diff options
author | Sumit Bose <sbose@redhat.com> | 2015-10-12 13:00:28 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-11-11 18:17:11 +0100 |
commit | 04aed439cc058413e2331e9bfbe598cc563c2c7b (patch) | |
tree | de620ea6cf81d8e45967a8c45418d43bcbe9ded1 /src/responder/common | |
parent | 782d39e3916d16b8dbba6ae97aca1db2f3c35d76 (diff) | |
download | sssd-04aed439cc058413e2331e9bfbe598cc563c2c7b.tar.gz sssd-04aed439cc058413e2331e9bfbe598cc563c2c7b.tar.xz sssd-04aed439cc058413e2331e9bfbe598cc563c2c7b.zip |
cache_req: check all domains for lookups by certificate
Like lookup by ID or by UPN the match for lookups by certificate can be
found in any domain and all sub-domains must be included in the search.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/responder/common')
-rw-r--r-- | src/responder/common/responder_cache_req.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/responder/common/responder_cache_req.c b/src/responder/common/responder_cache_req.c index 68206e42a..4ab52b818 100644 --- a/src/responder/common/responder_cache_req.c +++ b/src/responder/common/responder_cache_req.c @@ -982,6 +982,7 @@ static errno_t cache_req_next_domain(struct tevent_req *req) * qualified names instead. */ while (state->domain != NULL && state->check_next && state->domain->fqnames + && state->input->type != CACHE_REQ_USER_BY_CERT && !cache_req_input_is_upn(state->input)) { state->domain = get_next_domain(state->domain, 0); } @@ -1010,9 +1011,9 @@ static errno_t cache_req_next_domain(struct tevent_req *req) /* we will continue with the following domain the next time */ if (state->check_next) { - if (cache_req_input_is_upn(state->input)) { - state->domain = get_next_domain(state->domain, - SSS_GND_DESCEND); + if (cache_req_input_is_upn(state->input) + || state->input->type == CACHE_REQ_USER_BY_CERT ) { + state->domain = get_next_domain(state->domain, SSS_GND_DESCEND); } else { state->domain = get_next_domain(state->domain, 0); } |