summaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/krb5/krb5_access.c16
-rw-r--r--src/providers/krb5/krb5_auth.c27
-rw-r--r--src/providers/krb5/krb5_auth.h2
-rw-r--r--src/providers/krb5/krb5_renew_tgt.c38
4 files changed, 49 insertions, 34 deletions
diff --git a/src/providers/krb5/krb5_access.c b/src/providers/krb5/krb5_access.c
index afa3a89d..25612807 100644
--- a/src/providers/krb5/krb5_access.c
+++ b/src/providers/krb5/krb5_access.c
@@ -25,6 +25,7 @@
#include "util/util.h"
#include "providers/krb5/krb5_auth.h"
#include "providers/krb5/krb5_common.h"
+#include "providers/krb5/krb5_utils.h"
struct krb5_access_state {
struct tevent_context *ev;
@@ -101,15 +102,12 @@ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx,
goto done;
break;
case 1:
- state->kr->upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_UPN,
- NULL);
- if (state->kr->upn == NULL) {
- ret = krb5_get_simple_upn(state, krb5_ctx, pd->user,
- &state->kr->upn);
- if (ret != EOK) {
- DEBUG(1, ("krb5_get_simple_upn failed.\n"));
- goto done;
- }
+ ret = find_or_guess_upn(state, res->msgs[0], krb5_ctx,
+ be_ctx->domain->name, pd->user, pd->domain,
+ &state->kr->upn);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n"));
+ goto done;
}
state->kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM,
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 98dc8d84..c1f9f14b 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -420,20 +420,19 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
break;
case 1:
- kr->upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_UPN, NULL);
- if (kr->upn == NULL) {
- ret = krb5_get_simple_upn(state, krb5_ctx, pd->user, &kr->upn);
- if (ret != EOK) {
- DEBUG(1, ("krb5_get_simple_upn failed.\n"));
- goto done;
- }
- } else {
- ret = compare_principal_realm(kr->upn, realm,
- &kr->upn_from_different_realm);
- if (ret != 0) {
- DEBUG(SSSDBG_OP_FAILURE, ("compare_principal_realm failed.\n"));
- goto done;
- }
+ ret = find_or_guess_upn(state, res->msgs[0], krb5_ctx,
+ be_ctx->domain->name, pd->user, pd->domain,
+ &kr->upn);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n"));
+ goto done;
+ }
+
+ ret = compare_principal_realm(kr->upn, realm,
+ &kr->upn_from_different_realm);
+ if (ret != 0) {
+ DEBUG(SSSDBG_OP_FAILURE, ("compare_principal_realm failed.\n"));
+ goto done;
}
kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR,
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
index bf49f7cf..9133472a 100644
--- a/src/providers/krb5/krb5_auth.h
+++ b/src/providers/krb5/krb5_auth.h
@@ -45,7 +45,7 @@ struct krb5child_req {
const char *ccname;
const char *old_ccname;
const char *homedir;
- const char *upn;
+ char *upn;
uid_t uid;
gid_t gid;
bool is_offline;
diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c
index 217e03d3..ccb7e6af 100644
--- a/src/providers/krb5/krb5_renew_tgt.c
+++ b/src/providers/krb5/krb5_renew_tgt.c
@@ -381,9 +381,11 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
struct ldb_message **msgs = NULL;
size_t c;
const char *ccache_file;
- const char *upn;
+ char *upn;
const char *user_name;
struct ldb_dn *base_dn;
+ const struct ldb_val *user_dom_val;
+ char *user_dom;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
@@ -421,15 +423,31 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
continue;
}
- upn = ldb_msg_find_attr_as_string(msgs[c], SYSDB_UPN, NULL);
- if (upn == NULL) {
- ret = krb5_get_simple_upn(tmp_ctx, renew_tgt_ctx->krb5_ctx,
- user_name, &upn);
- if (ret != EOK) {
- DEBUG(1, ("krb5_get_simple_upn failed.\n"));
- continue;
- }
- DEBUG(9, ("No upn stored in cache, using [%s].\n", upn));
+ /* The DNs of users in sysdb ends with ...,cn=domain.name,cn=sysdb, so
+ * the value of the component before the last (index 1) is the domain
+ * name. */
+
+ user_dom_val = ldb_dn_get_component_val(msgs[c]->dn, 1);
+ if (user_dom_val == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Invalid user DN [%s].\n",
+ ldb_dn_get_linearized(msgs[c]->dn)));
+ ret = EINVAL;
+ goto done;
+ }
+ user_dom = talloc_strndup(tmp_ctx, (char *) user_dom_val->data,
+ user_dom_val->length);
+ if (user_dom == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_strndup failed,\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = find_or_guess_upn(tmp_ctx, msgs[c], renew_tgt_ctx->krb5_ctx,
+ renew_tgt_ctx->be_ctx->domain->name,
+ user_name, user_dom, &upn);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n"));
+ goto done;
}
ccache_file = ldb_msg_find_attr_as_string(msgs[c], SYSDB_CCACHE_FILE,