IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add krbticketPolicyAux objectclass if needed

Browse Source 
When modifying ticket flags add the objectclass to the object if it is missing.

https://fedorahosted.org/freeipa/ticket/3901
This commit is contained in:
Simo Sorce 2013-11-26 15:41:31 +00:00 committed by Petr Viktorin
parent ba0da01c1d
commit a1165ffbb8
2 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
daemons/ipa-kdb/ipa_kdb.h
View File

@ -117,6 +117,7 @@ struct ipadb_e_data {
struct ipapwd_policy *pol; struct ipapwd_policy *pol;
time_t last_admin_unlock; time_t last_admin_unlock;
char **authz_data; char **authz_data;
bool has_tktpolaux;
}; };
struct ipadb_context *ipadb_get_context(krb5_context kcontext); struct ipadb_context *ipadb_get_context(krb5_context kcontext);

34
daemons/ipa-kdb/ipa_kdb_principals.c
View File

@ -468,6 +468,17 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
ied->ipa_user = true; ied->ipa_user = true;
} }
/* check if it has the krbTicketPolicyAux objectclass */
ret = ipadb_ldap_attr_has_value(lcontext, lentry,
"objectClass", "krbTicketPolicyAux");
if (ret != 0 && ret != ENOENT) {
kerr = ret;
goto done;
}
if (ret == 0) {
ied->has_tktpolaux = true;
}
ret = ipadb_ldap_attr_to_str(lcontext, lentry, ret = ipadb_ldap_attr_to_str(lcontext, lentry,
"krbPwdPolicyReference", &restring); "krbPwdPolicyReference", &restring);
switch (ret) { switch (ret) {
@ -1411,6 +1422,29 @@ static krb5_error_code ipadb_entry_to_mods(krb5_context kcontext,
/* KADM5_ATTRIBUTES */ /* KADM5_ATTRIBUTES */
if (entry->mask & KMASK_ATTRIBUTES) { if (entry->mask & KMASK_ATTRIBUTES) {
/* if the object does not have the krbTicketPolicyAux class
* we need to add it or this will fail, only for modifications.
* We always add this objectclass by default when doing an add
* from scratch. */
if ((mod_op == LDAP_MOD_REPLACE) && entry->e_data) {
struct ipadb_e_data *ied;
ied = (struct ipadb_e_data *)entry->e_data;
if (ied->magic != IPA_E_DATA_MAGIC) {
kerr = EINVAL;
goto done;
}
if (!ied->has_tktpolaux) {
kerr = ipadb_get_ldap_mod_str(imods, "objectclass",
"krbTicketPolicyAux",
LDAP_MOD_ADD);
if (kerr) {
goto done;
}
}
}
kerr = ipadb_get_ldap_mod_int(imods, kerr = ipadb_get_ldap_mod_int(imods,
"krbTicketFlags", "krbTicketFlags",
(int)entry->attributes, (int)entry->attributes,