diff options
author | Sumit Bose <sbose@redhat.com> | 2012-10-16 18:00:03 +0200 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2012-10-26 10:32:05 +0200 |
commit | f57808442ef362478320f5a142b40319608c583c (patch) | |
tree | bd02fda628d2f8ceda5b3c26952230a0f61e2fb6 | |
parent | 008940825f1f6a68c7441d0c0eee8eaa1a3b03ab (diff) | |
download | sssd-f57808442ef362478320f5a142b40319608c583c.tar.gz sssd-f57808442ef362478320f5a142b40319608c583c.tar.bz2 sssd-f57808442ef362478320f5a142b40319608c583c.zip |
pac responder: use only lower case user name
Since winbind can only return lower-cased user name the pac responder
must do the same to avoid inconsistent behaviour.
-rw-r--r-- | src/responder/pac/pacsrv_cmd.c | 12 | ||||
-rw-r--r-- | src/responder/pac/pacsrv_utils.c | 8 |
2 files changed, 15 insertions, 5 deletions
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index b7edf81d..4cbf14b5 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -113,13 +113,21 @@ static errno_t pac_add_pac_user(struct cli_ctx *cctx) goto done; } - pr_ctx->user_name = pr_ctx->logon_info->info3.base.account_name.string; - if (pr_ctx->user_name == NULL) { + if (pr_ctx->logon_info->info3.base.account_name.string == NULL) { ret = EINVAL; DEBUG(SSSDBG_FATAL_FAILURE, ("Missing account name in PAC.\n")); goto done; } + /* To be compatible with winbind based lookups we have to use lower case + * names only, effectively making the domain case-insenvitive. */ + pr_ctx->user_name = sss_tc_utf8_str_tolower(pr_ctx, + pr_ctx->logon_info->info3.base.account_name.string); + if (pr_ctx->user_name == NULL) { + ret = ENOMEM; + DEBUG(SSSDBG_FATAL_FAILURE, ("sss_tc_utf8_str_tolower failed.\n")); + goto done; + } pr_ctx->dom = responder_get_domain(pr_ctx, cctx->rctx, pr_ctx->domain_name); if (pr_ctx->dom == NULL) { diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c index 48caae64..4b55ef3e 100644 --- a/src/responder/pac/pacsrv_utils.c +++ b/src/responder/pac/pacsrv_utils.c @@ -510,10 +510,12 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx, base_info = &logon_info->info3.base; if (base_info->account_name.size != 0) { - pwd->pw_name = talloc_strdup(pwd, - base_info->account_name.string); + /* To be compatible with winbind based lookups we have to use lower + * case names only, effectively making the domain case-insenvitive. */ + pwd->pw_name = sss_tc_utf8_str_tolower(pwd, + base_info->account_name.string); if (pwd->pw_name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); + DEBUG(SSSDBG_OP_FAILURE, ("sss_tc_utf8_str_tolower failed.\n")); ret = ENOMEM; goto done; } |