mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
ipa-kdb: Read ipaKrbAuthzData with other principal data
The ipaKrbAuthzData LDAP attribute is read together with the other data of the requestedprincipal and the read value(s) are stored in the e-data of the entry for later use. https://fedorahosted.org/freeipa/ticket/2960
This commit is contained in:
parent
d5216d5428
commit
3eb64f0a5c
@ -105,6 +105,7 @@ struct ipadb_e_data {
|
||||
char **pw_history;
|
||||
struct ipapwd_policy *pol;
|
||||
time_t last_admin_unlock;
|
||||
char **authz_data;
|
||||
};
|
||||
|
||||
struct ipadb_context *ipadb_get_context(krb5_context kcontext);
|
||||
|
@ -63,6 +63,7 @@ static char *std_principal_attrs[] = {
|
||||
/* IPA SPECIFIC ATTRIBUTES */
|
||||
"nsaccountlock",
|
||||
"passwordHistory",
|
||||
IPA_KRB_AUTHZ_DATA_ATTR,
|
||||
|
||||
"objectClass",
|
||||
NULL
|
||||
@ -237,6 +238,7 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
|
||||
krb5_kvno mkvno = 0;
|
||||
char **restrlist;
|
||||
char *restring;
|
||||
char **authz_data_list;
|
||||
krb5_timestamp restime;
|
||||
bool resbool;
|
||||
int result;
|
||||
@ -503,6 +505,17 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
|
||||
ied->last_admin_unlock = restime;
|
||||
}
|
||||
|
||||
ret = ipadb_ldap_attr_to_strlist(lcontext, lentry,
|
||||
IPA_KRB_AUTHZ_DATA_ATTR, &authz_data_list);
|
||||
if (ret != 0 && ret != ENOENT) {
|
||||
kerr = KRB5_KDB_INTERNAL_ERROR;
|
||||
goto done;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ied->authz_data = authz_data_list;
|
||||
}
|
||||
|
||||
|
||||
kerr = 0;
|
||||
|
||||
done:
|
||||
@ -831,6 +844,10 @@ void ipadb_free_principal(krb5_context kcontext, krb5_db_entry *entry)
|
||||
free(ied->pw_history[i]);
|
||||
}
|
||||
free(ied->pw_history);
|
||||
for (i = 0; ied->authz_data && ied->authz_data[i]; i++) {
|
||||
free(ied->authz_data[i]);
|
||||
}
|
||||
free(ied->authz_data);
|
||||
free(ied->pol);
|
||||
free(ied);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user