SDAP: Save user and group aliases qualified

When saving users or groups, qualify their names. Otherwise (currently
netgroups), store a plain username.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

5 files changed, 30 insertions, 8 deletions

diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 8a14395ef..aeeebe250 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -310,6 +310,7 @@ errno_t
 sdap_save_all_names(const char *name,
                     struct sysdb_attrs *ldap_attrs,
                     struct sss_domain_info *dom,
+                    enum sysdb_member_type entry_type,
                     struct sysdb_attrs *attrs);
 
 struct tevent_req *
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 86f0a7d6e..d13863a1e 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -739,7 +739,8 @@ static int sdap_save_group(TALLOC_CTX *memctx,
         goto done;
     }
 
-    ret = sdap_save_all_names(group_name, attrs, dom, group_attrs);
+    ret = sdap_save_all_names(group_name, attrs, dom,
+                              SYSDB_MEMBER_GROUP, group_attrs);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save group names\n");
         goto done;
@@ -2583,6 +2584,7 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,
             key.type = HASH_KEY_STRING;
             key.str = talloc_steal(ghosts, discard_const(original_dn));
             value.type = HASH_VALUE_PTR;
+            /* Already qualified from sdap_get_user_primary_name() */
             value.ptr = talloc_steal(ghosts, discard_const(username));
             ret = hash_enter(ghosts, &key, &value);
             if (ret != HASH_SUCCESS) {
diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index ae8e56b3c..df233d956 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -121,7 +121,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
 
     DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name);
 
-    ret = sdap_save_all_names(name, attrs, dom,
+    ret = sdap_save_all_names(name, attrs, dom, SYSDB_MEMBER_NETGROUP,
                               netgroup_attrs);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save netgroup names\n");
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index c74d2aa8a..e44c045b3 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -467,7 +467,8 @@ int sdap_save_user(TALLOC_CTX *memctx,
 
     cache_timeout = dom->user_timeout;
 
-    ret = sdap_save_all_names(user_name, attrs, dom, user_attrs);
+    ret = sdap_save_all_names(user_name, attrs, dom,
+                              SYSDB_MEMBER_USER, user_attrs);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save user names\n");
         goto done;
diff --git a/src/providers/ldap/sdap_utils.c b/src/providers/ldap/sdap_utils.c
index 347206c21..696af51d6 100644
--- a/src/providers/ldap/sdap_utils.c
+++ b/src/providers/ldap/sdap_utils.c
@@ -77,14 +77,26 @@ errno_t
 sdap_save_all_names(const char *name,
                     struct sysdb_attrs *ldap_attrs,
                     struct sss_domain_info *dom,
+                    enum sysdb_member_type entry_type,
                     struct sysdb_attrs *attrs)
 {
     const char **aliases = NULL;
-    const char *domname;
+    const char *sysdb_alias;
     errno_t ret;
     TALLOC_CTX *tmp_ctx;
     int i;
     bool lowercase = !dom->case_sensitive;
+    bool store_as_fqdn;
+
+    switch (entry_type) {
+    case SYSDB_MEMBER_USER:
+    case SYSDB_MEMBER_GROUP:
+        store_as_fqdn = true;
+        break;
+    default:
+        store_as_fqdn = false;
+        break;
+    }
 
     tmp_ctx = talloc_new(NULL);
     if (!tmp_ctx) {
@@ -100,14 +112,20 @@ sdap_save_all_names(const char *name,
     }
 
     for (i = 0; aliases[i]; i++) {
-        domname = sss_get_domain_name(tmp_ctx, aliases[i], dom);
-        if (domname == NULL) {
+        if (store_as_fqdn) {
+            sysdb_alias = sss_create_internal_fqname(tmp_ctx, aliases[i],
+                                                 dom->name);
+        } else {
+            sysdb_alias = aliases[i];
+        }
+
+        if (sysdb_alias == NULL) {
             ret = ENOMEM;
             goto done;
         }
 
         if (lowercase) {
-            ret = sysdb_attrs_add_lc_name_alias(attrs, domname);
+            ret = sysdb_attrs_add_lc_name_alias(attrs, sysdb_alias);
             if (ret) {
                 DEBUG(SSSDBG_OP_FAILURE, "Failed to add lower-cased version "
                                           "of alias [%s] into the "
@@ -115,7 +133,7 @@ sdap_save_all_names(const char *name,
                 goto done;
             }
         } else {
-            ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, domname);
+            ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, sysdb_alias);
             if (ret) {
                 DEBUG(SSSDBG_OP_FAILURE, "Failed to add alias [%s] into the "
                                           "attribute list\n", aliases[i]);