|
 |
b2d430 |
From 196e4a16c32e2f5d7e63f2dacd4f3cf4128f6814 Mon Sep 17 00:00:00 2001
|
|
|
b2d430 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
b2d430 |
Date: Fri, 22 Jul 2016 17:35:43 +0200
|
|
|
b2d430 |
Subject: [PATCH 49/62] IPA: fix lookup by UPN for subdomains
|
|
|
b2d430 |
|
|
|
b2d430 |
Currently the user name used in the extdom exop request is
|
|
|
b2d430 |
unconditionally set to the short name. While this is correct for the
|
|
|
b2d430 |
general name based lookups it breaks UPN/email based lookups where the
|
|
|
b2d430 |
name part after the @-sign might not match to domain name. I guess this
|
|
|
b2d430 |
was introduce during the sysdb refactoring.
|
|
|
b2d430 |
|
|
|
b2d430 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
b2d430 |
(cherry picked from commit 530458a4ef7cd8429d1db2f3dfae92d9c44e38ef)
|
|
|
b2d430 |
---
|
|
|
b2d430 |
src/providers/ipa/ipa_subdomains_id.c | 16 ++++++++++++----
|
|
|
b2d430 |
1 file changed, 12 insertions(+), 4 deletions(-)
|
|
|
b2d430 |
|
|
|
b2d430 |
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
|
|
|
b2d430 |
index 542c596a983bcb48f4eac699f78eb956326cefa2..002857699b65c86a6ed0c912a2a7ae06a8f9e507 100644
|
|
|
b2d430 |
--- a/src/providers/ipa/ipa_subdomains_id.c
|
|
|
b2d430 |
+++ b/src/providers/ipa/ipa_subdomains_id.c
|
|
|
b2d430 |
@@ -344,6 +344,7 @@ struct ipa_get_subdom_acct {
|
|
|
b2d430 |
int entry_type;
|
|
|
b2d430 |
const char *filter;
|
|
|
b2d430 |
int filter_type;
|
|
|
b2d430 |
+ const char *extra_value;
|
|
|
b2d430 |
bool use_pac;
|
|
|
b2d430 |
struct ldb_message *user_msg;
|
|
|
b2d430 |
|
|
|
b2d430 |
@@ -393,6 +394,7 @@ struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx,
|
|
|
b2d430 |
state->entry_type = (ar->entry_type & BE_REQ_TYPE_MASK);
|
|
|
b2d430 |
state->filter = ar->filter_value;
|
|
|
b2d430 |
state->filter_type = ar->filter_type;
|
|
|
b2d430 |
+ state->extra_value = ar->extra_value;
|
|
|
b2d430 |
|
|
|
b2d430 |
switch (state->entry_type) {
|
|
|
b2d430 |
case BE_REQ_USER:
|
|
|
b2d430 |
@@ -499,10 +501,16 @@ static void ipa_get_subdom_acct_connected(struct tevent_req *subreq)
|
|
|
b2d430 |
switch (state->filter_type) {
|
|
|
b2d430 |
case BE_FILTER_NAME:
|
|
|
b2d430 |
req_input->type = REQ_INP_NAME;
|
|
|
b2d430 |
- /* The extdom plugin expects the shortname and domain separately */
|
|
|
b2d430 |
- ret = sss_parse_internal_fqname(req_input, state->filter,
|
|
|
b2d430 |
- &shortname, NULL);
|
|
|
b2d430 |
- req_input->inp.name = talloc_steal(req_input, shortname);
|
|
|
b2d430 |
+ /* The extdom plugin expects the shortname and domain separately,
|
|
|
b2d430 |
+ * but for UPN/email lookup we need to send the raw name */
|
|
|
b2d430 |
+ if (state->extra_value != NULL
|
|
|
b2d430 |
+ && strcmp(state->extra_value, EXTRA_NAME_IS_UPN) == 0) {
|
|
|
b2d430 |
+ req_input->inp.name = talloc_strdup(req_input, state->filter);
|
|
|
b2d430 |
+ } else {
|
|
|
b2d430 |
+ ret = sss_parse_internal_fqname(req_input, state->filter,
|
|
|
b2d430 |
+ &shortname, NULL);
|
|
|
b2d430 |
+ req_input->inp.name = talloc_steal(req_input, shortname);
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
if (req_input->inp.name == NULL) {
|
|
|
b2d430 |
DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
|
|
|
b2d430 |
tevent_req_error(req, ENOMEM);
|
|
|
b2d430 |
--
|
|
|
b2d430 |
2.4.11
|
|
|
b2d430 |
|