, name,
attrs, &user_msg);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_name failed.\n");
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c
index 72a620ef0..9285a79dc 100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -402,7 +402,7 @@ done:
static errno_t
hbac_eval_user_element(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
- const char *username,
+ const char *pd_username,
struct hbac_request_element **user_element);
static errno_t
@@ -506,7 +506,7 @@ done:
static errno_t
hbac_eval_user_element(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
- const char *username,
+ const char *pd_username,
struct hbac_request_element **user_element)
{
errno_t ret;
@@ -528,7 +528,11 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx,
goto done;
}
- users->name = username;
+ users->name = sss_ioname2internal(tmp_ctx, domain, pd_username);
+ if (users->name == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
/* Read the originalMemberOf attribute
* This will give us the list of both POSIX and
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index 1d233cd52..7bce94a63 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -1361,7 +1361,7 @@ done:
static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom,
- size_t ngroups, char **groups,
+ size_t ngroups, char **fq_groups,
struct ldb_dn ***_dn_list,
char ***_missing_groups)
{
@@ -1393,14 +1393,14 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx,
parent_domain = (dom->parent == NULL) ? dom : dom->parent;
for (c = 0; c < ngroups; c++) {
- obj_domain = find_domain_by_object_name(parent_domain, groups[c]);
+ obj_domain = find_domain_by_object_name(parent_domain, fq_groups[c]);
if (obj_domain == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_object_name failed.\n");
ret = ENOMEM;
goto done;
}
- ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, groups[c], NULL,
+ ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, fq_groups[c], NULL,
&msg);
if (ret == EOK) {
dn_list[n_dns] = ldb_dn_copy(dn_list, msg->dn);
@@ -1412,7 +1412,7 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx,
n_dns++;
} else if (ret == ENOENT) {
missing_groups[n_missing] = talloc_strdup(missing_groups,
- groups[c]);
+ fq_groups[c]);
if (missing_groups[n_missing] == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
ret = ENOMEM;
@@ -1868,9 +1868,19 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
}
if (name == NULL) {
- /* we always use the fully qualified name for subdomain users */
- name = sss_tc_fqname(tmp_ctx, dom->names, dom,
- attrs->a.user.pw_name);
+ char *domname;
+ char *shortname;
+ ret = sss_parse_name(tmp_ctx, dom->names,
+ attrs->a.user.pw_name,
+ &domname, &shortname);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "failed to parse user name.\n");
+ goto done;
+ }
+
+ name = sss_create_internal_fqname(tmp_ctx, shortname,
+ domname ? domname
+ : dom->name);
if (!name) {
DEBUG(SSSDBG_OP_FAILURE, "failed to format user name.\n");
ret = ENOMEM;
@@ -2129,18 +2139,27 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
type = SYSDB_MEMBER_GROUP;
if (name == NULL) {
- name = attrs->a.group.gr_name;
- }
+ char *domname;
+ char *shortname;
+ ret = sss_parse_name(tmp_ctx, dom->names,
+ attrs->a.group.gr_name,
+ &domname, &shortname);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "failed to parse group name.\n");
+ goto done;
+ }
- if (IS_SUBDOMAIN(dom)) {
- /* we always use the fully qualified name for subdomain users */
- name = sss_get_domain_name(tmp_ctx, name, dom);
- if (!name) {
- DEBUG(SSSDBG_OP_FAILURE, "failed to format user name,\n");
+ name = sss_create_internal_fqname(tmp_ctx, shortname,
+ domname ? domname
+ : dom->name);
+ if (name == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to format group name.\n");
ret = ENOMEM;
goto done;
}
}
+
DEBUG(SSSDBG_TRACE_FUNC, "Processing group %s\n", name);
ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs, name);
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
index 472985d4a..5e6a4e9d4 100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -913,7 +913,7 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx,
SYSDB_GHOST,
SYSDB_HOMEDIR,
NULL };
- char *name;
+ char *fq_name;
if (ar->filter_type == BE_FILTER_SECID) {
ret = sysdb_search_object_by_sid(mem_ctx, dom, ar->filter_value, attrs,
@@ -986,24 +986,24 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx,
goto done;
}
} else if (ar->filter_type == BE_FILTER_NAME) {
- name = sss_get_domain_name(mem_ctx, ar->filter_value, dom);
- if (name == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "sss_get_domain_name failed\n");
+ /* is ar->filter_value already internal fq name? */
+ fq_name = sss_ioname2internal(mem_ctx, dom, ar->filter_value);
+ if (fq_name == NULL) {
ret = ENOMEM;
goto done;
}
switch (ar->entry_type & BE_REQ_TYPE_MASK) {
case BE_REQ_GROUP:
- ret = sysdb_search_group_by_name(mem_ctx, dom, name, attrs, &msg);
+ ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name, attrs, &msg);
break;
case BE_REQ_INITGROUPS:
case BE_REQ_USER:
case BE_REQ_USER_AND_GROUP:
- ret = sysdb_search_user_by_name(mem_ctx, dom, name, attrs, &msg);
+ ret = sysdb_search_user_by_name(mem_ctx, dom, fq_name, attrs, &msg);
if (ret == ENOENT && (ar->entry_type & BE_REQ_TYPE_MASK)
== BE_REQ_USER_AND_GROUP) {
- ret = sysdb_search_group_by_name(mem_ctx, dom, name,
+ ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name,
attrs, &msg);
}
break;
generated by cgit (git 2.34.1) at 2024-05-19 07:48:16 +0000