rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0060-PAM-Fix-domain-for-UPN-based-lookups.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   45d81bea72b5c0655b17432ce15813c10e83768b
  2.   SOURCES
  3.   0060-PAM-Fix-domain-for-UPN-based-lookups.patch
Blob History Raw
b2d430 
From 3467754b1e32e648b3013244dcbac51677a089eb Mon Sep 17 00:00:00 2001
b2d430 
From: Sumit Bose <sbose@redhat.com>
b2d430 
Date: Fri, 22 Jul 2016 17:34:20 +0200
b2d430 
Subject: [PATCH 60/62] PAM: Fix domain for UPN based lookups
b2d430
b2d430 
Since sysdb_search_user_by_upn() searches the whole cache we have to set
b2d430 
the domain so that it matches the result.
b2d430
b2d430 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
b2d430 
(cherry picked from commit 9b8fcf685c5ca70a5067a621385bcdc8d9fd6469)
b2d430 
---
b2d430 
 src/responder/pam/pamsrv_cmd.c | 17 +++++++++++++++++
b2d430 
 1 file changed, 17 insertions(+)
b2d430
b2d430 
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
b2d430 
index 1c759f009321cbb322fce624b506ed07f93f997b..66564f5d301a53dcdb5967f43ef4afdb897e9974 100644
b2d430 
--- a/src/responder/pam/pamsrv_cmd.c
b2d430 
+++ b/src/responder/pam/pamsrv_cmd.c
b2d430 
@@ -1474,6 +1474,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
b2d430 
     static const char *user_attrs[] = SYSDB_PW_ATTRS;
b2d430 
     struct ldb_message *msg;
b2d430 
     struct ldb_result *res;
b2d430 
+    const char *sysdb_name;
b2d430
b2d430 
     while (dom) {
b2d430 
        /* if it is a domainless search, skip domains that require fully
b2d430 
@@ -1533,6 +1534,22 @@ static int pam_check_user_search(struct pam_auth_req *preq)
b2d430
b2d430 
         if (preq->pd->name_is_upn) {
b2d430 
             ret = sysdb_search_user_by_upn(preq, dom, name, user_attrs, &msg;;
b2d430 
+
b2d430 
+            /* Since sysdb_search_user_by_upn() searches the whole cache we
b2d430 
+             * have to set the domain so that it matches the result. */
b2d430 
+            sysdb_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
b2d430 
+            if (sysdb_name == NULL) {
b2d430 
+                DEBUG(SSSDBG_CRIT_FAILURE, "Cached entry has no name.\n");
b2d430 
+                return EINVAL;
b2d430 
+            }
b2d430 
+            preq->domain = find_domain_by_object_name(get_domains_head(dom),
b2d430 
+                                                      sysdb_name);
b2d430 
+            if (preq->domain == NULL) {
b2d430 
+                DEBUG(SSSDBG_CRIT_FAILURE,
b2d430 
+                      "Cannot find matching domain for [%s].\n",
b2d430 
+                      sysdb_name);
b2d430 
+                return EINVAL;
b2d430 
+            }
b2d430 
         } else {
b2d430 
             ret = sysdb_getpwnam_with_views(preq, dom, name, &res;;
b2d430 
             if (res->count > 1) {
b2d430 
--
b2d430 
2.4.11
b2d430

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation