diff options
-rw-r--r-- | src/db/sysdb_search.c | 18 | ||||
-rw-r--r-- | src/responder/pac/pacsrv_cmd.c | 23 | ||||
-rw-r--r-- | src/responder/pac/pacsrv_utils.c | 6 | ||||
-rw-r--r-- | src/tools/sss_cache.c | 12 | ||||
-rw-r--r-- | src/util/usertools.c | 17 | ||||
-rw-r--r-- | src/util/util.h | 7 |
6 files changed, 42 insertions, 41 deletions
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 344ff6fa..d70d0cc3 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -55,14 +55,9 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, /* If this is a subomain we need to use fully qualified names for the * search as well by default */ - if (IS_SUBDOMAIN(domain) && domain->fqnames) { - ret = ENOMEM; - src_name = sss_tc_fqname(tmp_ctx, domain->names, domain, name); - } else { - ret = EINVAL; - src_name = name; - } + src_name = sss_get_domain_name(tmp_ctx, name, domain); if (!src_name) { + ret = ENOMEM; goto done; } @@ -242,14 +237,9 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, /* If this is a subomain we need to use fully qualified names for the * search as well by default */ - if (IS_SUBDOMAIN(domain) && domain->fqnames) { - ret = ENOMEM; - src_name = sss_tc_fqname(tmp_ctx, domain->names, domain, name); - } else { - ret = EINVAL; - src_name = name; - } + src_name = sss_get_domain_name(tmp_ctx, name, domain); if (!src_name) { + ret = ENOMEM; goto done; } diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index c3f1115e..3edf0356 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -623,7 +623,7 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx) struct sss_domain_info *dom = pr_ctx->dom; struct tevent_req *req; errno_t ret; - char *fq_name = NULL; + char *dom_name = NULL; req = tevent_req_create(pr_ctx, &state, struct pac_save_memberships_state); if (req == NULL) { @@ -631,20 +631,15 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx) } state->sid_iter = 0; - if (IS_SUBDOMAIN(dom)) { - fq_name = sss_tc_fqname(pr_ctx, pr_ctx->dom->names, pr_ctx->dom, - pr_ctx->user_name); - if (fq_name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, ("talloc_sprintf failed.\n")); - ret = ENOMEM; - goto done; - } - state->user_dn = sysdb_user_dn(dom->sysdb, state, dom, fq_name); - } else { - state->user_dn = sysdb_user_dn(dom->sysdb, state, dom, - pr_ctx->user_name); + dom_name = sss_get_domain_name(state, pr_ctx->user_name, dom); + if (dom_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("talloc_sprintf failed.\n")); + ret = ENOMEM; + goto done; } + + state->user_dn = sysdb_user_dn(dom->sysdb, state, dom, dom_name); if (state->user_dn == NULL) { ret = ENOMEM; goto done; @@ -664,7 +659,7 @@ struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx) } done: - talloc_free(fq_name); + talloc_free(dom_name); if (ret != EOK && ret != EAGAIN) { tevent_req_error(req, ret); tevent_req_post(req, pr_ctx->cctx->ev); diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c index e7e15ac5..f70438b6 100644 --- a/src/responder/pac/pacsrv_utils.c +++ b/src/responder/pac/pacsrv_utils.c @@ -386,11 +386,7 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx, } /* Subdomain use fully qualified names */ - if (IS_SUBDOMAIN(dom)) { - pwd->pw_name = sss_tc_fqname(pwd, dom->names, dom, lname); - } else { - pwd->pw_name = talloc_strdup(pwd, lname); - } + pwd->pw_name = sss_get_domain_name(pwd, lname, dom); if (!pwd->pw_name) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_sprintf failed.\n")); ret = ENOMEM; diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c index f888608a..c9096fa9 100644 --- a/src/tools/sss_cache.c +++ b/src/tools/sss_cache.c @@ -219,14 +219,10 @@ static errno_t update_filter(struct cache_tool_ctx *tctx, } if (parsed_domain) { - if (IS_SUBDOMAIN(dinfo)) { - /* Use fqdn for subdomains */ - use_name = sss_tc_fqname(tmp_ctx, tctx->nctx, dinfo, name); - if (use_name == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); - ret = ENOMEM; - goto done; - } + use_name = sss_get_domain_name(tmp_ctx, use_name, dinfo); + if (!use_name) { + ret = ENOMEM; + goto done; } if (!strcasecmp(dinfo->name, parsed_domain)) { diff --git a/src/util/usertools.c b/src/util/usertools.c index cc8f583b..dc863ce8 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -627,3 +627,20 @@ sss_fqdom_len(struct sss_names_ctx *nctx, len += fq_part_len(nctx, domain, FQ_FMT_FLAT_NAME, domain->flat_name); return len; } + +char * +sss_get_domain_name(TALLOC_CTX *mem_ctx, + const char *orig_name, + struct sss_domain_info *dom) +{ + char *user_name; + + if (IS_SUBDOMAIN(dom) && dom->fqnames) { + /* we always use the fully qualified name for subdomain users */ + user_name = sss_tc_fqname(mem_ctx, dom->names, dom, orig_name); + } else { + user_name = talloc_strdup(mem_ctx, orig_name); + } + + return user_name; +} diff --git a/src/util/util.h b/src/util/util.h index e55c0b4d..8ae85f4f 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -390,6 +390,13 @@ size_t sss_fqdom_len(struct sss_names_ctx *nctx, struct sss_domain_info *domain); +/* Subdomains use fully qualified names in the cache while primary domains use + * just the name. Return either of these for a specified domain or subdomain + */ +char * +sss_get_domain_name(TALLOC_CTX *mem_ctx, const char *orig_name, + struct sss_domain_info *dom); + /* from backup-file.c */ int backup_file(const char *src, int dbglvl); |