Re: [Freeipa-devel] [PATCH] 1022 normalize uid when in winsync

2012-05-25 Thread Martin Kosek 
On Thu, 2012-05-24 at 13:54 -0400, Rob Crittenden wrote:
 In case the uid that comes from AD is mixed-case we need to normalize it 
 to all lower. It should be safe using tolower() because we only allow 
 ASCII characters in uid.
 
 rob

I tested this with a winsync agreement with an AD and it worked fine, I
as able to change password and then log in as an AD-mixed-case user.

ACK, pushed to master.

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 1022 normalize uid when in winsync

2012-05-24 Thread Rob Crittenden 
In case the uid that comes from AD is mixed-case we need to normalize it 
to all lower. It should be safe using tolower() because we only allow 
ASCII characters in uid.


rob
From dd4dc674921ef48a3cb49a0cfb1c2b6308749eb3 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 24 May 2012 13:52:07 -0400
Subject: [PATCH] Normalize uid to lower case in winsync.

This in effect fixes uid, krbPrincipalName and homeDir.

https://fedorahosted.org/freeipa/ticket/2756
---
 .../ipa-slapi-plugins/ipa-winsync/ipa-winsync.c|   33 +++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
index ef237e93ae00cc377b1dfbab567320c3942a328c..5d9e3cf948a621a91b7e9d89c41a92bfcedad5fe 100644
--- a/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
+++ b/daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
@@ -61,6 +61,7 @@
 
 #include string.h
 #include stdlib.h
+#include ctype.h
 #include plstr.h
 
 static void
@@ -82,6 +83,25 @@ do_force_sync(
 int *do_modify /* set to true if mods were applied */
 );
 
+static char *
+str_tolower(char *str)
+{
+char *lstr, *t;
+
+lstr = strdup(str);
+if (!lstr) {
+/* the caller should log OOM if this returns NULL */
+return NULL;
+}
+
+for (t = lstr; *t; t++)
+if (isalpha(*t))
+*t = tolower(*t);
+
+return lstr;
+}
+
+
 /* This is called when a new agreement is created or loaded
at startup.
 */
@@ -278,11 +298,22 @@ ipa_winsync_pre_ds_add_user_cb(void *cbdata, const Slapi_Entry *rawentry,
 if (slapi_entry_attr_find(ds_entry, type, e_attr) || !e_attr) {
 char *upn = NULL;
 char *uid = NULL;
+char *lower = NULL;
 char *samAccountName = NULL;
 /* if the ds_entry already has a uid, use that */
 if ((uid = slapi_entry_attr_get_charptr(ds_entry, uid))) {
-upn = slapi_ch_smprintf(%s@%s, uid, ipaconfig-realm_name);
+lower = str_tolower(uid);
+if (!lower) {
+LOG_OOM();
+return;
+}
+/* Now reset UID to be lower-case */
 slapi_ch_free_string(uid);
+slapi_entry_attr_delete(ds_entry, uid);
+slapi_entry_attr_set_charptr(ds_entry, uid, lower);
+/* And create a normalized principal */
+upn = slapi_ch_smprintf(%s@%s, lower, ipaconfig-realm_name);
+free(lower);
 /* otherwise, use the samAccountName from the ad_entry */
 } else if ((samAccountName =
 slapi_entry_attr_get_charptr(ad_entry, samAccountName))) {
-- 
1.7.10.2

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel