IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Split out manipulation of logon_info blob

Browse Source 
This way multiple functions can manipulate the logon info structure until all
operations we want to do on it are done and then fold it back once.
This commit is contained in:
Simo Sorce 2012-07-13 12:42:11 -04:00
parent 1bb9eb7da3
commit 754d0bea06
1 changed files with 72 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
daemons/ipa-kdb/ipa_kdb_mspac.c
View File

@ -900,83 +900,112 @@ done:
return kerr; return kerr;
} }
static krb5_error_code add_local_groups(krb5_context context, static krb5_error_code get_logon_info(krb5_context context,
krb5_data *pac_blob) TALLOC_CTX *memctx,
krb5_data *pac_blob,
struct PAC_LOGON_INFO_CTR *info)
{ {
DATA_BLOB pac_data; DATA_BLOB pac_data;
union PAC_INFO pac_info;
krb5_error_code kerr;
enum ndr_err_code ndr_err; enum ndr_err_code ndr_err;
TALLOC_CTX *tmpctx;
pac_data.length = pac_blob->length;
pac_data.data = (uint8_t *)pac_blob->data;
ndr_err = ndr_pull_union_blob(&pac_data, memctx, info,
PAC_TYPE_LOGON_INFO,
(ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return KRB5_KDB_INTERNAL_ERROR;
}
return 0;
}
static krb5_error_code add_local_groups(krb5_context context,
TALLOC_CTX *memctx,
struct PAC_LOGON_INFO_CTR *info)
{
int ret; int ret;
char **group_sids = NULL; char **group_sids = NULL;
size_t ipa_group_sids_count = 0; size_t ipa_group_sids_count = 0;
struct dom_sid *ipa_group_sids = NULL; struct dom_sid *ipa_group_sids = NULL;
tmpctx = talloc_new(NULL); ret = get_group_sids(memctx, info, &group_sids);
if (!tmpctx) {
return ENOMEM;
}
pac_data.length = pac_blob->length;
pac_data.data = (uint8_t *)pac_blob->data;
ndr_err = ndr_pull_union_blob(&pac_data, tmpctx, &pac_info,
PAC_TYPE_LOGON_INFO,
(ndr_pull_flags_fn_t) ndr_pull_PAC_INFO);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
krb5_klog_syslog(LOG_ERR, "ndr_pull_union_blob failed");
kerr = KRB5_KDB_INTERNAL_ERROR;
goto done;
}
ret = get_group_sids(tmpctx, &pac_info.logon_info, &group_sids);
if (ret != 0) { if (ret != 0) {
krb5_klog_syslog(LOG_ERR, "get_group_sids failed"); return KRB5_KDB_INTERNAL_ERROR;
kerr = KRB5_KDB_INTERNAL_ERROR;
goto done;
} }
ret = map_groups(tmpctx, context, group_sids, &ipa_group_sids_count, ret = map_groups(memctx, context, group_sids, &ipa_group_sids_count,
&ipa_group_sids); &ipa_group_sids);
if (ret != 0) { if (ret != 0) {
krb5_klog_syslog(LOG_ERR, "map_groups failed"); return KRB5_KDB_INTERNAL_ERROR;
kerr = KRB5_KDB_INTERNAL_ERROR;
goto done;
} }
ret = add_groups(tmpctx, &pac_info.logon_info, ipa_group_sids_count, ret = add_groups(memctx, info, ipa_group_sids_count, ipa_group_sids);
ipa_group_sids);
if (ret != 0) { if (ret != 0) {
krb5_klog_syslog(LOG_ERR, "add_groups failed"); krb5_klog_syslog(LOG_ERR, "add_groups failed");
kerr = KRB5_KDB_INTERNAL_ERROR; return KRB5_KDB_INTERNAL_ERROR;
goto done;
} }
ndr_err = ndr_push_union_blob(&pac_data, tmpctx, &pac_info, return 0;
}
static krb5_error_code save_logon_info(krb5_context context,
TALLOC_CTX *memctx,
struct PAC_LOGON_INFO_CTR *info,
krb5_data *pac_blob)
{
DATA_BLOB pac_data;
enum ndr_err_code ndr_err;
ndr_err = ndr_push_union_blob(&pac_data, memctx, info,
PAC_TYPE_LOGON_INFO, PAC_TYPE_LOGON_INFO,
(ndr_push_flags_fn_t)ndr_push_PAC_INFO); (ndr_push_flags_fn_t)ndr_push_PAC_INFO);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
krb5_klog_syslog(LOG_ERR, "ndr_push_union_blob failed"); return KRB5_KDB_INTERNAL_ERROR;
kerr = KRB5_KDB_INTERNAL_ERROR;
goto done;
} }
free(pac_blob->data); free(pac_blob->data);
pac_blob->data = malloc(pac_data.length); pac_blob->data = malloc(pac_data.length);
if (pac_blob->data == NULL) { if (pac_blob->data == NULL) {
pac_blob->length = 0; pac_blob->length = 0;
kerr = ENOMEM; return ENOMEM;
goto done;
} }
memcpy(pac_blob->data, pac_data.data, pac_data.length); memcpy(pac_blob->data, pac_data.data, pac_data.length);
pac_blob->length = pac_data.length; pac_blob->length = pac_data.length;
kerr = 0; return 0;
}
static krb5_error_code ipadb_check_logon_info(krb5_context context,
krb5_data *pac_blob)
{
struct PAC_LOGON_INFO_CTR info;
krb5_error_code kerr;
TALLOC_CTX *tmpctx;
tmpctx = talloc_new(NULL);
if (!tmpctx) {
return ENOMEM;
}
kerr = get_logon_info(context, tmpctx, pac_blob, &info);
if (kerr) {
goto done;
}
kerr = add_local_groups(context, tmpctx, &info);
if (kerr) {
goto done;
}
kerr = save_logon_info(context, tmpctx, &info, pac_blob);
if (kerr) {
goto done;
}
done: done:
talloc_free(tmpctx); talloc_free(tmpctx);
return kerr; return kerr;
} }
@ -1050,7 +1079,7 @@ static krb5_error_code ipadb_verify_pac(krb5_context context,
goto done; goto done;
} }
kerr = add_local_groups(context, &pac_blob); kerr = ipadb_check_logon_info(context, &pac_blob);
if (kerr != 0) { if (kerr != 0) {
goto done; goto done;
} }