From 8d9e0547a864cee05ab36bc988300c0cfa986025 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 16 Nov 2012 20:25:42 +0000 Subject: Refactor the way subdomain accounts are saved The original sysdb code had a strong assumption that only users from one domain are saved in the databse, with the subdomain feature, we have changed reality, but have not adjusted all the code arund the sysdb calls to not rely on the original assumption. One of the side effects of this incongrunece is that currently group memberships do not return fully qualified names for subdomain users as they should. In oreder to fix this and other potential issues surrounding the violation of the original assumption, we need to fully qualify subdomain user names. By savin them fully qualified we do not risk aliasing local users and have group memberhips or other name based matching code mistake a domain user with subdomain usr or vice versa. --- src/providers/data_provider_be.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src/providers/data_provider_be.c') diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 685c666a..f4ad8536 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -2188,6 +2188,17 @@ int be_process_init(TALLOC_CTX *mem_ctx, goto fail; } + /* We need this for subdomains support, as they have to store fully + * qualified user and group names for now */ + ret = sss_names_init(ctx->domain, cdb, + ctx->domain->name, &ctx->domain->names); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("fatal error setting fully qualified name format for %s\n", + ctx->domain->name)); + goto fail; + } + ret = be_srv_init(ctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error setting up server bus\n")); -- cgit