ac7d03
From e795c094ac6ccc8a33e247ba56b93c35ed9cf57d Mon Sep 17 00:00:00 2001
ac7d03
From: Sumit Bose <sbose@redhat.com>
ac7d03
Date: Fri, 17 Mar 2017 14:10:52 +0100
ac7d03
Subject: [PATCH] extdom: do reverse search for domain separator
ac7d03
ac7d03
To avoid issues which @-signs in the short user or group names it is
ac7d03
better to search for the domain separator starting at the end of the
ac7d03
fully-qualified name.
ac7d03
ac7d03
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
ac7d03
Reviewed-By: David Kupka <dkupka@redhat.com>
ac7d03
---
ac7d03
 daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c | 6 +++---
ac7d03
 1 file changed, 3 insertions(+), 3 deletions(-)
ac7d03
ac7d03
diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
ac7d03
index e629247fd771e374d50486d836cd3b0d8d32a78a..aa1ff10dfbf51b87a367261202b39d1346bd337a 100644
ac7d03
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
ac7d03
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
ac7d03
@@ -515,7 +515,7 @@ int pack_ber_user(struct ipa_extdom_ctx *ctx,
ac7d03
     char *short_user_name = NULL;
ac7d03
 
ac7d03
     short_user_name = strdup(user_name);
ac7d03
-    if ((locat = strchr(short_user_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
ac7d03
+    if ((locat = strrchr(short_user_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
ac7d03
         if (strcasecmp(locat+1, domain_name) == 0  ) {
ac7d03
             locat[0] = '\0';
ac7d03
         } else {
ac7d03
@@ -626,7 +626,7 @@ int pack_ber_group(enum response_types response_type,
ac7d03
     char *short_group_name = NULL;
ac7d03
 
ac7d03
     short_group_name = strdup(group_name);
ac7d03
-    if ((locat = strchr(short_group_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
ac7d03
+    if ((locat = strrchr(short_group_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
ac7d03
         if (strcasecmp(locat+1, domain_name) == 0  ) {
ac7d03
             locat[0] = '\0';
ac7d03
         } else {
ac7d03
@@ -901,7 +901,7 @@ static int handle_sid_or_cert_request(struct ipa_extdom_ctx *ctx,
ac7d03
         goto done;
ac7d03
     }
ac7d03
 
ac7d03
-    sep = strchr(fq_name, SSSD_DOMAIN_SEPARATOR);
ac7d03
+    sep = strrchr(fq_name, SSSD_DOMAIN_SEPARATOR);
ac7d03
     if (sep == NULL) {
ac7d03
         set_err_msg(req, "Failed to split fully qualified name");
ac7d03
         ret = LDAP_OPERATIONS_ERROR;
ac7d03
-- 
ac7d03
2.12.1
ac7d03