From 2a5d1df12b6011c71794b7dceb0d969340532a77 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Sun, 11 Aug 2013 23:39:49 +0200
Subject: Make IPA SELinux provider aware of subdomain users

Fixes https://fedorahosted.org/sssd/ticket/1892
---
 src/providers/ipa/ipa_selinux.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index d1dbe5765..13679281d 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -36,6 +36,7 @@
 #include "providers/ipa/ipa_access.h"
 #include "providers/ipa/ipa_selinux_common.h"
 #include "providers/ipa/ipa_selinux_maps.h"
+#include "providers/krb5/krb5_utils.h"
 
 static struct tevent_req *
 ipa_get_selinux_send(struct be_req *breq,
@@ -84,6 +85,8 @@ void ipa_selinux_handler(struct be_req *be_req)
     struct tevent_req *req;
     struct pam_data *pd;
     const char *hostname;
+    int ret;
+    struct sss_domain_info *dom;
 
     pd = talloc_get_type(be_req->req_data, struct pam_data);
 
@@ -98,7 +101,13 @@ void ipa_selinux_handler(struct be_req *be_req)
         goto fail;
     }
 
-    op_ctx = ipa_selinux_create_op_ctx(be_req, be_req->sysdb, be_req,
+    ret = get_domain_or_subdomain(be_req, be_req->be_ctx, pd->domain, &dom);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, ("get_domain_or_subdomain failed.\n"));
+        goto fail;
+    }
+
+    op_ctx = ipa_selinux_create_op_ctx(be_req, dom->sysdb, be_req,
                                        pd->user, hostname);
     if (op_ctx == NULL) {
         DEBUG(SSSDBG_OP_FAILURE, ("Cannot create op context\n"));
-- 
cgit