From ac7a7ee3d1e138818a1ed78758f7dd3c3306a56b Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 26 Oct 2012 09:28:45 +0200 Subject: Make sub-domains case-insensitive Currently the only type of supported sub-domains are AD domains which are not case-sensitive. To make it easier for Windows user we make sub-domains case-insensitive as well which allows to write the username in any case at the login prompt. If support for other types of sub-domains is added it might be necessary to set the case-sensitive flag based on the domain type. --- src/providers/ipa/ipa_s2n_exop.c | 25 +++++++++++++++++++++++-- src/util/domain_info_utils.c | 2 +- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 004cdab6..1a81c860 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -446,7 +446,12 @@ static errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx, goto done; } - attrs->a.user.pw_name = talloc_strdup(attrs, name); + /* Winbind is not consistent with the case of the returned user + * name. In general all names should be lower case but there are + * bug in some version of winbind which might lead to upper case + * letters in the name. To be on the safe side we explicitly + * lowercase the name. */ + attrs->a.user.pw_name = sss_tc_utf8_str_tolower(attrs, name); if (attrs->a.user.pw_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; @@ -585,6 +590,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) time_t now; uint64_t timeout = 10*60*60; /* FIXME: find a better timeout ! */ const char *homedir = NULL; + struct sysdb_attrs *user_attrs = NULL; ret = ipa_s2n_exop_recv(subreq, state, &result, &retoid, &retdata); talloc_zfree(subreq); @@ -627,11 +633,25 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) } } + user_attrs = sysdb_new_attrs(state); + if (user_attrs == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n")); + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, + attrs->a.user.pw_name); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); + goto done; + } + ret = sysdb_store_domuser(state->dom, attrs->a.user.pw_name, NULL, attrs->a.user.pw_uid, 0, NULL, /* gecos */ homedir, NULL, - NULL, NULL, timeout, now); + user_attrs, NULL, timeout, now); break; case RESP_GROUP: ret = sysdb_store_domgroup(state->dom, attrs->a.group.gr_name, @@ -647,6 +667,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) done: + talloc_free(user_attrs); if (ret == EOK) { tevent_req_done(req); } else { diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index 6eed835a..6ee35455 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -79,7 +79,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, dom->id_max = 0xffffffff; dom->pwd_expiration_warning = parent->pwd_expiration_warning; dom->cache_credentials = parent->cache_credentials; - dom->case_sensitive = parent->case_sensitive; + dom->case_sensitive = false; dom->user_timeout = parent->user_timeout; dom->group_timeout = parent->group_timeout; dom->netgroup_timeout = parent->netgroup_timeout; -- cgit