diff options
author | Sumit Bose <sbose@redhat.com> | 2016-07-22 17:34:20 +0200 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2016-07-22 17:34:20 +0200 |
commit | 4feba5311a859b1c4eaa100f77d54bdbb6bc9501 (patch) | |
tree | e8d99880969ed8f6516ac611df798b2898a1d87d | |
parent | 452f42c0117701d651ba3b1efa40f051d2785419 (diff) | |
download | sssd-4feba5311a859b1c4eaa100f77d54bdbb6bc9501.tar.gz sssd-4feba5311a859b1c4eaa100f77d54bdbb6bc9501.tar.xz sssd-4feba5311a859b1c4eaa100f77d54bdbb6bc9501.zip |
PAM: Fix domain for UPN based lookups
Since sysdb_search_user_by_upn() searches the whole cache we have to set
the domain so that it matches the result.
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 1c759f009..66564f5d3 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1474,6 +1474,7 @@ static int pam_check_user_search(struct pam_auth_req *preq) static const char *user_attrs[] = SYSDB_PW_ATTRS; struct ldb_message *msg; struct ldb_result *res; + const char *sysdb_name; while (dom) { /* if it is a domainless search, skip domains that require fully @@ -1533,6 +1534,22 @@ static int pam_check_user_search(struct pam_auth_req *preq) if (preq->pd->name_is_upn) { ret = sysdb_search_user_by_upn(preq, dom, name, user_attrs, &msg); + + /* Since sysdb_search_user_by_upn() searches the whole cache we + * have to set the domain so that it matches the result. */ + sysdb_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); + if (sysdb_name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Cached entry has no name.\n"); + return EINVAL; + } + preq->domain = find_domain_by_object_name(get_domains_head(dom), + sysdb_name); + if (preq->domain == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot find matching domain for [%s].\n", + sysdb_name); + return EINVAL; + } } else { ret = sysdb_getpwnam_with_views(preq, dom, name, &res); if (res->count > 1) { |