diff options
| author | Sumit Bose <sbose@redhat.com> | 2016-07-22 17:35:43 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-07-29 14:44:38 +0200 |
| commit | 530458a4ef7cd8429d1db2f3dfae92d9c44e38ef (patch) | |
| tree | bed6b6279704e18aebbc2e1d712a6ff6fb264253 /src/providers/ipa | |
| parent | 1594701fbdc341069e11cff9a85e7a795e52db3d (diff) | |
| download | sssd-530458a4ef7cd8429d1db2f3dfae92d9c44e38ef.tar.gz sssd-530458a4ef7cd8429d1db2f3dfae92d9c44e38ef.tar.xz sssd-530458a4ef7cd8429d1db2f3dfae92d9c44e38ef.zip | |
IPA: fix lookup by UPN for subdomains
Currently the user name used in the extdom exop request is
unconditionally set to the short name. While this is correct for the
general name based lookups it breaks UPN/email based lookups where the
name part after the @-sign might not match to domain name. I guess this
was introduce during the sysdb refactoring.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ipa')
| -rw-r--r-- | src/providers/ipa/ipa_subdomains_id.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 7c5deab34..76fdaa8a1 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -344,6 +344,7 @@ struct ipa_get_subdom_acct { int entry_type; const char *filter; int filter_type; + const char *extra_value; bool use_pac; struct ldb_message *user_msg; @@ -393,6 +394,7 @@ struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx, state->entry_type = (ar->entry_type & BE_REQ_TYPE_MASK); state->filter = ar->filter_value; state->filter_type = ar->filter_type; + state->extra_value = ar->extra_value; switch (state->entry_type) { case BE_REQ_USER: @@ -499,10 +501,16 @@ static void ipa_get_subdom_acct_connected(struct tevent_req *subreq) switch (state->filter_type) { case BE_FILTER_NAME: req_input->type = REQ_INP_NAME; - /* The extdom plugin expects the shortname and domain separately */ - ret = sss_parse_internal_fqname(req_input, state->filter, - &shortname, NULL); - req_input->inp.name = talloc_steal(req_input, shortname); + /* The extdom plugin expects the shortname and domain separately, + * but for UPN/email lookup we need to send the raw name */ + if (state->extra_value != NULL + && strcmp(state->extra_value, EXTRA_NAME_IS_UPN) == 0) { + req_input->inp.name = talloc_strdup(req_input, state->filter); + } else { + ret = sss_parse_internal_fqname(req_input, state->filter, + &shortname, NULL); + req_input->inp.name = talloc_steal(req_input, shortname); + } if (req_input->inp.name == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); tevent_req_error(req, ENOMEM); |