mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-26 08:51:50 -06:00
827ea50566
SIDs in incoming MS-PAC were checked and filtered with a fixed list of well-known SIDs. Allow reading the SID blacklist from LDAP (ipaNTSIDBlacklistIncoming and ipaNTSIDBlacklistOutgoing) and add the list to mspac adtrust structure. Use the hardcoded SID list only if the LDAP SID list is not configured. LIMITATION: SID blacklist list is not used yet. https://fedorahosted.org/freeipa/ticket/3289
33 lines
489 B
C
33 lines
489 B
C
#ifndef __IPA_MSPAC_H_
|
|
#define __IPA_MSPAC_H_
|
|
|
|
char *ipa_mspac_well_known_sids[] = {
|
|
"S-1-0",
|
|
"S-1-1",
|
|
"S-1-2",
|
|
"S-1-3",
|
|
"S-1-5-1",
|
|
"S-1-5-2",
|
|
"S-1-5-3",
|
|
"S-1-5-4",
|
|
"S-1-5-5",
|
|
"S-1-5-6",
|
|
"S-1-5-7",
|
|
"S-1-5-8",
|
|
"S-1-5-9",
|
|
"S-1-5-10",
|
|
"S-1-5-11",
|
|
"S-1-5-12",
|
|
"S-1-5-13",
|
|
"S-1-5-14",
|
|
"S-1-5-15",
|
|
"S-1-5-16",
|
|
"S-1-5-17",
|
|
"S-1-5-18",
|
|
"S-1-5-19",
|
|
"S-1-5-20",
|
|
NULL
|
|
};
|
|
|
|
#endif /* __IPA_MSPAC_H_ */
|