diff options
| author | Sumit Bose <sbose@redhat.com> | 2012-10-18 16:14:40 +0200 |
|---|---|---|
| committer | Sumit Bose <sbose@redhat.com> | 2012-10-26 10:32:05 +0200 |
| commit | 83f24636ef8d3d2b9c5be46272781ed5e0497ca7 (patch) | |
| tree | 720875032628182f533e990752eb94824d7ea24c /src/providers/krb5/krb5_auth.c | |
| parent | 7219ef88751bb05edd77629b8068330bb6d9b117 (diff) | |
| download | sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.tar.gz sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.tar.bz2 sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.zip | |
krb5_auth: check if principal belongs to a different realm
Add a flag if the principal used for authentication does not belong
to our realm. This can be used to act differently for users from other
realms.
Diffstat (limited to 'src/providers/krb5/krb5_auth.c')
| -rw-r--r-- | src/providers/krb5/krb5_auth.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index c98535b1..72f0711e 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -427,6 +427,13 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, DEBUG(1, ("krb5_get_simple_upn failed.\n")); goto done; } + } else { + ret = compare_principal_realm(kr->upn, realm, + &kr->upn_from_different_realm); + if (ret != 0) { + DEBUG(SSSDBG_OP_FAILURE, ("compare_principal_realm failed.\n")); + goto done; + } } kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR, |