summaryrefslogtreecommitdiff
path: root/src/responder
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-08-08 14:09:42 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-26 11:44:42 +0200
commit5aab4d1092681508cdf32777efdb2a7e5e6e3f0a (patch)
tree010ac591823845d38c8d8ac59dd62b3d6ecf2260 /src/responder
parente5aa9ba0df9f30e32a86453727beabed8a9e4e27 (diff)
downloadsssd-5aab4d1092681508cdf32777efdb2a7e5e6e3f0a.tar.gz
sssd-5aab4d1092681508cdf32777efdb2a7e5e6e3f0a.tar.bz2
sssd-5aab4d1092681508cdf32777efdb2a7e5e6e3f0a.zip
PAC: read user DN instead of constructing it
To avoid issues with case-sensitivity it is more reliable to search the user entry in the cache and use the returned DN instead of constructing it.
Diffstat (limited to 'src/responder')
-rw-r--r--src/responder/pac/pacsrv_cmd.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index 79841b5d..bf3ea753 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -627,6 +627,7 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx)
struct tevent_req *req;
errno_t ret;
char *dom_name = NULL;
+ struct ldb_message *msg;
req = tevent_req_create(pr_ctx, &state, struct pac_save_memberships_state);
if (req == NULL) {
@@ -642,11 +643,15 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx)
goto done;
}
- state->user_dn = sysdb_user_dn(dom->sysdb, state, dom, dom_name);
- if (state->user_dn == NULL) {
- ret = ENOMEM;
+ ret = sysdb_search_user_by_name(state, dom->sysdb, dom, dom_name, NULL,
+ &msg);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_name failed " \
+ "[%d][%s].\n", ret, strerror(ret)));
goto done;
}
+
+ state->user_dn = msg->dn;
state->pr_ctx = pr_ctx;
ret = pac_save_memberships_delete(state);
@@ -718,7 +723,11 @@ pac_save_memberships_delete(struct pac_save_memberships_state *state)
pr_ctx->del_grp_list[c].dn,
LDB_FLAG_MOD_DELETE);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_mod_group_member failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_mod_group_member failed for " \
+ "user [%s] and group[%s].\n",
+ ldb_dn_get_linearized(state->user_dn),
+ ldb_dn_get_linearized(
+ pr_ctx->del_grp_list[c].dn)));
goto done;
}
@@ -921,7 +930,10 @@ pac_store_membership(struct pac_req_ctx *pr_ctx,
ret = sysdb_mod_group_member(grp_dom->sysdb, user_dn, group->dn,
LDB_FLAG_MOD_ADD);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_mod_group_member failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_mod_group_member failed user [%s] " \
+ "group [%s].\n",
+ ldb_dn_get_linearized(user_dn),
+ ldb_dn_get_linearized(group->dn)));
goto done;
}