From edcaf7122748fb2cd5dcfe055b904127c99f3234 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Mon, 1 Dec 2014 17:29:49 +0100 Subject: [PATCH 130/130] IPA: Do not append domain name to fq name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Usernames from AD subdomains are already in fqdn we should not append domain name in this case. Resolves: https://fedorahosted.org/sssd/ticket/2512 Reviewed-by: Michal Židek --- src/providers/ipa/ipa_selinux.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 531258dac5c033b5896598e44e28a373d6cf5e3b..c4e70cfcb0748988d91fc1db57cf5a30d5365be4 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -812,6 +812,7 @@ selinux_child_setup(TALLOC_CTX *mem_ctx, char *ptr; char *username; char *username_final; + char *domain_name = NULL; TALLOC_CTX *tmp_ctx; struct selinux_child_input *sci; @@ -849,10 +850,22 @@ selinux_child_setup(TALLOC_CTX *mem_ctx, } if (dom->fqnames) { - username_final = talloc_asprintf(tmp_ctx, dom->names->fq_fmt, - username, dom->name); - if (username_final == NULL) { - ret = ENOMEM; + ret = sss_parse_name(tmp_ctx, dom->names, username, &domain_name, + NULL); + if (ret == EOK && domain_name != NULL) { + /* username is already a fully qualified name */ + username_final = username; + } else if ((ret == EOK && domain_name == NULL) + || ret == ERR_REGEX_NOMATCH) { + username_final = talloc_asprintf(tmp_ctx, dom->names->fq_fmt, + username, dom->name); + if (username_final == NULL) { + ret = ENOMEM; + goto done; + } + } else { + DEBUG(SSSDBG_OP_FAILURE, + "sss_parse_name failed: [%d] %s", ret, sss_strerror(ret)); goto done; } } else { -- 1.9.3