From 5475aa2616eda5ceaa1875610f9d9ce8c239b5cd Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 5 Apr 2016 18:07:55 +0200 Subject: LDAP: Convert RFC2307 member attribute values to FQDN-style ghostnames before acting on them Ghostnames must be qualified as well, same as all other name attributes across SSSD. The ghost names are used by the NSS responder during getgr* output and the domain name parsed from the name is used in the output. Reviewed-by: Sumit Bose --- src/providers/ldap/sdap_async_groups.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index d13863a1e..5edcd3af7 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1566,16 +1566,26 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state, struct ldb_message_element *ghostel) { struct ldb_message *msg; + char *member_attr_val; char *member_name; char *userdn; int ret; int i; for (i=0; i < memberel->num_values; i++) { - member_name = (char *)memberel->values[i].data; + member_attr_val = (char *)memberel->values[i].data; /* We need to skip over zero-length usernames */ - if (member_name[0] == '\0') continue; + if (member_attr_val[0] == '\0') continue; + + /* RFC2307 stores members as plain usernames in the member attribute. + * Internally, we use fqdns in the cache.. + */ + member_name = sss_create_internal_fqname(state, member_attr_val, + state->dom->name); + if (member_name == NULL) { + return ENOMEM; + } ret = sysdb_search_user_by_name(state, state->dom, member_name, NULL, &msg); -- cgit