NSS: Fix domain for UPN based lookups

Since sysdb_search_user_by_upn() searches the whole cache we have to set the domain so that it matches the result. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Sumit Bose <sbose@redhat.com> 2016-06-29 14:02:02 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2016-07-07 10:26:06 +0200
commit: f426a8b81a871188348b41aa52803a05bc3a02de (patch)
tree: 28dca521bfdee1794b4c628cf4b61e39631afa2a
parent: 2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034 (diff)
download: sssd-f426a8b81a871188348b41aa52803a05bc3a02de.tar.gz
sssd-f426a8b81a871188348b41aa52803a05bc3a02de.tar.xz
sssd-f426a8b81a871188348b41aa52803a05bc3a02de.zip
1 files changed, 29 insertions, 0 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 700998974..1ae179696 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -1000,6 +1000,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
     static const char *user_attrs[] = SYSDB_PW_ATTRS;
     struct ldb_message *msg;
     const char *extra_flag = NULL;
+    const char *sysdb_name;
 
     nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
 
@@ -1088,6 +1089,23 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
                 }
 
                 dctx->res->msgs[0] = talloc_steal(dctx->res->msgs, msg);
+
+                /* Since sysdb_search_user_by_upn() searches the whole cache we
+                 * have to set the domain so that it matches the result. */
+                sysdb_name = ldb_msg_find_attr_as_string(dctx->res->msgs[0],
+                                                         SYSDB_NAME, NULL);
+                if (sysdb_name == NULL) {
+                    DEBUG(SSSDBG_CRIT_FAILURE, "Cached entry has no name.\n");
+                    return EINVAL;
+                }
+                dctx->domain = find_domain_by_object_name(get_domains_head(dom),
+                                                          sysdb_name);
+                if (dctx->domain == NULL) {
+                    DEBUG(SSSDBG_CRIT_FAILURE,
+                          "Cannot find matching domain for [%s].\n",
+                          sysdb_name);
+                    return EINVAL;
+                }
             }
         } else {
             ret = sysdb_getpwnam_with_views(cmdctx, dom, name, &dctx->res);
@@ -4283,6 +4301,17 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
                     return EINVAL;
                 }
 
+                /* Since sysdb_search_user_by_upn() searches the whole cache we
+                 * have to set the domain so that it matches the result. */
+                dctx->domain = find_domain_by_object_name(get_domains_head(dom),
+                                                          sysdb_name);
+                if (dctx->domain == NULL) {
+                    DEBUG(SSSDBG_CRIT_FAILURE,
+                          "Cannot find matching domain for [%s].\n",
+                          sysdb_name);
+                    return EINVAL;
+                }
+
                 ret = sysdb_initgroups(cmdctx, dom, sysdb_name, &dctx->res);
                 if (ret == EOK && DOM_HAS_VIEWS(dom)) {
                     for (c = 0; c < dctx->res->count; c++) {
author	Sumit Bose <sbose@redhat.com>	2016-06-29 14:02:02 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2016-07-07 10:26:06 +0200
commit	f426a8b81a871188348b41aa52803a05bc3a02de (patch)
tree	28dca521bfdee1794b4c628cf4b61e39631afa2a
parent	2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034 (diff)
download	sssd-f426a8b81a871188348b41aa52803a05bc3a02de.tar.gz sssd-f426a8b81a871188348b41aa52803a05bc3a02de.tar.xz sssd-f426a8b81a871188348b41aa52803a05bc3a02de.zip