celestian's pull request #26: "KRB5: Fixing FQ name of user in krb5_setup()" was synchronize
See the full pull-request at https://github.com/SSSD/sssd/pull/26 ... or pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/26/head:pr26 git checkout pr26
From df941b967a035b0e9a653f11388f477d726446dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C4=8Cech?= <[email protected]> Date: Wed, 14 Sep 2016 09:00:06 -0400 Subject: [PATCH] KRB5: Fixing FQ name of user in krb5_setup() This patch fixes creation of FQ username if krb5_map_user option ise used. Resolves: https://fedorahosted.org/sssd/ticket/3188 --- src/providers/krb5/krb5_auth.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index f0f2280..38dacd1 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -182,6 +182,7 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, { struct krb5child_req *kr; const char *mapped_name; + char *short_user_name; TALLOC_CTX *tmp_ctx; errno_t ret; @@ -202,11 +203,22 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, kr->pd = pd; kr->krb5_ctx = krb5_ctx; - ret = get_krb_primary(krb5_ctx->name_to_primary, - pd->user, dom->case_sensitive, &mapped_name); + /* The internal username is qualified, but we are only interested in + * the name part in get_krb_primary() + */ + ret = sss_parse_internal_fqname(tmp_ctx, pd->user, &short_user_name, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Could not parse [%s] into name and " + "domain components, login might fail\n", pd->user); + short_user_name = talloc_strdup(tmp_ctx, pd->user); + } + + ret = get_krb_primary(krb5_ctx->name_to_primary, short_user_name, + dom->case_sensitive, &mapped_name); if (ret == EOK) { DEBUG(SSSDBG_TRACE_FUNC, "Setting mapped name to: %s\n", mapped_name); - kr->user = mapped_name; + kr->user = sss_create_internal_fqname(kr, mapped_name, dom->name); kr->kuserok_user = mapped_name; } else if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_ALL, "No mapping for: %s\n", pd->user);
_______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
