|
 |
5e7e84 |
From 80ffa314c669feaaffe487d8ea5004c149d948c8 Mon Sep 17 00:00:00 2001
|
|
|
5e7e84 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
5e7e84 |
Date: Mon, 23 May 2022 09:05:43 +0200
|
|
|
5e7e84 |
Subject: [PATCH] ad: add fallback in ad_domain_info_send()
|
|
|
5e7e84 |
MIME-Version: 1.0
|
|
|
5e7e84 |
Content-Type: text/plain; charset=UTF-8
|
|
|
5e7e84 |
Content-Transfer-Encoding: 8bit
|
|
|
5e7e84 |
|
|
|
5e7e84 |
Commit 51e92297157562511baf8902777f02a4aa2e70e6 allowed
|
|
|
5e7e84 |
ad_domain_info_send() to handle multiple domains by searching for the
|
|
|
5e7e84 |
matching sdap_domain data. Unfortunately it assumed that the configured
|
|
|
5e7e84 |
name and the DNS domain name are always matching. This is true for all
|
|
|
5e7e84 |
sub-domains discovered at runtime by DNS lookups but might not be true
|
|
|
5e7e84 |
for the domain configured in sssd.conf. Since the configured domain is
|
|
|
5e7e84 |
the first in the list of sdap_domain data it will be used as a fallback
|
|
|
5e7e84 |
in case no data could be found by name.
|
|
|
5e7e84 |
|
|
|
5e7e84 |
Resolves: https://github.com/SSSD/sssd/issues/6170
|
|
|
5e7e84 |
|
|
|
5e7e84 |
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
|
|
|
5e7e84 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
5e7e84 |
(cherry picked from commit 71b14474bec82a0c57065ad45915ebfeb9e3d03e)
|
|
|
5e7e84 |
---
|
|
|
5e7e84 |
src/providers/ad/ad_domain_info.c | 17 ++++++++++++++++-
|
|
|
5e7e84 |
1 file changed, 16 insertions(+), 1 deletion(-)
|
|
|
5e7e84 |
|
|
|
5e7e84 |
diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
|
|
|
5e7e84 |
index f3a82a198..9583c74b9 100644
|
|
|
5e7e84 |
--- a/src/providers/ad/ad_domain_info.c
|
|
|
5e7e84 |
+++ b/src/providers/ad/ad_domain_info.c
|
|
|
5e7e84 |
@@ -217,8 +217,23 @@ ad_domain_info_send(TALLOC_CTX *mem_ctx,
|
|
|
5e7e84 |
state->opts = conn->id_ctx->opts;
|
|
|
5e7e84 |
state->dom_name = dom_name;
|
|
|
5e7e84 |
state->sdom = sdap_domain_get_by_name(state->opts, state->dom_name);
|
|
|
5e7e84 |
+ /* The first domain in the list is the domain configured in sssd.conf and
|
|
|
5e7e84 |
+ * here it might be possible that the domain name from the config file and
|
|
|
5e7e84 |
+ * the DNS domain name do not match. All other sub-domains are discovered
|
|
|
5e7e84 |
+ * at runtime with the help of DNS lookups so it is expected that the
|
|
|
5e7e84 |
+ * names matches. Hence it makes sense to fall back to the first entry in
|
|
|
5e7e84 |
+ * the list if no matching domain was found since it is most probably
|
|
|
5e7e84 |
+ * related to the configured domain. */
|
|
|
5e7e84 |
+ if (state->sdom == NULL) {
|
|
|
5e7e84 |
+ DEBUG(SSSDBG_OP_FAILURE, "No internal domain data found for [%s], "
|
|
|
5e7e84 |
+ "falling back to first domain.\n",
|
|
|
5e7e84 |
+ state->dom_name);
|
|
|
5e7e84 |
+ state->sdom = state->opts->sdom;
|
|
|
5e7e84 |
+ }
|
|
|
5e7e84 |
if (state->sdom == NULL || state->sdom->search_bases == NULL) {
|
|
|
5e7e84 |
- DEBUG(SSSDBG_OP_FAILURE, "Missing internal domain data.\n");
|
|
|
5e7e84 |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
5e7e84 |
+ "Missing internal domain data for domain [%s].\n",
|
|
|
5e7e84 |
+ state->dom_name);
|
|
|
5e7e84 |
ret = EINVAL;
|
|
|
5e7e84 |
goto immediate;
|
|
|
5e7e84 |
}
|
|
|
5e7e84 |
--
|
|
|
5e7e84 |
2.34.3
|
|
|
5e7e84 |
|