summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-10-26 09:28:45 +0200
committerSumit Bose <sbose@redhat.com>2012-10-26 10:32:06 +0200
commitac7a7ee3d1e138818a1ed78758f7dd3c3306a56b (patch)
treee03889c12bbd350d91cc5004012431738060d1a0
parentbfc3b766d8774186307dc43c187a014b4803e98c (diff)
downloadsssd-ac7a7ee3d1e138818a1ed78758f7dd3c3306a56b.tar.gz
sssd-ac7a7ee3d1e138818a1ed78758f7dd3c3306a56b.tar.bz2
sssd-ac7a7ee3d1e138818a1ed78758f7dd3c3306a56b.zip
Make sub-domains case-insensitive
Currently the only type of supported sub-domains are AD domains which are not case-sensitive. To make it easier for Windows user we make sub-domains case-insensitive as well which allows to write the username in any case at the login prompt. If support for other types of sub-domains is added it might be necessary to set the case-sensitive flag based on the domain type.
-rw-r--r--src/providers/ipa/ipa_s2n_exop.c25
-rw-r--r--src/util/domain_info_utils.c2
2 files changed, 24 insertions, 3 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index 004cdab6..1a81c860 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -446,7 +446,12 @@ static errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx,
goto done;
}
- attrs->a.user.pw_name = talloc_strdup(attrs, name);
+ /* Winbind is not consistent with the case of the returned user
+ * name. In general all names should be lower case but there are
+ * bug in some version of winbind which might lead to upper case
+ * letters in the name. To be on the safe side we explicitly
+ * lowercase the name. */
+ attrs->a.user.pw_name = sss_tc_utf8_str_tolower(attrs, name);
if (attrs->a.user.pw_name == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
ret = ENOMEM;
@@ -585,6 +590,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
time_t now;
uint64_t timeout = 10*60*60; /* FIXME: find a better timeout ! */
const char *homedir = NULL;
+ struct sysdb_attrs *user_attrs = NULL;
ret = ipa_s2n_exop_recv(subreq, state, &result, &retoid, &retdata);
talloc_zfree(subreq);
@@ -627,11 +633,25 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
}
}
+ user_attrs = sysdb_new_attrs(state);
+ if (user_attrs == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS,
+ attrs->a.user.pw_name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n"));
+ goto done;
+ }
+
ret = sysdb_store_domuser(state->dom, attrs->a.user.pw_name, NULL,
attrs->a.user.pw_uid,
0, NULL, /* gecos */
homedir, NULL,
- NULL, NULL, timeout, now);
+ user_attrs, NULL, timeout, now);
break;
case RESP_GROUP:
ret = sysdb_store_domgroup(state->dom, attrs->a.group.gr_name,
@@ -647,6 +667,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
done:
+ talloc_free(user_attrs);
if (ret == EOK) {
tevent_req_done(req);
} else {
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index 6eed835a..6ee35455 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -79,7 +79,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
dom->id_max = 0xffffffff;
dom->pwd_expiration_warning = parent->pwd_expiration_warning;
dom->cache_credentials = parent->cache_credentials;
- dom->case_sensitive = parent->case_sensitive;
+ dom->case_sensitive = false;
dom->user_timeout = parent->user_timeout;
dom->group_timeout = parent->group_timeout;
dom->netgroup_timeout = parent->netgroup_timeout;