diff options
| author | Jan Zeleny <jzeleny@redhat.com> | 2012-06-15 14:19:34 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-06-21 17:03:02 -0400 |
| commit | 065771c9859df9c4137daa5187be3aa5633b3cd5 (patch) | |
| tree | d6dffe5599b5ef7717c25afdc394319e102d6144 /src/util | |
| parent | 4b0b0bc3f9c4966b9f1a7433803a37c36fcaf285 (diff) | |
| download | sssd-065771c9859df9c4137daa5187be3aa5633b3cd5.tar.gz sssd-065771c9859df9c4137daa5187be3aa5633b3cd5.tar.xz sssd-065771c9859df9c4137daa5187be3aa5633b3cd5.zip | |
Fix re_expression matching with subdomains
This patch fixes an issue which resulted in a need to initialize
responder with data from local domain, otherwise it would not correctly
detect requests for subdomains. Similar situation can occur if new
subdomain is added at runtime.
The solution is to ask for a list of subdomains in case there is a
candidate domain identified in the process of matching re_expressions
with given name.
Diffstat (limited to 'src/util')
| -rw-r--r-- | src/util/usertools.c | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/src/util/usertools.c b/src/util/usertools.c index 3b23b6a7..36641d49 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -230,9 +230,9 @@ int sss_parse_name_for_domains(TALLOC_CTX *memctx, struct sss_domain_info *dom, *match; char *rdomain, *rname; char *dmatch, *nmatch; - char *only_name = NULL; - bool only_name_seen = false; - bool only_name_mismatch = false; + char *candidate_name = NULL; + char *candidate_domain = NULL; + bool name_mismatch = false; TALLOC_CTX *tmp_ctx; int code; @@ -252,13 +252,11 @@ int sss_parse_name_for_domains(TALLOC_CTX *memctx, * name. */ if (dmatch == NULL) { - if (!only_name_seen) { - only_name = nmatch; - } else if (nmatch == NULL || only_name == NULL || - strcasecmp(only_name, nmatch) != 0) { - only_name_mismatch = true; + if (candidate_name == NULL) { + candidate_name = nmatch; + } else if (strcasecmp(candidate_name, nmatch) != 0) { + name_mismatch = true; } - only_name_seen = true; /* * If a domain was returned, then it must match the name of the @@ -274,6 +272,8 @@ int sss_parse_name_for_domains(TALLOC_CTX *memctx, rdomain = dmatch; rname = nmatch; break; + } else if (candidate_name == NULL) { + candidate_domain = dmatch; } } @@ -284,12 +284,16 @@ int sss_parse_name_for_domains(TALLOC_CTX *memctx, } } - if (rdomain == NULL && rname == NULL && - only_name_seen && !only_name_mismatch && only_name != NULL) { - DEBUG(SSSDBG_FUNC_DATA, - ("name '%s' matched without domain, user is %s\n", orig, nmatch)); - rdomain = NULL; - rname = only_name; + if (rdomain == NULL && rname == NULL) { + if (candidate_name && !name_mismatch) { + DEBUG(SSSDBG_FUNC_DATA, + ("name '%s' matched without domain, user is %s\n", orig, nmatch)); + rdomain = NULL; + rname = candidate_name; + } else if (candidate_domain) { + *domain = talloc_steal(memctx, candidate_domain); + return EAGAIN; + } } if (rdomain == NULL && rname == NULL) { |