dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0130-IPA-Do-not-append-domain-name-to-fq-name.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   6070bf104c72c97f6da7578de30b099b6d3e9153
  2.   SOURCES
  3.   0130-IPA-Do-not-append-domain-name-to-fq-name.patch
Blob History Raw
905b4d 
From edcaf7122748fb2cd5dcfe055b904127c99f3234 Mon Sep 17 00:00:00 2001
905b4d 
From: Lukas Slebodnik <lslebodn@redhat.com>
905b4d 
Date: Mon, 1 Dec 2014 17:29:49 +0100
905b4d 
Subject: [PATCH 130/130] IPA: Do not append domain name to fq name
905b4d 
MIME-Version: 1.0
905b4d 
Content-Type: text/plain; charset=UTF-8
905b4d 
Content-Transfer-Encoding: 8bit
905b4d
905b4d 
Usernames from AD subdomains are already in fqdn we should not append
905b4d 
domain name in this case.
905b4d
905b4d 
Resolves:
905b4d 
https://fedorahosted.org/sssd/ticket/2512
905b4d
905b4d 
Reviewed-by: Michal Židek <mzidek@redhat.com>
905b4d 
---
905b4d 
 src/providers/ipa/ipa_selinux.c | 21 +++++++++++++++++----
905b4d 
 1 file changed, 17 insertions(+), 4 deletions(-)
905b4d
905b4d 
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
905b4d 
index 531258dac5c033b5896598e44e28a373d6cf5e3b..c4e70cfcb0748988d91fc1db57cf5a30d5365be4 100644
905b4d 
--- a/src/providers/ipa/ipa_selinux.c
905b4d 
+++ b/src/providers/ipa/ipa_selinux.c
905b4d 
@@ -812,6 +812,7 @@ selinux_child_setup(TALLOC_CTX *mem_ctx,
905b4d 
     char *ptr;
905b4d 
     char *username;
905b4d 
     char *username_final;
905b4d 
+    char *domain_name = NULL;
905b4d 
     TALLOC_CTX *tmp_ctx;
905b4d 
     struct selinux_child_input *sci;
905b4d
905b4d 
@@ -849,10 +850,22 @@ selinux_child_setup(TALLOC_CTX *mem_ctx,
905b4d 
     }
905b4d
905b4d 
     if (dom->fqnames) {
905b4d 
-        username_final = talloc_asprintf(tmp_ctx, dom->names->fq_fmt,
905b4d 
-                                         username, dom->name);
905b4d 
-        if (username_final == NULL) {
905b4d 
-            ret = ENOMEM;
905b4d 
+        ret = sss_parse_name(tmp_ctx, dom->names, username, &domain_name,
905b4d 
+                             NULL);
905b4d 
+        if (ret == EOK && domain_name != NULL) {
905b4d 
+            /* username is already a fully qualified name */
905b4d 
+            username_final = username;
905b4d 
+        } else if ((ret == EOK && domain_name == NULL)
905b4d 
+                   || ret == ERR_REGEX_NOMATCH) {
905b4d 
+            username_final = talloc_asprintf(tmp_ctx, dom->names->fq_fmt,
905b4d 
+                                             username, dom->name);
905b4d 
+            if (username_final == NULL) {
905b4d 
+                ret = ENOMEM;
905b4d 
+                goto done;
905b4d 
+            }
905b4d 
+        } else {
905b4d 
+            DEBUG(SSSDBG_OP_FAILURE,
905b4d 
+                  "sss_parse_name failed: [%d] %s", ret, sss_strerror(ret));
905b4d 
             goto done;
905b4d 
         }
905b4d 
     } else {
905b4d 
--
905b4d 
1.9.3
905b4d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation