IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

extdom: do reverse search for domain separator

Browse Source 
To avoid issues which @-signs in the short user or group names it is
better to search for the domain separator starting at the end of the
fully-qualified name.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
This commit is contained in:
Sumit Bose
2017-03-17 14:10:52 +01:00
committed by Tomas Krizek
parent 0128e805e5
commit ee455f163d
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
View File

@@ -515,7 +515,7 @@ int pack_ber_user(struct ipa_extdom_ctx *ctx,
char *short_user_name = NULL;
short_user_name = strdup(user_name);
if ((locat = strchr(short_user_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
if ((locat = strrchr(short_user_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
if (strcasecmp(locat+1, domain_name) == 0 ) {
locat[0] = '\0';
} else {
@@ -626,7 +626,7 @@ int pack_ber_group(enum response_types response_type,
char *short_group_name = NULL;
short_group_name = strdup(group_name);
if ((locat = strchr(short_group_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
if ((locat = strrchr(short_group_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
if (strcasecmp(locat+1, domain_name) == 0 ) {
locat[0] = '\0';
} else {
@@ -901,7 +901,7 @@ static int handle_sid_or_cert_request(struct ipa_extdom_ctx *ctx,
goto done;
}
sep = strchr(fq_name, SSSD_DOMAIN_SEPARATOR);
sep = strrchr(fq_name, SSSD_DOMAIN_SEPARATOR);
if (sep == NULL) {
set_err_msg(req, "Failed to split fully qualified name");
ret = LDAP_OPERATIONS_ERROR;