|
 |
905b4d |
From edcaf7122748fb2cd5dcfe055b904127c99f3234 Mon Sep 17 00:00:00 2001
|
|
|
905b4d |
From: Lukas Slebodnik <lslebodn@redhat.com>
|
|
|
905b4d |
Date: Mon, 1 Dec 2014 17:29:49 +0100
|
|
|
905b4d |
Subject: [PATCH 130/130] IPA: Do not append domain name to fq name
|
|
|
905b4d |
MIME-Version: 1.0
|
|
|
905b4d |
Content-Type: text/plain; charset=UTF-8
|
|
|
905b4d |
Content-Transfer-Encoding: 8bit
|
|
|
905b4d |
|
|
|
905b4d |
Usernames from AD subdomains are already in fqdn we should not append
|
|
|
905b4d |
domain name in this case.
|
|
|
905b4d |
|
|
|
905b4d |
Resolves:
|
|
|
905b4d |
https://fedorahosted.org/sssd/ticket/2512
|
|
|
905b4d |
|
|
|
905b4d |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
905b4d |
---
|
|
|
905b4d |
src/providers/ipa/ipa_selinux.c | 21 +++++++++++++++++----
|
|
|
905b4d |
1 file changed, 17 insertions(+), 4 deletions(-)
|
|
|
905b4d |
|
|
|
905b4d |
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
|
|
|
905b4d |
index 531258dac5c033b5896598e44e28a373d6cf5e3b..c4e70cfcb0748988d91fc1db57cf5a30d5365be4 100644
|
|
|
905b4d |
--- a/src/providers/ipa/ipa_selinux.c
|
|
|
905b4d |
+++ b/src/providers/ipa/ipa_selinux.c
|
|
|
905b4d |
@@ -812,6 +812,7 @@ selinux_child_setup(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
char *ptr;
|
|
|
905b4d |
char *username;
|
|
|
905b4d |
char *username_final;
|
|
|
905b4d |
+ char *domain_name = NULL;
|
|
|
905b4d |
TALLOC_CTX *tmp_ctx;
|
|
|
905b4d |
struct selinux_child_input *sci;
|
|
|
905b4d |
|
|
|
905b4d |
@@ -849,10 +850,22 @@ selinux_child_setup(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
if (dom->fqnames) {
|
|
|
905b4d |
- username_final = talloc_asprintf(tmp_ctx, dom->names->fq_fmt,
|
|
|
905b4d |
- username, dom->name);
|
|
|
905b4d |
- if (username_final == NULL) {
|
|
|
905b4d |
- ret = ENOMEM;
|
|
|
905b4d |
+ ret = sss_parse_name(tmp_ctx, dom->names, username, &domain_name,
|
|
|
905b4d |
+ NULL);
|
|
|
905b4d |
+ if (ret == EOK && domain_name != NULL) {
|
|
|
905b4d |
+ /* username is already a fully qualified name */
|
|
|
905b4d |
+ username_final = username;
|
|
|
905b4d |
+ } else if ((ret == EOK && domain_name == NULL)
|
|
|
905b4d |
+ || ret == ERR_REGEX_NOMATCH) {
|
|
|
905b4d |
+ username_final = talloc_asprintf(tmp_ctx, dom->names->fq_fmt,
|
|
|
905b4d |
+ username, dom->name);
|
|
|
905b4d |
+ if (username_final == NULL) {
|
|
|
905b4d |
+ ret = ENOMEM;
|
|
|
905b4d |
+ goto done;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+ } else {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
905b4d |
+ "sss_parse_name failed: [%d] %s", ret, sss_strerror(ret));
|
|
|
905b4d |
goto done;
|
|
|
905b4d |
}
|
|
|
905b4d |
} else {
|
|
|
905b4d |
--
|
|
|
905b4d |
1.9.3
|
|
|
905b4d |
|