mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
a9018da90d
For generating PAC we need to know SID of the object and a number of required attributes. However, trusted domain objects do not have these attributes. Luckily, IPA LDAP schema puts them under actual trust objects which have all the additional (POSIX) attributes. Refactor PAC generator to accept secondary LDAP entry and use that one to pull up required attributes. We only use this for trusted domain objects. Fixes: https://pagure.io/freeipa/issue/9083 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Julien Rische <jrische@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> |
||
---|---|---|
.. | ||
tests | ||
ipa_kdb_audit_as.c | ||
ipa_kdb_certauth.c | ||
ipa_kdb_common.c | ||
ipa_kdb_delegation.c | ||
ipa_kdb_kdcpolicy.c | ||
ipa_kdb_mkey.c | ||
ipa_kdb_mspac_private.h | ||
ipa_kdb_mspac_v6.c | ||
ipa_kdb_mspac_v9.c | ||
ipa_kdb_mspac.c | ||
ipa_kdb_passwords.c | ||
ipa_kdb_principals.c | ||
ipa_kdb_pwdpolicy.c | ||
ipa_kdb.c | ||
ipa_kdb.exports | ||
ipa_kdb.h | ||
ipa-print-pac.c | ||
Makefile.am | ||
README | ||
README.s4u2proxy.txt |
This is the ipa krb5kdc database backend. As the KDB interfaces heavily with krb5, we inherit its code style as well. However, note the following changes: - no modelines (and different file preamble) - return types don't require their own line - single-statement blocks may optionally be braced - /* and */ do not ever get their own line - C99 for-loops are permitted (and encouraged) - a restricted set of other C99 features are permitted In particular, variable-length arrays, flexible array members, compound literals, universal character names, and //-style comments are not permitted. Use of regular malloc/free is preferred over talloc for new code. By and large, existing code mostly conforms to these requirements. New code must conform to them.