summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Zeleny <jzeleny@redhat.com>2012-03-14 05:29:45 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-04-24 09:19:43 -0400
commit55d21766613d11646da3e2e7df69ca02c03ee053 (patch)
treee5a1b61483c729c9e6f05a13ab91319f144cb9ed
parenta0f186208e39a88b9e18d875121c5032531e7705 (diff)
downloadsssd-55d21766613d11646da3e2e7df69ca02c03ee053.tar.gz
sssd-55d21766613d11646da3e2e7df69ca02c03ee053.tar.xz
sssd-55d21766613d11646da3e2e7df69ca02c03ee053.zip
Detect subdomain request in IPA access provider
-rw-r--r--src/providers/ipa/ipa_access.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index b03a37f05..d7ded884f 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -85,6 +85,16 @@ void ipa_access_handler(struct be_req *be_req)
be_req->be_ctx->bet_info[BET_ACCESS].pvt_bet_data,
struct ipa_access_ctx);
+ if (strcasecmp(pd->domain, be_req->be_ctx->domain->name) != 0) {
+ be_req->domain = new_subdomain(be_req, be_req->be_ctx->domain, pd->domain, NULL, NULL);
+ if (be_req->domain == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("new_subdomain failed.\n"));
+ be_req->fn(be_req, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL);
+ return;
+ }
+ be_req->sysdb = be_req->domain->sysdb;
+ }
+
/* First, verify that this account isn't locked.
* We need to do this in case the auth phase was
* skipped (such as during GSSAPI single-sign-on