|
|
ac7d03 |
From e795c094ac6ccc8a33e247ba56b93c35ed9cf57d Mon Sep 17 00:00:00 2001
|
|
|
ac7d03 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
ac7d03 |
Date: Fri, 17 Mar 2017 14:10:52 +0100
|
|
|
ac7d03 |
Subject: [PATCH] extdom: do reverse search for domain separator
|
|
|
ac7d03 |
|
|
|
ac7d03 |
To avoid issues which @-signs in the short user or group names it is
|
|
|
ac7d03 |
better to search for the domain separator starting at the end of the
|
|
|
ac7d03 |
fully-qualified name.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
ac7d03 |
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
ac7d03 |
---
|
|
|
ac7d03 |
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c | 6 +++---
|
|
|
ac7d03 |
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
|
|
|
ac7d03 |
index e629247fd771e374d50486d836cd3b0d8d32a78a..aa1ff10dfbf51b87a367261202b39d1346bd337a 100644
|
|
|
ac7d03 |
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
|
|
|
ac7d03 |
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
|
|
|
ac7d03 |
@@ -515,7 +515,7 @@ int pack_ber_user(struct ipa_extdom_ctx *ctx,
|
|
|
ac7d03 |
char *short_user_name = NULL;
|
|
|
ac7d03 |
|
|
|
ac7d03 |
short_user_name = strdup(user_name);
|
|
|
ac7d03 |
- if ((locat = strchr(short_user_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
|
|
|
ac7d03 |
+ if ((locat = strrchr(short_user_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
|
|
|
ac7d03 |
if (strcasecmp(locat+1, domain_name) == 0 ) {
|
|
|
ac7d03 |
locat[0] = '\0';
|
|
|
ac7d03 |
} else {
|
|
|
ac7d03 |
@@ -626,7 +626,7 @@ int pack_ber_group(enum response_types response_type,
|
|
|
ac7d03 |
char *short_group_name = NULL;
|
|
|
ac7d03 |
|
|
|
ac7d03 |
short_group_name = strdup(group_name);
|
|
|
ac7d03 |
- if ((locat = strchr(short_group_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
|
|
|
ac7d03 |
+ if ((locat = strrchr(short_group_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
|
|
|
ac7d03 |
if (strcasecmp(locat+1, domain_name) == 0 ) {
|
|
|
ac7d03 |
locat[0] = '\0';
|
|
|
ac7d03 |
} else {
|
|
|
ac7d03 |
@@ -901,7 +901,7 @@ static int handle_sid_or_cert_request(struct ipa_extdom_ctx *ctx,
|
|
|
ac7d03 |
goto done;
|
|
|
ac7d03 |
}
|
|
|
ac7d03 |
|
|
|
ac7d03 |
- sep = strchr(fq_name, SSSD_DOMAIN_SEPARATOR);
|
|
|
ac7d03 |
+ sep = strrchr(fq_name, SSSD_DOMAIN_SEPARATOR);
|
|
|
ac7d03 |
if (sep == NULL) {
|
|
|
ac7d03 |
set_err_msg(req, "Failed to split fully qualified name");
|
|
|
ac7d03 |
ret = LDAP_OPERATIONS_ERROR;
|
|
|
ac7d03 |
--
|
|
|
ac7d03 |
2.12.1
|
|
|
ac7d03 |
|