celestian's pull request #26: "KRB5: Fixing FQ name of user in krb5_setup()" 
was synchronize

See the full pull-request at https://github.com/SSSD/sssd/pull/26
... or pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/26/head:pr26
git checkout pr26
From df941b967a035b0e9a653f11388f477d726446dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C4=8Cech?= <pc...@redhat.com>
Date: Wed, 14 Sep 2016 09:00:06 -0400
Subject: [PATCH] KRB5: Fixing FQ name of user in krb5_setup()

This patch fixes creation of FQ username if krb5_map_user option
ise used.

Resolves:
https://fedorahosted.org/sssd/ticket/3188
---
 src/providers/krb5/krb5_auth.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index f0f2280..38dacd1 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -182,6 +182,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx,
 {
     struct krb5child_req *kr;
     const char *mapped_name;
+    char *short_user_name;
     TALLOC_CTX *tmp_ctx;
     errno_t ret;
 
@@ -202,11 +203,22 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx,
     kr->pd = pd;
     kr->krb5_ctx = krb5_ctx;
 
-    ret = get_krb_primary(krb5_ctx->name_to_primary,
-                          pd->user, dom->case_sensitive, &mapped_name);
+    /* The internal username is qualified, but we are only interested in
+     * the name part in get_krb_primary()
+     */
+    ret = sss_parse_internal_fqname(tmp_ctx, pd->user, &short_user_name, NULL);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "Could not parse [%s] into name and "
+              "domain components, login might fail\n", pd->user);
+        short_user_name = talloc_strdup(tmp_ctx, pd->user);
+    }
+
+    ret = get_krb_primary(krb5_ctx->name_to_primary, short_user_name,
+                          dom->case_sensitive, &mapped_name);
     if (ret == EOK) {
         DEBUG(SSSDBG_TRACE_FUNC, "Setting mapped name to: %s\n", mapped_name);
-        kr->user = mapped_name;
+        kr->user = sss_create_internal_fqname(kr, mapped_name, dom->name);
         kr->kuserok_user = mapped_name;
     } else if (ret == ENOENT) {
         DEBUG(SSSDBG_TRACE_ALL, "No mapping for: %s\n", pd->user);
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

Reply via email to