From 2db8726f09800d64231f403198742d22a04a8d8b Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 26 Nov 2013 10:27:50 +0100 Subject: [PATCH 36/41] sss_cache: fix case-sensitivity issue For case-insensitive domains the lower-case name for case-insensitive searches is stored in SYSDB_NAME_ALIAS. Related to https://fedorahosted.org/sssd/ticket/1741 --- src/tools/sss_cache.c | 63 +++++++++++++++++++++++++++++---------------------- 1 file changed, 36 insertions(+), 27 deletions(-) diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c index 3b6e62393f6cf0f6ccc94aea8cf19bf3aedc444f..56dc47afdcb92b71dc1ef71d7f26fdf276a1c45f 100644 --- a/src/tools/sss_cache.c +++ b/src/tools/sss_cache.c @@ -196,6 +196,8 @@ static errno_t update_filter(struct cache_tool_ctx *tctx, TALLOC_CTX *tmp_ctx = NULL; char *use_name = NULL; char *filter; + char *sanitized; + char *lc_sanitized; if (!name || !update) { /* Nothing to do */ @@ -215,6 +217,14 @@ static errno_t update_filter(struct cache_tool_ctx *tctx, goto done; } + if (parsed_domain != NULL && strcasecmp(dinfo->name, parsed_domain) != 0) { + /* We were able to parse the domain from given fqdn, but it + * does not match with currently processed domain. */ + filter = NULL; + ret = EOK; + goto done; + } + if (!dinfo->case_sensitive && !force_case_sensitivity) { use_name = sss_tc_utf8_str_tolower(tmp_ctx, parsed_name); if (!use_name) { @@ -232,41 +242,40 @@ static errno_t update_filter(struct cache_tool_ctx *tctx, ret = ENOMEM; goto done; } + } - if (!strcasecmp(dinfo->name, parsed_domain)) { - if (fmt) { - filter = talloc_asprintf(tmp_ctx, fmt, - SYSDB_NAME, use_name); - } else { - filter = talloc_strdup(tmp_ctx, use_name); - } - if (filter == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); - ret = ENOMEM; - goto done; - } + ret = sss_filter_sanitize_for_dom(tmp_ctx, use_name, dinfo, + &sanitized, &lc_sanitized); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to sanitize the given name.\n")); + goto done; + } + + if (fmt) { + if (!dinfo->case_sensitive && !force_case_sensitivity) { + filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)(%s=%s))", + SYSDB_NAME_ALIAS, lc_sanitized, + SYSDB_NAME_ALIAS, sanitized); } else { - /* We were able to parse the domain from given fqdn, but it - * does not match with currently processed domain. */ - filter = NULL; + filter = talloc_asprintf(tmp_ctx, fmt, SYSDB_NAME, sanitized); } } else { - if (fmt) { - filter = talloc_asprintf(tmp_ctx, fmt, SYSDB_NAME, name); - } else { - filter = talloc_strdup(tmp_ctx, name); - } - if (filter == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); - ret = ENOMEM; - goto done; - } + filter = talloc_strdup(tmp_ctx, sanitized); + } + if (filter == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); + ret = ENOMEM; + goto done; } - talloc_free(*_filter); - *_filter = talloc_steal(tctx, filter); ret = EOK; + done: + if (ret == EOK) { + talloc_free(*_filter); + *_filter = talloc_steal(tctx, filter); + } + talloc_free(tmp_ctx); return ret; -- 1.8.4.2