ipa-kdb: Read global defaul ipaKrbAuthzData

The ipaKrbAuthzData LDAP attribute is read from the ipaConfig object and the read value(s) are stored in the ipadb context. https://fedorahosted.org/freeipa/ticket/2960
2025-02-25 18:55:28 -06:00 · 2013-02-12 11:01:11 +01:00 · 2013-02-12 11:01:11 +01:00 · d5216d5428
commit d5216d5428
parent 2d90724a7e
2 changed files with 29 additions and 1 deletions
--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
@ -40,6 +40,8 @@ struct ipadb_context *ipadb_get_context(krb5_context kcontext)
 static void ipadb_context_free(krb5_context kcontext,
                               struct ipadb_context **ctx)
 {
+    size_t c;
+
    if (*ctx != NULL) {
        free((*ctx)->uri);
        free((*ctx)->base);
@ -51,6 +53,12 @@ static void ipadb_context_free(krb5_context kcontext,
        free((*ctx)->supp_encs);
        ipadb_mspac_struct_free(&(*ctx)->mspac);
        krb5_free_default_realm(kcontext, (*ctx)->realm);
+
+        for (c = 0; (*ctx)->authz_data && (*ctx)->authz_data[c]; c++) {
+            free((*ctx)->authz_data[c]);
+        }
+        free((*ctx)->authz_data);
+
        free(*ctx);
        *ctx = NULL;
    }
@ -167,13 +175,14 @@ done:

 int ipadb_get_global_configs(struct ipadb_context *ipactx)
 {
-    char *attrs[] = { "ipaConfigString", NULL };
+    char *attrs[] = { "ipaConfigString", IPA_KRB_AUTHZ_DATA_ATTR, NULL };
    struct berval **vals = NULL;
    LDAPMessage *res = NULL;
    LDAPMessage *first;
    char *base = NULL;
    int i;
    int ret;
+    char **authz_data_list;

    ret = asprintf(&base, "cn=ipaConfig,cn=etc,%s", ipactx->base);
    if (ret == -1) {
@ -215,6 +224,22 @@ int ipadb_get_global_configs(struct ipadb_context *ipactx)
        }
    }

+    ret = ipadb_ldap_attr_to_strlist(ipactx->lcontext, first,
+                                     IPA_KRB_AUTHZ_DATA_ATTR, &authz_data_list);
+    if (ret != 0 && ret != ENOENT) {
+        goto done;
+    }
+    if (ret == 0) {
+        if (ipactx->authz_data != NULL) {
+            for (i = 0; ipactx->authz_data[i]; i++) {
+                free(ipactx->authz_data[i]);
+            }
+            free(ipactx->authz_data);
+        }
+
+        ipactx->authz_data = authz_data_list;
+    }
+
    ret = 0;

 done:
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@ -74,6 +74,8 @@

 #define IPA_SETUP "ipa-setup-override-restrictions"

+#define IPA_KRB_AUTHZ_DATA_ATTR "ipaKrbAuthzData"
+
 struct ipadb_mspac;

 struct ipadb_context {
@ -89,6 +91,7 @@ struct ipadb_context {
    struct ipadb_mspac *mspac;
    bool disable_last_success;
    bool disable_lockout;
+    char **authz_data;
 };

 #define IPA_E_DATA_MAGIC 0x0eda7a