diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-24 10:39:12 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-30 14:09:22 +0200 |
commit | cee85e8fb9534ec997e5388fce59f392cf029573 (patch) | |
tree | 8d97dfaa6ddaf5ed379c1cfda3a52a36cc4aa731 /src/responder/pam | |
parent | 825e8bf2f73a815c2eceb36ae805145fcbacf74d (diff) | |
download | sssd-cee85e8fb9534ec997e5388fce59f392cf029573.tar.gz sssd-cee85e8fb9534ec997e5388fce59f392cf029573.tar.xz sssd-cee85e8fb9534ec997e5388fce59f392cf029573.zip |
CACHE_REQ: Domain type selection in cache_req
Related to:
https://pagure.io/SSSD/sssd/issue/3310
Adds a new enumeration cache_req_dom_type. It is a tri-state that
allows the caller to select which domains can be contacted - either only
POSIX, only application domains or any type.
Not all plugins of cache_req have the new parameter added -- only those
that are usable/useful in a non-POSIX environment. For example, it makes
no sense to allow the selection for calls by ID because those are
inherently POSIX-specific. Also, services or netgroups are supported
only coming from POSIX domains.
At the moment, the patch should not change any behaviour as all calls
default to contacting POSIX domains only.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/responder/pam')
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index ba2563c11..fa6d2cc10 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1315,7 +1315,9 @@ static void pam_forwarder_cert_cb(struct tevent_req *req) req = cache_req_user_by_cert_send(preq, cctx->ev, cctx->rctx, - pctx->rctx->ncache, 0, NULL, cert); + pctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, NULL, + cert); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, "cache_req_user_by_cert_send failed.\n"); ret = ENOMEM; @@ -1507,6 +1509,7 @@ static int pam_check_user_search(struct pam_auth_req *preq) preq->cctx->rctx, preq->cctx->rctx->ncache, 0, + CACHE_REQ_POSIX_DOM, preq->pd->domain, data); if (!dpreq) { |