rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0061-SDAP-add-special-handling-for-IPA-Kerberos-enterpris.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   45d81bea72b5c0655b17432ce15813c10e83768b
  2.   SOURCES
  3.   0061-SDAP-add-special-handling-for-IPA-Kerberos-enterpris.patch
Blob History Raw
b2d430 
From c2fe77b2277513d01b56dc26391e8e7cfcbe7429 Mon Sep 17 00:00:00 2001
b2d430 
From: Sumit Bose <sbose@redhat.com>
b2d430 
Date: Fri, 22 Jul 2016 12:20:33 +0200
b2d430 
Subject: [PATCH 61/62] SDAP: add special handling for IPA Kerberos enterprise
b2d430 
 principal strings
b2d430
b2d430 
Unfortunately principal aliases with an alternative realm are stored in
b2d430 
IPA as the string representation of an enterprise principal, i.e.
b2d430 
name\@alt.realm@IPA.REALM. To allow searches with the plain alias
b2d430 
'name@alt.realm' the returned value is converted before it is saved to
b2d430 
the cache.
b2d430
b2d430 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
b2d430 
(cherry picked from commit 15694ca762f61a414f0017c57ed97a8d57456b80)
b2d430 
---
b2d430 
 src/providers/ldap/sdap_async_users.c | 17 +++++++++++++++++
b2d430 
 1 file changed, 17 insertions(+)
b2d430
b2d430 
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
b2d430 
index 28101a2d8a38f97d09d50a9f7e071a030b4f9719..cccd2506b3e1849101a8a06c39fe6cab263777b6 100644
b2d430 
--- a/src/providers/ldap/sdap_async_users.c
b2d430 
+++ b/src/providers/ldap/sdap_async_users.c
b2d430 
@@ -143,6 +143,8 @@ int sdap_save_user(TALLOC_CTX *memctx,
b2d430 
     char *dom_sid_str = NULL;
b2d430 
     struct sss_domain_info *subdomain;
b2d430 
     size_t c;
b2d430 
+    char *p1;
b2d430 
+    char *p2;
b2d430
b2d430 
     DEBUG(SSSDBG_TRACE_FUNC, "Save user\n");
b2d430
b2d430 
@@ -448,6 +450,21 @@ int sdap_save_user(TALLOC_CTX *memctx,
b2d430 
                 goto done;
b2d430 
             }
b2d430
b2d430 
+            /* Check for IPA Kerberos enterprise principal strings
b2d430 
+             * 'user\@my.realm@IPA.REALM' and use 'user@my.realm' */
b2d430 
+            if ( (p1 = strchr(upn,'\\')) != NULL
b2d430 
+                    && *(p1 + 1) == '@'
b2d430 
+                    && (p2 = strchr(p1 + 2, '@')) != NULL) {
b2d430 
+                *p1 = '\0';
b2d430 
+                *p2 = '\0';
b2d430 
+                upn = talloc_asprintf(tmpctx, "%s%s", upn, p1 + 1);
b2d430 
+                if (upn == NULL) {
b2d430 
+                    DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
b2d430 
+                    ret = ENOMEM;
b2d430 
+                    goto done;
b2d430 
+                }
b2d430 
+            }
b2d430 
+
b2d430 
             if (dp_opt_get_bool(opts->basic, SDAP_FORCE_UPPER_CASE_REALM)) {
b2d430 
                 make_realm_upper_case(upn);
b2d430 
             }
b2d430 
--
b2d430 
2.4.11
b2d430

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation