|
 |
ced1f5 |
From d8d4e9fb842444eb3bd4e1a116fce00aba557707 Mon Sep 17 00:00:00 2001
|
|
|
ced1f5 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
ced1f5 |
Date: Mon, 20 Nov 2017 12:04:50 +0100
|
|
|
ced1f5 |
Subject: [PATCH 63/67] ipa: handle users from different domains in
|
|
|
ced1f5 |
ipa_resolve_user_list_send()
|
|
|
ced1f5 |
MIME-Version: 1.0
|
|
|
ced1f5 |
Content-Type: text/plain; charset=UTF-8
|
|
|
ced1f5 |
Content-Transfer-Encoding: 8bit
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Instead of assuming that all users in the list can be found in the
|
|
|
ced1f5 |
provided domain with this patch the domain name part of the user name is
|
|
|
ced1f5 |
preferred. The provided domain name is used as a fallback.
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Related to https://pagure.io/SSSD/sssd/issue/3579
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
|
|
|
ced1f5 |
(cherry picked from commit 7988988aab5bd0249476671b850eb3909aa753f8)
|
|
|
ced1f5 |
---
|
|
|
ced1f5 |
src/providers/ipa/ipa_id.c | 20 ++++++++++++++++----
|
|
|
ced1f5 |
1 file changed, 16 insertions(+), 4 deletions(-)
|
|
|
ced1f5 |
|
|
|
ced1f5 |
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
|
|
|
ced1f5 |
index 8f8759f64b758aae7e45c88588e97a1bcf16ad79..2b4386584192d6b5ef0372099292ed73b77177bd 100644
|
|
|
ced1f5 |
--- a/src/providers/ipa/ipa_id.c
|
|
|
ced1f5 |
+++ b/src/providers/ipa/ipa_id.c
|
|
|
ced1f5 |
@@ -63,6 +63,8 @@ struct ipa_resolve_user_list_state {
|
|
|
ced1f5 |
struct ipa_id_ctx *ipa_ctx;
|
|
|
ced1f5 |
struct ldb_message_element *users;
|
|
|
ced1f5 |
const char *domain_name;
|
|
|
ced1f5 |
+ struct sss_domain_info *domain;
|
|
|
ced1f5 |
+ struct sss_domain_info *user_domain;
|
|
|
ced1f5 |
size_t user_idx;
|
|
|
ced1f5 |
|
|
|
ced1f5 |
int dp_error;
|
|
|
ced1f5 |
@@ -91,6 +93,8 @@ ipa_resolve_user_list_send(TALLOC_CTX *memctx, struct tevent_context *ev,
|
|
|
ced1f5 |
state->ev = ev;
|
|
|
ced1f5 |
state->ipa_ctx = ipa_ctx;
|
|
|
ced1f5 |
state->domain_name = domain_name;
|
|
|
ced1f5 |
+ state->domain = find_domain_by_name(state->ipa_ctx->sdap_id_ctx->be->domain,
|
|
|
ced1f5 |
+ state->domain_name, true);
|
|
|
ced1f5 |
state->users = users;
|
|
|
ced1f5 |
state->user_idx = 0;
|
|
|
ced1f5 |
state->dp_error = DP_ERR_FATAL;
|
|
|
ced1f5 |
@@ -132,8 +136,17 @@ static errno_t ipa_resolve_user_list_get_user_step(struct tevent_req *req)
|
|
|
ced1f5 |
|
|
|
ced1f5 |
DEBUG(SSSDBG_TRACE_ALL, "Trying to resolve user [%s].\n", ar->filter_value);
|
|
|
ced1f5 |
|
|
|
ced1f5 |
- if (strcasecmp(state->domain_name,
|
|
|
ced1f5 |
- state->ipa_ctx->sdap_id_ctx->be->domain->name) != 0) {
|
|
|
ced1f5 |
+ state->user_domain = find_domain_by_object_name_ex(
|
|
|
ced1f5 |
+ state->ipa_ctx->sdap_id_ctx->be->domain,
|
|
|
ced1f5 |
+ ar->filter_value, true);
|
|
|
ced1f5 |
+ /* Use provided domain as as fallback is no known domain was found in the
|
|
|
ced1f5 |
+ * user name. */
|
|
|
ced1f5 |
+ if (state->user_domain == NULL) {
|
|
|
ced1f5 |
+ state->user_domain = state->domain;
|
|
|
ced1f5 |
+ }
|
|
|
ced1f5 |
+ ar->domain = state->user_domain->name;
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ if (state->user_domain != state->ipa_ctx->sdap_id_ctx->be->domain) {
|
|
|
ced1f5 |
subreq = ipa_subdomain_account_send(state, state->ev, state->ipa_ctx,
|
|
|
ced1f5 |
ar);
|
|
|
ced1f5 |
} else {
|
|
|
ced1f5 |
@@ -158,8 +171,7 @@ static void ipa_resolve_user_list_get_user_done(struct tevent_req *subreq)
|
|
|
ced1f5 |
struct ipa_resolve_user_list_state);
|
|
|
ced1f5 |
int ret;
|
|
|
ced1f5 |
|
|
|
ced1f5 |
- if (strcasecmp(state->domain_name,
|
|
|
ced1f5 |
- state->ipa_ctx->sdap_id_ctx->be->domain->name) != 0) {
|
|
|
ced1f5 |
+ if (state->user_domain != state->ipa_ctx->sdap_id_ctx->be->domain) {
|
|
|
ced1f5 |
ret = ipa_subdomain_account_recv(subreq, &state->dp_error);
|
|
|
ced1f5 |
} else {
|
|
|
ced1f5 |
ret = ipa_id_get_account_info_recv(subreq, &state->dp_error);
|
|
|
ced1f5 |
--
|
|
|
ced1f5 |
2.14.3
|
|
|
ced1f5 |
|