summaryrefslogtreecommitdiff
path: root/src/providers/ipa
diff options
context:
space:
mode:
authorJan Zeleny <jzeleny@redhat.com>2012-03-05 04:04:28 -0500
committerStephen Gallagher <sgallagh@redhat.com>2012-04-24 09:19:43 -0400
commit6d485cdb11d3c2b8855a6380f759ae2df6e5c35b (patch)
tree4410b92fa1878a898976e20d9e8d68f92179d099 /src/providers/ipa
parent8aec6ca927c4cb08933d3725447765d08553c4de (diff)
downloadsssd-6d485cdb11d3c2b8855a6380f759ae2df6e5c35b.tar.gz
sssd-6d485cdb11d3c2b8855a6380f759ae2df6e5c35b.tar.bz2
sssd-6d485cdb11d3c2b8855a6380f759ae2df6e5c35b.zip
Basic support for subdomains in auth provider
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_auth.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c
index eb62f029..2bd313b3 100644
--- a/src/providers/ipa/ipa_auth.c
+++ b/src/providers/ipa/ipa_auth.c
@@ -210,6 +210,12 @@ void ipa_auth(struct be_req *be_req)
state->pd = pd;
+ if (strcasecmp(pd->domain, be_req->be_ctx->domain->name) != 0 &&
+ state->pd->cmd != SSS_PAM_ACCT_MGMT) {
+ DEBUG(SSSDBG_OP_FAILURE, ("This operation is not allowed for subdomains!\n"));
+ goto fail;
+ }
+
switch (state->pd->cmd) {
case SSS_PAM_AUTHENTICATE:
state->ipa_auth_ctx = talloc_get_type(