From 6d485cdb11d3c2b8855a6380f759ae2df6e5c35b Mon Sep 17 00:00:00 2001
From: Jan Zeleny <jzeleny@redhat.com>
Date: Mon, 5 Mar 2012 04:04:28 -0500
Subject: Basic support for subdomains in auth provider

---
 src/providers/ipa/ipa_auth.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/providers/ipa')

diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c
index eb62f029..2bd313b3 100644
--- a/src/providers/ipa/ipa_auth.c
+++ b/src/providers/ipa/ipa_auth.c
@@ -210,6 +210,12 @@ void ipa_auth(struct be_req *be_req)
 
     state->pd = pd;
 
+    if (strcasecmp(pd->domain, be_req->be_ctx->domain->name) != 0 &&
+        state->pd->cmd != SSS_PAM_ACCT_MGMT) {
+        DEBUG(SSSDBG_OP_FAILURE, ("This operation is not allowed for subdomains!\n"));
+        goto fail;
+    }
+
     switch (state->pd->cmd) {
         case SSS_PAM_AUTHENTICATE:
             state->ipa_auth_ctx = talloc_get_type(
-- 
cgit