* [libnfsidmapd PATCH] nss: use strrchr() instead of strchr() to get the last occurrence of "@"
@ 2014-04-01 15:57 Shijoe George
2014-04-30 17:24 ` Steve Dickson
0 siblings, 1 reply; 2+ messages in thread
From: Shijoe George @ 2014-04-01 15:57 UTC (permalink / raw)
To: linux-nfs
[-- Attachment #1: Type: text/plain, Size: 853 bytes --]
Issues with AD/IPA Trust works & how SSSD deals with AD users.
Lets say we have a IPA domain linux.example.com & AD domain
win.example.com, We setup IPA/AD trust so that Windows domain users can
login into Linux, When we setup AD Trust with IPA, AD users login as
username@AD_REALM, With our example above, username will be
"user@win.example.com" Without @win.example.com that user will be
searched only in IPA domain not in AD domain. That is the reason @DOMAIN
part is important in SSSD when dealing with IPA-AD trust.
With current behaviour the client-side code is stripping the domain off
based on the location of the first "@" character in the value returned
by the server. This results in UID/GID mappings failing and resulting in
ownership on the clients as "nobody".
With the provided patch, we can accept fully qualified usernames.
[-- Attachment #2: nss.patch --]
[-- Type: text/x-patch, Size: 607 bytes --]
commit 7ff76ddf2e37d595732d9c8e534de8aa530eb57a
Author: Shijoe Panjikkaran <spanjikk@redhat.com>
Date: Tue Apr 1 20:53:54 2014 +0530
nss: strrchr() instead of strchr() to get the last occurrence of "@"
Signed-off-by: Shijoe Panjikkaran <spanjikk@redhat.com>
diff --git a/nss.c b/nss.c
index b2b1227..f8129fe 100644
--- a/nss.c
+++ b/nss.c
@@ -135,7 +135,7 @@ static char *strip_domain(const char *name, const char *domain)
char *l = NULL;
int len;
- c = strchr(name, '@');
+ c = strrchr(name, '@');
if (c == NULL && domain != NULL)
goto out;
if (c == NULL && domain == NULL) {
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [libnfsidmapd PATCH] nss: use strrchr() instead of strchr() to get the last occurrence of "@"
2014-04-01 15:57 [libnfsidmapd PATCH] nss: use strrchr() instead of strchr() to get the last occurrence of "@" Shijoe George
@ 2014-04-30 17:24 ` Steve Dickson
0 siblings, 0 replies; 2+ messages in thread
From: Steve Dickson @ 2014-04-30 17:24 UTC (permalink / raw)
To: Shijoe George, linux-nfs
On 04/01/2014 11:57 AM, Shijoe George wrote:
> Issues with AD/IPA Trust works & how SSSD deals with AD users.
>
> Lets say we have a IPA domain linux.example.com & AD domain win.example.com, We setup IPA/AD trust so that Windows domain users can login into Linux, When we setup AD Trust with IPA, AD users login as username@AD_REALM, With our example above, username will be "user@win.example.com" Without @win.example.com that user will be searched only in IPA domain not in AD domain. That is the reason @DOMAIN part is important in SSSD when dealing with IPA-AD trust.
>
> With current behaviour the client-side code is stripping the domain off based on the location of the first "@" character in the value returned by the server. This results in UID/GID mappings failing and resulting in ownership on the clients as "nobody".
>
> With the provided patch, we can accept fully qualified usernames.
Committed...
steved.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-04-30 17:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-04-01 15:57 [libnfsidmapd PATCH] nss: use strrchr() instead of strchr() to get the last occurrence of "@" Shijoe George
2014-04-30 17:24 ` Steve Dickson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).