summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/db/sysdb_search.c18
-rw-r--r--src/responder/pac/pacsrv_cmd.c23
-rw-r--r--src/responder/pac/pacsrv_utils.c6
-rw-r--r--src/tools/sss_cache.c12
-rw-r--r--src/util/usertools.c17
-rw-r--r--src/util/util.h7
6 files changed, 42 insertions, 41 deletions
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index 344ff6fa..d70d0cc3 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -55,14 +55,9 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx,
/* If this is a subomain we need to use fully qualified names for the
* search as well by default */
- if (IS_SUBDOMAIN(domain) && domain->fqnames) {
- ret = ENOMEM;
- src_name = sss_tc_fqname(tmp_ctx, domain->names, domain, name);
- } else {
- ret = EINVAL;
- src_name = name;
- }
+ src_name = sss_get_domain_name(tmp_ctx, name, domain);
if (!src_name) {
+ ret = ENOMEM;
goto done;
}
@@ -242,14 +237,9 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
/* If this is a subomain we need to use fully qualified names for the
* search as well by default */
- if (IS_SUBDOMAIN(domain) && domain->fqnames) {
- ret = ENOMEM;
- src_name = sss_tc_fqname(tmp_ctx, domain->names, domain, name);
- } else {
- ret = EINVAL;
- src_name = name;
- }
+ src_name = sss_get_domain_name(tmp_ctx, name, domain);
if (!src_name) {
+ ret = ENOMEM;
goto done;
}
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index c3f1115e..3edf0356 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -623,7 +623,7 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx)
struct sss_domain_info *dom = pr_ctx->dom;
struct tevent_req *req;
errno_t ret;
- char *fq_name = NULL;
+ char *dom_name = NULL;
req = tevent_req_create(pr_ctx, &state, struct pac_save_memberships_state);
if (req == NULL) {
@@ -631,20 +631,15 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx)
}
state->sid_iter = 0;
- if (IS_SUBDOMAIN(dom)) {
- fq_name = sss_tc_fqname(pr_ctx, pr_ctx->dom->names, pr_ctx->dom,
- pr_ctx->user_name);
- if (fq_name == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, ("talloc_sprintf failed.\n"));
- ret = ENOMEM;
- goto done;
- }
- state->user_dn = sysdb_user_dn(dom->sysdb, state, dom, fq_name);
- } else {
- state->user_dn = sysdb_user_dn(dom->sysdb, state, dom,
- pr_ctx->user_name);
+ dom_name = sss_get_domain_name(state, pr_ctx->user_name, dom);
+ if (dom_name == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_sprintf failed.\n"));
+ ret = ENOMEM;
+ goto done;
}
+
+ state->user_dn = sysdb_user_dn(dom->sysdb, state, dom, dom_name);
if (state->user_dn == NULL) {
ret = ENOMEM;
goto done;
@@ -664,7 +659,7 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx)
}
done:
- talloc_free(fq_name);
+ talloc_free(dom_name);
if (ret != EOK && ret != EAGAIN) {
tevent_req_error(req, ret);
tevent_req_post(req, pr_ctx->cctx->ev);
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index e7e15ac5..f70438b6 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -386,11 +386,7 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx,
}
/* Subdomain use fully qualified names */
- if (IS_SUBDOMAIN(dom)) {
- pwd->pw_name = sss_tc_fqname(pwd, dom->names, dom, lname);
- } else {
- pwd->pw_name = talloc_strdup(pwd, lname);
- }
+ pwd->pw_name = sss_get_domain_name(pwd, lname, dom);
if (!pwd->pw_name) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_sprintf failed.\n"));
ret = ENOMEM;
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index f888608a..c9096fa9 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -219,14 +219,10 @@ static errno_t update_filter(struct cache_tool_ctx *tctx,
}
if (parsed_domain) {
- if (IS_SUBDOMAIN(dinfo)) {
- /* Use fqdn for subdomains */
- use_name = sss_tc_fqname(tmp_ctx, tctx->nctx, dinfo, name);
- if (use_name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n"));
- ret = ENOMEM;
- goto done;
- }
+ use_name = sss_get_domain_name(tmp_ctx, use_name, dinfo);
+ if (!use_name) {
+ ret = ENOMEM;
+ goto done;
}
if (!strcasecmp(dinfo->name, parsed_domain)) {
diff --git a/src/util/usertools.c b/src/util/usertools.c
index cc8f583b..dc863ce8 100644
--- a/src/util/usertools.c
+++ b/src/util/usertools.c
@@ -627,3 +627,20 @@ sss_fqdom_len(struct sss_names_ctx *nctx,
len += fq_part_len(nctx, domain, FQ_FMT_FLAT_NAME, domain->flat_name);
return len;
}
+
+char *
+sss_get_domain_name(TALLOC_CTX *mem_ctx,
+ const char *orig_name,
+ struct sss_domain_info *dom)
+{
+ char *user_name;
+
+ if (IS_SUBDOMAIN(dom) && dom->fqnames) {
+ /* we always use the fully qualified name for subdomain users */
+ user_name = sss_tc_fqname(mem_ctx, dom->names, dom, orig_name);
+ } else {
+ user_name = talloc_strdup(mem_ctx, orig_name);
+ }
+
+ return user_name;
+}
diff --git a/src/util/util.h b/src/util/util.h
index e55c0b4d..8ae85f4f 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -390,6 +390,13 @@ size_t
sss_fqdom_len(struct sss_names_ctx *nctx,
struct sss_domain_info *domain);
+/* Subdomains use fully qualified names in the cache while primary domains use
+ * just the name. Return either of these for a specified domain or subdomain
+ */
+char *
+sss_get_domain_name(TALLOC_CTX *mem_ctx, const char *orig_name,
+ struct sss_domain_info *dom);
+
/* from backup-file.c */
int backup_file(const char *src, int dbglvl);