diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-02 15:53:34 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-21 17:04:07 +0200 |
commit | dd0a21738e1b71940bba11134734b5999e9fd8e9 (patch) | |
tree | 0f1f9201564213910400408c8f1e6ef1671f9eab /src/providers/krb5 | |
parent | 7fc8692d49cdaa0368072f196433c07b475da679 (diff) | |
download | sssd-dd0a21738e1b71940bba11134734b5999e9fd8e9.tar.gz sssd-dd0a21738e1b71940bba11134734b5999e9fd8e9.tar.xz sssd-dd0a21738e1b71940bba11134734b5999e9fd8e9.zip |
KRB5: Offline operation with disabled domain
https://fedorahosted.org/sssd/ticket/2637
If a subdomain is in the disabled state, switch krb5_child operation
into offline mode.
Similarly, instead of marking the whole back end as offline, mark just
the domain as offline -- depending on the domain type, this would mark
the whole back end or just inactivate subdomain.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/providers/krb5')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index d35df1399..e3e9601b3 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -720,7 +720,7 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) * was found good, setting offline, * but we still have to call the child to setup * the ccache file if we are performing auth */ - be_mark_offline(state->be_ctx); + be_mark_dom_offline(state->domain, state->be_ctx); kr->is_offline = true; if (kr->pd->cmd == SSS_PAM_CHAUTHTOK || @@ -754,9 +754,19 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) kr->is_offline = be_is_offline(state->be_ctx); } + if (!kr->is_offline + && sss_domain_get_state(state->domain) == DOM_INACTIVE) { + DEBUG(SSSDBG_TRACE_INTERNAL, + "Subdomain %s is inactive, will proceed offline\n", + state->domain->name); + kr->is_offline = true; + } + if (kr->is_offline && sss_krb5_realm_has_proxy(dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_REALM))) { + DEBUG(SSSDBG_TRACE_FUNC, + "Resetting offline status, KDC proxy is in use\n"); kr->is_offline = false; } |