diff options
author | Sumit Bose <sbose@redhat.com> | 2012-11-23 18:35:08 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-08 14:42:56 +0100 |
commit | 8d371b14623e1dced3ddc885ff7d8cd2cbf50604 (patch) | |
tree | 14dec6e1da7e10dc84bff0701e363f2b95607019 /src | |
parent | 53bf0219474371e4c7bc0315a42d1e39acf083bb (diff) | |
download | sssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.tar.gz sssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.tar.bz2 sssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.zip |
Use struct pac_grp instead of gid_t for groups from PAC
To be able to handle groupmemberships from other domains more data than
just the gid must be kept for groups given in the PAC.
Diffstat (limited to 'src')
-rw-r--r-- | src/responder/pac/pacsrv.h | 11 | ||||
-rw-r--r-- | src/responder/pac/pacsrv_cmd.c | 8 | ||||
-rw-r--r-- | src/responder/pac/pacsrv_utils.c | 24 | ||||
-rw-r--r-- | src/tests/pac_responder-tests.c | 19 |
4 files changed, 36 insertions, 26 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h index 8b73d995..8cd49284 100644 --- a/src/responder/pac/pacsrv.h +++ b/src/responder/pac/pacsrv.h @@ -71,6 +71,11 @@ struct grp_info { struct ldb_dn *dn; }; +struct pac_grp { + gid_t gid; + struct sss_domain_info *grp_dom; +}; + int pac_cmd_execute(struct cli_ctx *cctx); struct sss_cmd_table *get_pac_cmds(void); @@ -98,7 +103,7 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, struct local_mapping_ranges *range_map, struct dom_sid *domain_sid, struct PAC_LOGON_INFO *logon_info, - size_t *_gid_count, gid_t **_gids); + size_t *_gid_count, struct pac_grp **_gids); errno_t get_data_from_pac(TALLOC_CTX *mem_ctx, uint8_t *pac_blob, size_t pac_len, @@ -115,9 +120,9 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx, size_t cur_grp_num, struct grp_info *cur_gid_list, size_t new_gid_num, - gid_t *new_gid_list, + struct pac_grp *new_gid_list, size_t *_add_gid_num, - gid_t **_add_gid_list, + struct pac_grp **_add_gid_list, size_t *_del_gid_num, struct grp_info ***_del_gid_list); #endif /* __PACSRV_H__ */ diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index 277cf4b1..9f201f5c 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -60,13 +60,13 @@ struct pac_req_ctx { struct dom_sid2 *domain_sid; size_t gid_count; - gid_t *gids; + struct pac_grp *gids; size_t current_grp_count; struct grp_info *current_grp_list; size_t add_gid_count; - gid_t *add_gids; + struct pac_grp *add_gids; size_t del_grp_count; struct grp_info **del_grp_list; @@ -581,7 +581,7 @@ static errno_t pac_save_memberships_next(struct tevent_req *req) } while (state->gid_iter < pr_ctx->add_gid_count) { - gid = pr_ctx->add_gids[state->gid_iter]; + gid = pr_ctx->add_gids[state->gid_iter].gid; ret = pac_store_membership(state->pr_ctx, state->group_dom->sysdb, state->user_dn, state->gid_iter); @@ -671,7 +671,7 @@ pac_store_membership(struct pac_req_ctx *pr_ctx, return ENOMEM; } - gid = pr_ctx->add_gids[gid_iter]; + gid = pr_ctx->add_gids[gid_iter].gid; ret = sysdb_search_group_by_gid(tmp_ctx, group_sysdb, gid, group_attrs, &group); diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c index 53113fb0..6e0f4bfa 100644 --- a/src/responder/pac/pacsrv_utils.c +++ b/src/responder/pac/pacsrv_utils.c @@ -389,13 +389,13 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, struct local_mapping_ranges *range_map, struct dom_sid *domain_sid, struct PAC_LOGON_INFO *logon_info, - size_t *_gid_count, gid_t **_gids) + size_t *_gid_count, struct pac_grp **_gids) { int ret; size_t g = 0; size_t s; struct netr_SamInfo3 *info3; - gid_t *gids = NULL; + struct pac_grp *gids = NULL; info3 = &logon_info->info3; @@ -405,7 +405,7 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, goto done; } - gids = talloc_array(mem_ctx, gid_t, info3->sidcount); + gids = talloc_zero_array(mem_ctx, struct pac_grp, info3->sidcount); if (gids == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n")); ret = ENOMEM; @@ -414,13 +414,14 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, for(s = 0; s < info3->sidcount; s++) { if (dom_sid_in_domain(domain_sid, info3->sids[s].sid)) { - ret = local_sid_to_id(range_map, info3->sids[s].sid, &gids[g]); + ret = local_sid_to_id(range_map, info3->sids[s].sid, + &gids[g].gid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("get_rid failed.\n")); goto done; } DEBUG(SSSDBG_TRACE_ALL, ("Found extra group " - "with gid [%d].\n", gids[g])); + "with gid [%d].\n", gids[g].gid)); g++; } } @@ -627,9 +628,9 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx, size_t cur_grp_num, struct grp_info *cur_grp_list, size_t new_gid_num, - gid_t *new_gid_list, + struct pac_grp *new_gid_list, size_t *_add_gid_num, - gid_t **_add_gid_list, + struct pac_grp **_add_gid_list, size_t *_del_grp_num, struct grp_info ***_del_grp_list) { @@ -639,7 +640,7 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx, hash_key_t key; hash_value_t value; size_t add_gid_num = 0; - gid_t *add_gid_list = NULL; + struct pac_grp *add_gid_list = NULL; size_t del_grp_num = 0; struct grp_info **del_grp_list = NULL; TALLOC_CTX *tmp_ctx = NULL; @@ -666,7 +667,7 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx, if (cur_grp_num == 0 && new_gid_num != 0) { add_gid_num = new_gid_num; - add_gid_list = talloc_array(tmp_ctx, gid_t, add_gid_num); + add_gid_list = talloc_array(tmp_ctx, struct pac_grp, add_gid_num); if (add_gid_list == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n")); ret = ENOMEM; @@ -721,13 +722,14 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx, } for (c = 0; c < new_gid_num; c++) { - key.ul = (unsigned long) new_gid_list[c]; + key.ul = (unsigned long) new_gid_list[c].gid; ret = hash_delete(table, &key); if (ret == HASH_ERROR_KEY_NOT_FOUND) { /* gid not found, must be added */ add_gid_num++; - add_gid_list = talloc_realloc(tmp_ctx, add_gid_list, gid_t, add_gid_num); + add_gid_list = talloc_realloc(tmp_ctx, add_gid_list, struct pac_grp, + add_gid_num); if (add_gid_list == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_realloc failed.\n")); ret = ENOMEM; diff --git a/src/tests/pac_responder-tests.c b/src/tests/pac_responder-tests.c index 02cc242a..11870ce4 100644 --- a/src/tests/pac_responder-tests.c +++ b/src/tests/pac_responder-tests.c @@ -76,13 +76,16 @@ START_TEST(pac_test_get_gids_to_add_and_remove) int ret; size_t c; size_t add_gid_count = 0; - gid_t *add_gids = NULL; + struct pac_grp *add_gids = NULL; size_t del_gid_count = 0; struct grp_info **del_gids = NULL; - gid_t gid_list_2[] = {2}; - gid_t gid_list_3[] = {3}; - gid_t gid_list_23[] = {2, 3}; + struct pac_grp pac_grp_2 = {2, NULL}; + struct pac_grp pac_grp_3 = {3, NULL}; + + struct pac_grp gid_list_2[] = {pac_grp_2}; + struct pac_grp gid_list_3[] = {pac_grp_3}; + struct pac_grp gid_list_23[] = {pac_grp_2, pac_grp_3}; struct grp_info grp_info_1 = {1, NULL, NULL}; struct grp_info grp_info_2 = {2, NULL, NULL}; @@ -93,10 +96,10 @@ START_TEST(pac_test_get_gids_to_add_and_remove) size_t cur_gid_count; struct grp_info *cur_gids; size_t gid_count; - gid_t *gids; + struct pac_grp *gids; int exp_ret; size_t exp_add_gid_count; - gid_t *exp_add_gids; + struct pac_grp *exp_add_gids; size_t exp_del_gid_count; struct grp_info *exp_del_gids; } a_and_r_data[] = { @@ -155,10 +158,10 @@ START_TEST(pac_test_get_gids_to_add_and_remove) * only look at lists with 1 element. TODO: add code to compare lists * with more than 1 member. */ if (add_gid_count == 1) { - fail_unless(add_gids[0] == a_and_r_data[c].exp_add_gids[0], + fail_unless(add_gids[0].gid == a_and_r_data[c].exp_add_gids[0].gid, "Unexpected gid to add for test data #%d, " \ "expected [%d], got [%d]", - c, a_and_r_data[c].exp_add_gids[0], add_gids[0]); + c, a_and_r_data[c].exp_add_gids[0].gid, add_gids[0].gid); } if (del_gid_count == 1) { |