summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-11-23 18:35:08 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-01-08 14:42:56 +0100
commit8d371b14623e1dced3ddc885ff7d8cd2cbf50604 (patch)
tree14dec6e1da7e10dc84bff0701e363f2b95607019
parent53bf0219474371e4c7bc0315a42d1e39acf083bb (diff)
downloadsssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.tar.gz
sssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.tar.bz2
sssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.zip
Use struct pac_grp instead of gid_t for groups from PAC
To be able to handle groupmemberships from other domains more data than just the gid must be kept for groups given in the PAC.
-rw-r--r--src/responder/pac/pacsrv.h11
-rw-r--r--src/responder/pac/pacsrv_cmd.c8
-rw-r--r--src/responder/pac/pacsrv_utils.c24
-rw-r--r--src/tests/pac_responder-tests.c19
4 files changed, 36 insertions, 26 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h
index 8b73d995..8cd49284 100644
--- a/src/responder/pac/pacsrv.h
+++ b/src/responder/pac/pacsrv.h
@@ -71,6 +71,11 @@ struct grp_info {
struct ldb_dn *dn;
};
+struct pac_grp {
+ gid_t gid;
+ struct sss_domain_info *grp_dom;
+};
+
int pac_cmd_execute(struct cli_ctx *cctx);
struct sss_cmd_table *get_pac_cmds(void);
@@ -98,7 +103,7 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
struct local_mapping_ranges *range_map,
struct dom_sid *domain_sid,
struct PAC_LOGON_INFO *logon_info,
- size_t *_gid_count, gid_t **_gids);
+ size_t *_gid_count, struct pac_grp **_gids);
errno_t get_data_from_pac(TALLOC_CTX *mem_ctx,
uint8_t *pac_blob, size_t pac_len,
@@ -115,9 +120,9 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
size_t cur_grp_num,
struct grp_info *cur_gid_list,
size_t new_gid_num,
- gid_t *new_gid_list,
+ struct pac_grp *new_gid_list,
size_t *_add_gid_num,
- gid_t **_add_gid_list,
+ struct pac_grp **_add_gid_list,
size_t *_del_gid_num,
struct grp_info ***_del_gid_list);
#endif /* __PACSRV_H__ */
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index 277cf4b1..9f201f5c 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -60,13 +60,13 @@ struct pac_req_ctx {
struct dom_sid2 *domain_sid;
size_t gid_count;
- gid_t *gids;
+ struct pac_grp *gids;
size_t current_grp_count;
struct grp_info *current_grp_list;
size_t add_gid_count;
- gid_t *add_gids;
+ struct pac_grp *add_gids;
size_t del_grp_count;
struct grp_info **del_grp_list;
@@ -581,7 +581,7 @@ static errno_t pac_save_memberships_next(struct tevent_req *req)
}
while (state->gid_iter < pr_ctx->add_gid_count) {
- gid = pr_ctx->add_gids[state->gid_iter];
+ gid = pr_ctx->add_gids[state->gid_iter].gid;
ret = pac_store_membership(state->pr_ctx, state->group_dom->sysdb,
state->user_dn, state->gid_iter);
@@ -671,7 +671,7 @@ pac_store_membership(struct pac_req_ctx *pr_ctx,
return ENOMEM;
}
- gid = pr_ctx->add_gids[gid_iter];
+ gid = pr_ctx->add_gids[gid_iter].gid;
ret = sysdb_search_group_by_gid(tmp_ctx, group_sysdb,
gid, group_attrs, &group);
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index 53113fb0..6e0f4bfa 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -389,13 +389,13 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
struct local_mapping_ranges *range_map,
struct dom_sid *domain_sid,
struct PAC_LOGON_INFO *logon_info,
- size_t *_gid_count, gid_t **_gids)
+ size_t *_gid_count, struct pac_grp **_gids)
{
int ret;
size_t g = 0;
size_t s;
struct netr_SamInfo3 *info3;
- gid_t *gids = NULL;
+ struct pac_grp *gids = NULL;
info3 = &logon_info->info3;
@@ -405,7 +405,7 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
goto done;
}
- gids = talloc_array(mem_ctx, gid_t, info3->sidcount);
+ gids = talloc_zero_array(mem_ctx, struct pac_grp, info3->sidcount);
if (gids == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n"));
ret = ENOMEM;
@@ -414,13 +414,14 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
for(s = 0; s < info3->sidcount; s++) {
if (dom_sid_in_domain(domain_sid, info3->sids[s].sid)) {
- ret = local_sid_to_id(range_map, info3->sids[s].sid, &gids[g]);
+ ret = local_sid_to_id(range_map, info3->sids[s].sid,
+ &gids[g].gid);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("get_rid failed.\n"));
goto done;
}
DEBUG(SSSDBG_TRACE_ALL, ("Found extra group "
- "with gid [%d].\n", gids[g]));
+ "with gid [%d].\n", gids[g].gid));
g++;
}
}
@@ -627,9 +628,9 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
size_t cur_grp_num,
struct grp_info *cur_grp_list,
size_t new_gid_num,
- gid_t *new_gid_list,
+ struct pac_grp *new_gid_list,
size_t *_add_gid_num,
- gid_t **_add_gid_list,
+ struct pac_grp **_add_gid_list,
size_t *_del_grp_num,
struct grp_info ***_del_grp_list)
{
@@ -639,7 +640,7 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
hash_key_t key;
hash_value_t value;
size_t add_gid_num = 0;
- gid_t *add_gid_list = NULL;
+ struct pac_grp *add_gid_list = NULL;
size_t del_grp_num = 0;
struct grp_info **del_grp_list = NULL;
TALLOC_CTX *tmp_ctx = NULL;
@@ -666,7 +667,7 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
if (cur_grp_num == 0 && new_gid_num != 0) {
add_gid_num = new_gid_num;
- add_gid_list = talloc_array(tmp_ctx, gid_t, add_gid_num);
+ add_gid_list = talloc_array(tmp_ctx, struct pac_grp, add_gid_num);
if (add_gid_list == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n"));
ret = ENOMEM;
@@ -721,13 +722,14 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
}
for (c = 0; c < new_gid_num; c++) {
- key.ul = (unsigned long) new_gid_list[c];
+ key.ul = (unsigned long) new_gid_list[c].gid;
ret = hash_delete(table, &key);
if (ret == HASH_ERROR_KEY_NOT_FOUND) {
/* gid not found, must be added */
add_gid_num++;
- add_gid_list = talloc_realloc(tmp_ctx, add_gid_list, gid_t, add_gid_num);
+ add_gid_list = talloc_realloc(tmp_ctx, add_gid_list, struct pac_grp,
+ add_gid_num);
if (add_gid_list == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_realloc failed.\n"));
ret = ENOMEM;
diff --git a/src/tests/pac_responder-tests.c b/src/tests/pac_responder-tests.c
index 02cc242a..11870ce4 100644
--- a/src/tests/pac_responder-tests.c
+++ b/src/tests/pac_responder-tests.c
@@ -76,13 +76,16 @@ START_TEST(pac_test_get_gids_to_add_and_remove)
int ret;
size_t c;
size_t add_gid_count = 0;
- gid_t *add_gids = NULL;
+ struct pac_grp *add_gids = NULL;
size_t del_gid_count = 0;
struct grp_info **del_gids = NULL;
- gid_t gid_list_2[] = {2};
- gid_t gid_list_3[] = {3};
- gid_t gid_list_23[] = {2, 3};
+ struct pac_grp pac_grp_2 = {2, NULL};
+ struct pac_grp pac_grp_3 = {3, NULL};
+
+ struct pac_grp gid_list_2[] = {pac_grp_2};
+ struct pac_grp gid_list_3[] = {pac_grp_3};
+ struct pac_grp gid_list_23[] = {pac_grp_2, pac_grp_3};
struct grp_info grp_info_1 = {1, NULL, NULL};
struct grp_info grp_info_2 = {2, NULL, NULL};
@@ -93,10 +96,10 @@ START_TEST(pac_test_get_gids_to_add_and_remove)
size_t cur_gid_count;
struct grp_info *cur_gids;
size_t gid_count;
- gid_t *gids;
+ struct pac_grp *gids;
int exp_ret;
size_t exp_add_gid_count;
- gid_t *exp_add_gids;
+ struct pac_grp *exp_add_gids;
size_t exp_del_gid_count;
struct grp_info *exp_del_gids;
} a_and_r_data[] = {
@@ -155,10 +158,10 @@ START_TEST(pac_test_get_gids_to_add_and_remove)
* only look at lists with 1 element. TODO: add code to compare lists
* with more than 1 member. */
if (add_gid_count == 1) {
- fail_unless(add_gids[0] == a_and_r_data[c].exp_add_gids[0],
+ fail_unless(add_gids[0].gid == a_and_r_data[c].exp_add_gids[0].gid,
"Unexpected gid to add for test data #%d, " \
"expected [%d], got [%d]",
- c, a_and_r_data[c].exp_add_gids[0], add_gids[0]);
+ c, a_and_r_data[c].exp_add_gids[0].gid, add_gids[0].gid);
}
if (del_gid_count == 1) {