diff options
author | Fabiano FidĂȘncio <fidencio@redhat.com> | 2017-06-19 09:05:00 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-06-21 11:28:08 +0200 |
commit | 86526891366c4bc3e1ee861143b736d2670a6ba8 (patch) | |
tree | 8adb299e99742a0416e135ebe06dc6ed0f5b214e /src/db | |
parent | 7c0402b85627587bcac004d4bfdbf181bbae8549 (diff) | |
download | sssd-86526891366c4bc3e1ee861143b736d2670a6ba8.tar.gz sssd-86526891366c4bc3e1ee861143b736d2670a6ba8.tar.xz sssd-86526891366c4bc3e1ee861143b736d2670a6ba8.zip |
RESPONDER: Use fqnames as output when needed
As some regressions have been caused by not handling properly naming
conflicts when using shortnames, last explicitly use fully qualified
names as output in the following situations:
- domain resolution order is set;
- a trusted domain has been using `use_fully_qualified_name = false`
In both cases we want to ensure that even handling shortnames as input,
the output will always be fully qualified.
As part of this patch, our tests ended up being modified to reflect the
changes done. In other words, the tests related to shortnames now return
expect as return a fully qualified name for trusted domains.
Resolves:
https://pagure.io/SSSD/sssd/issue/3403
Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/db')
-rw-r--r-- | src/db/sysdb_subdomains.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index e2a4f7bb1..2789cc494 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -129,6 +129,13 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, dom->mpg = mpg; dom->state = DOM_ACTIVE; + /* use fully qualified names as output in order to avoid causing + * conflicts with users who have the same name and either the + * shortname user resolution is enabled or the trusted domain has + * been explicitly set to use non-fully qualified names as input. + */ + dom->output_fqnames = true; + /* If the parent domain filters out group members, the subdomain should * as well if configured */ inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS, |