Re: [SSSD] [PATCH] NSS: Use right domain for group members with fq names

Wed, 03 Sep 2014 05:58:27 -0700 

On (03/09/14 11:15), Pavel Reichl wrote:
>
>On 09/02/2014 07:46 PM, Lukas Slebodnik wrote:
>>-            nlen = sss_fqname(NULL, 0, dom->names, dom, name.str);
>>+            nlen = sss_fqname(NULL, 0, dom->names, member_dom, name.str);
>                                                            ^^^^^
>s/dom->names/member_dom->names/
>
>Should we do this substitution?
Yes, thank you.

updated version is attached

LS

>From 0fd27b5b217e811c888a5252bcbf8b555a268a5f Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Sat, 30 Aug 2014 17:31:50 +0200
Subject: [PATCH] NSS: Use right domain for group members with fq names

If we query group from subdomain it can contain users from different domains.
All members from subdomain have fully qualified name, but member from main
domain aren't. In function fill_members, we extracted name and domain with
function fill_members. Later, we called function sss_fqname the first time
with queried group domain and the second time with parsed domain.
It caused following error in nss responder:

[fill_members] (0x0040): Failed to generate a fully qualified name for member
  [user2_dom1@sssdad_tree.com] of group [group2_dom2@sssdad_tree.com]! Skipping

The test test_nss_getgrnam_mix_dom_fqdn passed, because name of main domain
and name of subdomain had the same length, Therefore there was not problem
in function fill_members with calling sss_fqname with different domains.
This patch also changes name of subdomain to prevent such problems in future.
---
 src/responder/nss/nsssrv_cmd.c  | 3 ++-
 src/tests/cmocka/test_nss_srv.c | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 
bf578f394c7a7128246a81d8e463459289deb243..560578428daa7fafd297adbbc5329b20e9383899
 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -2498,7 +2498,8 @@ static int fill_members(struct sss_packet *packet,
         }
 
         if (add_domain) {
-            nlen = sss_fqname(NULL, 0, dom->names, dom, name.str);
+            nlen = sss_fqname(NULL, 0, member_dom->names, member_dom,
+                              name.str);
             if (nlen >= 0) {
                 nlen += 1;
             } else {
diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
index 
e7d6540ccdba1cdc6c3d87661df86e1b60900c6f..644468dbbbbef99f293e3556df6304327be57edd
 100644
--- a/src/tests/cmocka/test_nss_srv.c
+++ b/src/tests/cmocka/test_nss_srv.c
@@ -37,7 +37,7 @@
 #define TEST_CONF_DB "test_nss_conf.ldb"
 #define TEST_DOM_NAME "nss_test"
 #define TEST_SYSDB_FILE "cache_"TEST_DOM_NAME".ldb"
-#define TEST_SUBDOM_NAME "test.sub"
+#define TEST_SUBDOM_NAME "test.subdomain"
 #define TEST_ID_PROVIDER "ldap"
 
 struct nss_test_ctx {
-- 
2.1.0


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to