IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Lookup the user SID in external group as well

Browse Source 
Currently only the group SIDs from a PAC are used to find out about the
membership in local groups. This patch adds the user SID to the list.

Fixes https://fedorahosted.org/freeipa/ticket/3257
This commit is contained in:
Sumit Bose 2012-11-14 14:22:15 +01:00 committed by Rob Crittenden
parent 5269458f55
commit c5e055ae00
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
daemons/ipa-kdb/ipa_kdb_mspac.c
View File

@ -678,9 +678,9 @@ static char *gen_sid_string(TALLOC_CTX *memctx, struct dom_sid *dom_sid,
return str;
}
static int get_group_sids(TALLOC_CTX *memctx,
struct PAC_LOGON_INFO_CTR *logon_info,
char ***_group_sids)
static int get_user_and_group_sids(TALLOC_CTX *memctx,
struct PAC_LOGON_INFO_CTR *logon_info,
char ***_group_sids)
{
int ret;
size_t c;
@ -696,7 +696,7 @@ static int get_group_sids(TALLOC_CTX *memctx,
}
group_sids = talloc_array(memctx, char *,
2 +
3 +
logon_info->info->info3.base.groups.count +
logon_info->info->info3.sidcount);
if (group_sids == NULL) {
@ -705,6 +705,15 @@ static int get_group_sids(TALLOC_CTX *memctx,
goto done;
}
group_sids[p] = gen_sid_string(memctx, domain_sid,
logon_info->info->info3.base.rid);
if (group_sids[p] == NULL) {
krb5_klog_syslog(LOG_ERR, "gen_sid_string failed");
ret = EINVAL;
goto done;
}
p++;
group_sids[p] = gen_sid_string(memctx, domain_sid,
logon_info->info->info3.base.primary_gid);
if (group_sids[p] == NULL) {
@ -949,7 +958,7 @@ static krb5_error_code add_local_groups(krb5_context context,
size_t ipa_group_sids_count = 0;
struct dom_sid *ipa_group_sids = NULL;
ret = get_group_sids(memctx, info, &group_sids);
ret = get_user_and_group_sids(memctx, info, &group_sids);
if (ret != 0) {
return KRB5_KDB_INTERNAL_ERROR;
}