diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-11 23:39:49 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-03 16:14:25 +0200 |
commit | 563cb29dbe477176f427466cdc1876437c77738b (patch) | |
tree | efb0396a2d8904493f732b4cd83ce6d8eb0d0b8a /src/responder | |
parent | 2db20f970cb0ada26358482c49f6c1dce5ea4ea2 (diff) | |
download | sssd-563cb29dbe477176f427466cdc1876437c77738b.tar.gz sssd-563cb29dbe477176f427466cdc1876437c77738b.tar.xz sssd-563cb29dbe477176f427466cdc1876437c77738b.zip |
Make IPA SELinux provider aware of subdomain users
Fixes https://fedorahosted.org/sssd/ticket/1892
Diffstat (limited to 'src/responder')
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index a180a8f1d..db1f90bc2 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -522,7 +522,9 @@ static errno_t process_selinux_mappings(struct pam_auth_req *preq) goto done; } - sysdb = preq->domain->sysdb; + /* Sysdb rules are always stored in the parent domain */ + sysdb = preq->domain->parent ? preq->domain->parent->sysdb : + preq->domain->sysdb; if (sysdb == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Fatal: Sysdb CTX not found for " "domain [%s]!\n", preq->domain->name)); @@ -598,7 +600,7 @@ static errno_t process_selinux_mappings(struct pam_auth_req *preq) } /* Fetch all maps applicable to the user who is currently logging in */ - ret = sysdb_search_selinux_usermap_by_username(tmp_ctx, sysdb, pd->user, + ret = sysdb_search_selinux_usermap_by_username(tmp_ctx, preq->domain, pd->user, &usermaps); if (ret != EOK && ret != ENOENT) { goto done; |