diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-06-25 12:53:04 +0200 |
|---|---|---|
| committer | Sumit Bose <sbose@redhat.com> | 2015-07-17 19:22:14 +0200 |
| commit | 8965cb9cb71d0ce0382a82afd07c5fa44fec444d (patch) | |
| tree | f2eef2364e8ebb45fa84e1cf185cf55ca97c994f | |
| parent | 9c1c626080093b5ee93e6f801ae44139cf0ad097 (diff) | |
| download | sssd-8965cb9cb71d0ce0382a82afd07c5fa44fec444d.tar.gz sssd-8965cb9cb71d0ce0382a82afd07c5fa44fec444d.tar.xz sssd-8965cb9cb71d0ce0382a82afd07c5fa44fec444d.zip | |
UPN sub-domain fix
| -rw-r--r-- | src/providers/ipa/ipa_subdomains_id.c | 61 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 24 | ||||
| -rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 6 |
3 files changed, 63 insertions, 28 deletions
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 610b1c58b..1e1ade93b 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -905,6 +905,7 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, SYSDB_HOMEDIR, NULL }; char *name; + char *clean_name; if (ar->filter_type == BE_FILTER_SECID) { ret = sysdb_search_object_by_sid(mem_ctx, dom, ar->filter_value, attrs, @@ -977,32 +978,46 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, goto done; } } else if (ar->filter_type == BE_FILTER_NAME) { - name = sss_get_domain_name(mem_ctx, ar->filter_value, dom); - if (name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sss_get_domain_name failed\n"); - ret = ENOMEM; - goto done; - } + if (ar->extra_value != NULL + && strcmp(ar->extra_value, EXTRA_NAME_IS_UPN) == 0) { + ret = sss_filter_sanitize(mem_ctx, ar->filter_value, &clean_name); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sss_filter_sanitize failed.\n"); + goto done; + } + ret = sysdb_search_user_by_upn(mem_ctx, dom, clean_name, + attrs, &msg); + talloc_free(clean_name); + } else { + name = sss_get_domain_name(mem_ctx, ar->filter_value, dom); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "sss_get_domain_name failed\n"); + ret = ENOMEM; + goto done; + } - switch (ar->entry_type & BE_REQ_TYPE_MASK) { - case BE_REQ_GROUP: - ret = sysdb_search_group_by_name(mem_ctx, dom, name, attrs, &msg); - break; - case BE_REQ_INITGROUPS: - case BE_REQ_USER: - case BE_REQ_USER_AND_GROUP: - ret = sysdb_search_user_by_name(mem_ctx, dom, name, attrs, &msg); - if (ret == ENOENT && (ar->entry_type & BE_REQ_TYPE_MASK) + switch (ar->entry_type & BE_REQ_TYPE_MASK) { + case BE_REQ_GROUP: + ret = sysdb_search_group_by_name(mem_ctx, dom, name, attrs, + &msg); + break; + case BE_REQ_INITGROUPS: + case BE_REQ_USER: + case BE_REQ_USER_AND_GROUP: + ret = sysdb_search_user_by_name(mem_ctx, dom, name, attrs, + &msg); + if (ret == ENOENT && (ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_USER_AND_GROUP) { - ret = sysdb_search_group_by_name(mem_ctx, dom, name, - attrs, &msg); + ret = sysdb_search_group_by_name(mem_ctx, dom, name, + attrs, &msg); + } + break; + default: + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected entry type [%d].\n", + (ar->entry_type & BE_REQ_TYPE_MASK)); + ret = EINVAL; + goto done; } - break; - default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected entry type [%d].\n", - (ar->entry_type & BE_REQ_TYPE_MASK)); - ret = EINVAL; - goto done; } } else { DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected filter type.\n"); diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index b3998015f..1edaef968 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -894,7 +894,11 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx) name, dom->name); /* if a multidomain search, try with next */ if (cmdctx->check_next) { - dom = get_next_domain(dom, false); + if (cmdctx->name_is_upn) { + dom = get_next_domain(dom, true); + } else { + dom = get_next_domain(dom, false); + } continue; } /* There are no further domains or this was a @@ -969,7 +973,11 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx) /* if a multidomain search, try with next */ if (cmdctx->check_next) { - dom = get_next_domain(dom, false); + if (cmdctx->name_is_upn) { + dom = get_next_domain(dom, true); + } else { + dom = get_next_domain(dom, false); + } if (dom) continue; } @@ -4156,7 +4164,11 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) name, dom->name); /* if a multidomain search, try with next */ if (cmdctx->check_next) { - dom = get_next_domain(dom, false); + if (cmdctx->name_is_upn) { + dom = get_next_domain(dom, true); + } else { + dom = get_next_domain(dom, false); + } continue; } /* There are no further domains or this was a @@ -4230,7 +4242,11 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) /* if a multidomain search, try with next */ if (cmdctx->check_next) { - dom = get_next_domain(dom, false); + if (cmdctx->name_is_upn) { + dom = get_next_domain(dom, true); + } else { + dom = get_next_domain(dom, false); + } if (dom) continue; } diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 318104059..37b385cb3 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1484,7 +1484,11 @@ static int pam_check_user_search(struct pam_auth_req *preq) /* if a multidomain search, try with next */ if (!preq->pd->domain) { - dom = get_next_domain(dom, false); + if (preq->pd->name_is_upn) { + dom = get_next_domain(dom, true); + } else { + dom = get_next_domain(dom, false); + } continue; } |