diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2016-04-08 16:38:47 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-07-07 10:26:51 +0200 |
| commit | 73ead5bb50130663668ded57822d9850b2dc2fff (patch) | |
| tree | 3020b447461c789fbcbc9a88ef3d2eacfd5bf349 | |
| parent | c03214d427ea43e7bf8255ccc79faa905c89f7f6 (diff) | |
| download | sssd-73ead5bb50130663668ded57822d9850b2dc2fff.tar.gz sssd-73ead5bb50130663668ded57822d9850b2dc2fff.tar.xz sssd-73ead5bb50130663668ded57822d9850b2dc2fff.zip | |
LDAP: Use fqdns during nested RFC2307 initgroups
All user and group names are already qualified at this point, so let's
remove the special case that stored users from trusted domains
qualified.
Reviewed-by: Sumit Bose <sbose@redhat.com>
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 22 |
1 files changed, 3 insertions, 19 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index b4000f3b4..39399fa14 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -636,7 +636,7 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, if (!tmp_ctx) return ENOMEM; if (count > 0) { - ret = sysdb_attrs_primary_name_list(sysdb, tmp_ctx, + ret = sysdb_attrs_primary_fqdn_list(domain, tmp_ctx, groups, count, opts->group_map[SDAP_AT_GROUP_NAME].name, &groupnamelist); @@ -2112,8 +2112,6 @@ errno_t save_rfc2307bis_user_memberships( char **add_groups; char **del_groups; bool in_transaction = false; - size_t c; - char *tmp_str; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if(!tmp_ctx) { @@ -2141,28 +2139,14 @@ errno_t save_rfc2307bis_user_memberships( ldap_grouplist = NULL; } else { - ret = sysdb_attrs_primary_name_list( - state->sysdb, tmp_ctx, + ret = sysdb_attrs_primary_fqdn_list( + state->dom, tmp_ctx, state->direct_groups, state->num_direct_parents, state->opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_grouplist); if (ret != EOK) { goto error; } - - if (IS_SUBDOMAIN(state->dom)) { - for (c = 0; ldap_grouplist[c] != NULL; c++) { - tmp_str = sss_tc_fqname(ldap_grouplist, state->dom->names, - state->dom, ldap_grouplist[c]); - if (tmp_str == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sss_tc_fqname failed.\n"); - ret = ENOMEM; - goto error; - } - talloc_free(ldap_grouplist[c]); - ldap_grouplist[c] = tmp_str; - } - } } /* Find the differences between the sysdb and ldap lists |