sysdb: fix string comparison when checking for overrides

When checking if the input group-name is the original name from AD or an overwritten one the comparison is currently done case sensitive. Since AD handles names case-insensitive and hence SSSD should do this as well this comparison might cause issues. The patch replace the case sensitive comparison with a comparison with respects the case_sensitive of the domain the object is coming from. Resolves: SSSD#6720 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
etrunko · May 15, 2023 · 01d0279 · 01d0279
1 parent 90c5490
commit 01d0279
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
@@ -1225,7 +1225,9 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
                     res->msgs[0], ORIGINALAD_PREFIX SYSDB_NAME, NULL);
 
             if (originalad_sanitized_name != NULL
-                    && strcmp(originalad_sanitized_name, sanitized_name) != 0) {
+                    && !sss_string_equal(domain->case_sensitive,
+                                         originalad_sanitized_name,
+                                         sanitized_name)) {
                 fmt_filter = SYSDB_GRNAM_FILTER;
                 base_dn = sysdb_group_base_dn(tmp_ctx, domain);
                 res = NULL;