summaryrefslogtreecommitdiff
path: root/src/responder/pac
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-11-23 18:35:08 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-01-08 14:42:56 +0100
commit8d371b14623e1dced3ddc885ff7d8cd2cbf50604 (patch)
tree14dec6e1da7e10dc84bff0701e363f2b95607019 /src/responder/pac
parent53bf0219474371e4c7bc0315a42d1e39acf083bb (diff)
downloadsssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.tar.gz
sssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.tar.bz2
sssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.zip
Use struct pac_grp instead of gid_t for groups from PAC
To be able to handle groupmemberships from other domains more data than just the gid must be kept for groups given in the PAC.
Diffstat (limited to 'src/responder/pac')
-rw-r--r--src/responder/pac/pacsrv.h11
-rw-r--r--src/responder/pac/pacsrv_cmd.c8
-rw-r--r--src/responder/pac/pacsrv_utils.c24
3 files changed, 25 insertions, 18 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h
index 8b73d995..8cd49284 100644
--- a/src/responder/pac/pacsrv.h
+++ b/src/responder/pac/pacsrv.h
@@ -71,6 +71,11 @@ struct grp_info {
struct ldb_dn *dn;
};
+struct pac_grp {
+ gid_t gid;
+ struct sss_domain_info *grp_dom;
+};
+
int pac_cmd_execute(struct cli_ctx *cctx);
struct sss_cmd_table *get_pac_cmds(void);
@@ -98,7 +103,7 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
struct local_mapping_ranges *range_map,
struct dom_sid *domain_sid,
struct PAC_LOGON_INFO *logon_info,
- size_t *_gid_count, gid_t **_gids);
+ size_t *_gid_count, struct pac_grp **_gids);
errno_t get_data_from_pac(TALLOC_CTX *mem_ctx,
uint8_t *pac_blob, size_t pac_len,
@@ -115,9 +120,9 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
size_t cur_grp_num,
struct grp_info *cur_gid_list,
size_t new_gid_num,
- gid_t *new_gid_list,
+ struct pac_grp *new_gid_list,
size_t *_add_gid_num,
- gid_t **_add_gid_list,
+ struct pac_grp **_add_gid_list,
size_t *_del_gid_num,
struct grp_info ***_del_gid_list);
#endif /* __PACSRV_H__ */
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index 277cf4b1..9f201f5c 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -60,13 +60,13 @@ struct pac_req_ctx {
struct dom_sid2 *domain_sid;
size_t gid_count;
- gid_t *gids;
+ struct pac_grp *gids;
size_t current_grp_count;
struct grp_info *current_grp_list;
size_t add_gid_count;
- gid_t *add_gids;
+ struct pac_grp *add_gids;
size_t del_grp_count;
struct grp_info **del_grp_list;
@@ -581,7 +581,7 @@ static errno_t pac_save_memberships_next(struct tevent_req *req)
}
while (state->gid_iter < pr_ctx->add_gid_count) {
- gid = pr_ctx->add_gids[state->gid_iter];
+ gid = pr_ctx->add_gids[state->gid_iter].gid;
ret = pac_store_membership(state->pr_ctx, state->group_dom->sysdb,
state->user_dn, state->gid_iter);
@@ -671,7 +671,7 @@ pac_store_membership(struct pac_req_ctx *pr_ctx,
return ENOMEM;
}
- gid = pr_ctx->add_gids[gid_iter];
+ gid = pr_ctx->add_gids[gid_iter].gid;
ret = sysdb_search_group_by_gid(tmp_ctx, group_sysdb,
gid, group_attrs, &group);
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index 53113fb0..6e0f4bfa 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -389,13 +389,13 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
struct local_mapping_ranges *range_map,
struct dom_sid *domain_sid,
struct PAC_LOGON_INFO *logon_info,
- size_t *_gid_count, gid_t **_gids)
+ size_t *_gid_count, struct pac_grp **_gids)
{
int ret;
size_t g = 0;
size_t s;
struct netr_SamInfo3 *info3;
- gid_t *gids = NULL;
+ struct pac_grp *gids = NULL;
info3 = &logon_info->info3;
@@ -405,7 +405,7 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
goto done;
}
- gids = talloc_array(mem_ctx, gid_t, info3->sidcount);
+ gids = talloc_zero_array(mem_ctx, struct pac_grp, info3->sidcount);
if (gids == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n"));
ret = ENOMEM;
@@ -414,13 +414,14 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
for(s = 0; s < info3->sidcount; s++) {
if (dom_sid_in_domain(domain_sid, info3->sids[s].sid)) {
- ret = local_sid_to_id(range_map, info3->sids[s].sid, &gids[g]);
+ ret = local_sid_to_id(range_map, info3->sids[s].sid,
+ &gids[g].gid);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("get_rid failed.\n"));
goto done;
}
DEBUG(SSSDBG_TRACE_ALL, ("Found extra group "
- "with gid [%d].\n", gids[g]));
+ "with gid [%d].\n", gids[g].gid));
g++;
}
}
@@ -627,9 +628,9 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
size_t cur_grp_num,
struct grp_info *cur_grp_list,
size_t new_gid_num,
- gid_t *new_gid_list,
+ struct pac_grp *new_gid_list,
size_t *_add_gid_num,
- gid_t **_add_gid_list,
+ struct pac_grp **_add_gid_list,
size_t *_del_grp_num,
struct grp_info ***_del_grp_list)
{
@@ -639,7 +640,7 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
hash_key_t key;
hash_value_t value;
size_t add_gid_num = 0;
- gid_t *add_gid_list = NULL;
+ struct pac_grp *add_gid_list = NULL;
size_t del_grp_num = 0;
struct grp_info **del_grp_list = NULL;
TALLOC_CTX *tmp_ctx = NULL;
@@ -666,7 +667,7 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
if (cur_grp_num == 0 && new_gid_num != 0) {
add_gid_num = new_gid_num;
- add_gid_list = talloc_array(tmp_ctx, gid_t, add_gid_num);
+ add_gid_list = talloc_array(tmp_ctx, struct pac_grp, add_gid_num);
if (add_gid_list == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n"));
ret = ENOMEM;
@@ -721,13 +722,14 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
}
for (c = 0; c < new_gid_num; c++) {
- key.ul = (unsigned long) new_gid_list[c];
+ key.ul = (unsigned long) new_gid_list[c].gid;
ret = hash_delete(table, &key);
if (ret == HASH_ERROR_KEY_NOT_FOUND) {
/* gid not found, must be added */
add_gid_num++;
- add_gid_list = talloc_realloc(tmp_ctx, add_gid_list, gid_t, add_gid_num);
+ add_gid_list = talloc_realloc(tmp_ctx, add_gid_list, struct pac_grp,
+ add_gid_num);
if (add_gid_list == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_realloc failed.\n"));
ret = ENOMEM;