IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-kdb: Read global defaul ipaKrbAuthzData

Browse Source 
The ipaKrbAuthzData LDAP attribute is read from the ipaConfig object
and the read value(s) are stored in the ipadb context.

https://fedorahosted.org/freeipa/ticket/2960
This commit is contained in:
Sumit Bose 2013-02-12 11:01:11 +01:00 committed by Martin Kosek
parent 2d90724a7e
commit d5216d5428
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
daemons/ipa-kdb/ipa_kdb.c
View File

@ -40,6 +40,8 @@ struct ipadb_context *ipadb_get_context(krb5_context kcontext)
static void ipadb_context_free(krb5_context kcontext, static void ipadb_context_free(krb5_context kcontext,
struct ipadb_context **ctx) struct ipadb_context **ctx)
{ {
size_t c;
if (*ctx != NULL) { if (*ctx != NULL) {
free((*ctx)->uri); free((*ctx)->uri);
free((*ctx)->base); free((*ctx)->base);
@ -51,6 +53,12 @@ static void ipadb_context_free(krb5_context kcontext,
free((*ctx)->supp_encs); free((*ctx)->supp_encs);
ipadb_mspac_struct_free(&(*ctx)->mspac); ipadb_mspac_struct_free(&(*ctx)->mspac);
krb5_free_default_realm(kcontext, (*ctx)->realm); krb5_free_default_realm(kcontext, (*ctx)->realm);
for (c = 0; (*ctx)->authz_data && (*ctx)->authz_data[c]; c++) {
free((*ctx)->authz_data[c]);
}
free((*ctx)->authz_data);
free(*ctx); free(*ctx);
*ctx = NULL; *ctx = NULL;
} }
@ -167,13 +175,14 @@ done:
int ipadb_get_global_configs(struct ipadb_context *ipactx) int ipadb_get_global_configs(struct ipadb_context *ipactx)
{ {
char *attrs[] = { "ipaConfigString", NULL }; char *attrs[] = { "ipaConfigString", IPA_KRB_AUTHZ_DATA_ATTR, NULL };
struct berval **vals = NULL; struct berval **vals = NULL;
LDAPMessage *res = NULL; LDAPMessage *res = NULL;
LDAPMessage *first; LDAPMessage *first;
char *base = NULL; char *base = NULL;
int i; int i;
int ret; int ret;
char **authz_data_list;
ret = asprintf(&base, "cn=ipaConfig,cn=etc,%s", ipactx->base); ret = asprintf(&base, "cn=ipaConfig,cn=etc,%s", ipactx->base);
if (ret == -1) { if (ret == -1) {
@ -215,6 +224,22 @@ int ipadb_get_global_configs(struct ipadb_context *ipactx)
} }
} }
ret = ipadb_ldap_attr_to_strlist(ipactx->lcontext, first,
IPA_KRB_AUTHZ_DATA_ATTR, &authz_data_list);
if (ret != 0 && ret != ENOENT) {
goto done;
}
if (ret == 0) {
if (ipactx->authz_data != NULL) {
for (i = 0; ipactx->authz_data[i]; i++) {
free(ipactx->authz_data[i]);
}
free(ipactx->authz_data);
}
ipactx->authz_data = authz_data_list;
}
ret = 0; ret = 0;
done: done:

3
daemons/ipa-kdb/ipa_kdb.h
View File

@ -74,6 +74,8 @@
#define IPA_SETUP "ipa-setup-override-restrictions" #define IPA_SETUP "ipa-setup-override-restrictions"
#define IPA_KRB_AUTHZ_DATA_ATTR "ipaKrbAuthzData"
struct ipadb_mspac; struct ipadb_mspac;
struct ipadb_context { struct ipadb_context {
@ -89,6 +91,7 @@ struct ipadb_context {
struct ipadb_mspac *mspac; struct ipadb_mspac *mspac;
bool disable_last_success; bool disable_last_success;
bool disable_lockout; bool disable_lockout;
char **authz_data;
}; };
#define IPA_E_DATA_MAGIC 0x0eda7a #define IPA_E_DATA_MAGIC 0x0eda7a