From fec23cc7cf28fbdac37e3413c5c9b5115d1e01b6 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 13 Jun 2016 12:06:39 +0200 Subject: KRB5: Rely on internal fqname when constructing UPNs Because internally, we use the same name for all users and groups regardless of the domain they belong to, we can parse the username from the qualified name in a simpler manner. Reviewed-by: Sumit Bose --- src/providers/krb5/krb5_common.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 5f6173179..208a003e0 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -1040,28 +1040,27 @@ errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, } } - /* Subdomains already have a fully qualified name, which contains - * the domain name. We need to replace it with the realm name + /* The internal username is qualified, but we are only interested in + * the name part */ - ret = sss_parse_name(tmp_ctx, dom->names, username, NULL, &name); + ret = sss_parse_internal_fqname(tmp_ctx, username, &name, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Could not parse [%s] into name and " - "domain components, login might fail\n", username); - name = discard_const(username); + "domain components, login might fail\n", username); + upn = talloc_strdup(tmp_ctx, username); + } else { + /* NOTE: this is a hack, works only in some environments */ + upn = talloc_asprintf(tmp_ctx, "%s@%s", + name, realm != NULL ? realm : uc_dom); } - /* NOTE: this is a hack, works only in some environments */ - upn = talloc_asprintf(tmp_ctx, "%s@%s", name, - realm != NULL ? realm : uc_dom); if (upn == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } DEBUG(SSSDBG_TRACE_ALL, "Using simple UPN [%s].\n", upn); - *_upn = talloc_steal(mem_ctx, upn); ret = EOK; done: -- cgit