diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-03 13:47:52 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-03 17:36:09 +0100 |
commit | 538321890c4d5f08c8702cfc2c00e57cbd13d334 (patch) | |
tree | 12df15f813ba90308be8ec4af93c1fddab2341d9 /po/nl.po | |
parent | afadeb1a530ff010a2f9a7552562576b843c874b (diff) | |
download | sssd-538321890c4d5f08c8702cfc2c00e57cbd13d334.tar.gz sssd-538321890c4d5f08c8702cfc2c00e57cbd13d334.tar.xz sssd-538321890c4d5f08c8702cfc2c00e57cbd13d334.zip |
CACHE_REQ: Only search the given domain when looking up entries by UPN
We were searching UPNs in the whole sysdb, which made cache_req think the
result came in from the domain it was searching.
The bug manifested when a user from a trusted domain was looked by UPN,
then cache_req searched the main domain, the result from subdomain was
considered as coming from the main domain and as a result, the getpwnam()
output was not qualified. That is a problem, because PAM applications
often sanitize the user with getpwnam, so effectively a login with UPN
was shortened to just a shortname and failed.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'po/nl.po')
0 files changed, 0 insertions, 0 deletions