diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-02 17:54:46 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-03 17:36:03 +0100 |
commit | afadeb1a530ff010a2f9a7552562576b843c874b (patch) | |
tree | 0c37a4464eb460268497b231f43c2b02840b989d /src/providers | |
parent | c99bcc91e58988ff37403d362d4322469413c2ff (diff) | |
download | sssd-afadeb1a530ff010a2f9a7552562576b843c874b.tar.gz sssd-afadeb1a530ff010a2f9a7552562576b843c874b.tar.xz sssd-afadeb1a530ff010a2f9a7552562576b843c874b.zip |
SYSDB: When searching for UPNs, search either the whole DB or only the given domain
The search-by-UPN functions always searched for the whole domain. In
some cases, the caller depends on the result coming from the domain
specified by the 'domain' parameter. This is the case in the cache_req
code at least. Even though it should be safe to just switch to always
searching the whole domain, in order to allow us to examine the code
carefully and test each codepath, let's introduce a boolean option to
the search functions. Currently it defaults to false in all codepaths
and as we test the individual ones, we can flip the option to true until
we finally remove the option altogether.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ad/ad_pac.c | 2 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains_id.c | 2 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id.c | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/src/providers/ad/ad_pac.c b/src/providers/ad/ad_pac.c index 1fd7fd289..deade5e1c 100644 --- a/src/providers/ad/ad_pac.c +++ b/src/providers/ad/ad_pac.c @@ -51,7 +51,7 @@ static errno_t find_user_entry(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, } if (ar->extra_value && strcmp(ar->extra_value, EXTRA_NAME_IS_UPN) == 0) { - ret = sysdb_search_user_by_upn(tmp_ctx, dom, ar->filter_value, + ret = sysdb_search_user_by_upn(tmp_ctx, dom, false, ar->filter_value, user_attrs, &msg); } else { switch (ar->filter_type) { diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 0d74e203d..4b639f427 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -1051,7 +1051,7 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, case BE_REQ_USER_AND_GROUP: if (ar->extra_value && strcmp(ar->extra_value, EXTRA_NAME_IS_UPN) == 0) { - ret = sysdb_search_user_by_upn(mem_ctx, dom, ar->filter_value, + ret = sysdb_search_user_by_upn(mem_ctx, dom, false, ar->filter_value, attrs, &msg); } else { ret = sysdb_search_user_by_name(mem_ctx, dom, ar->filter_value, diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 70300e659..e9455b538 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -526,7 +526,7 @@ static void users_get_done(struct tevent_req *subreq) return; case BE_FILTER_NAME: if (state->name_is_upn == true) { - ret = sysdb_search_user_by_upn(state, state->domain, + ret = sysdb_search_user_by_upn(state, state->domain, false, state->filter_value, NULL, &msg); if (ret != EOK) { |