summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-02-12 09:44:32 +0100
committerMartin Kosek <mkosek@redhat.com>2013-03-08 10:46:00 +0100
commit3eb64f0a5c1968c97af5bfb4718c36b9f824ea8f (patch)
treeb2cfc8ba5fb51febb77354ec9b278a0a256f4eb1
parentd5216d5428dc9653c382656bd5187f1e49b3fe02 (diff)
downloadfreeipa-3eb64f0a5c1968c97af5bfb4718c36b9f824ea8f.tar.gz
freeipa-3eb64f0a5c1968c97af5bfb4718c36b9f824ea8f.tar.xz
freeipa-3eb64f0a5c1968c97af5bfb4718c36b9f824ea8f.zip
ipa-kdb: Read ipaKrbAuthzData with other principal data
The ipaKrbAuthzData LDAP attribute is read together with the other data of the requestedprincipal and the read value(s) are stored in the e-data of the entry for later use. https://fedorahosted.org/freeipa/ticket/2960
Diffstat
-rw-r--r--daemons/ipa-kdb/ipa_kdb.h1
-rw-r--r--daemons/ipa-kdb/ipa_kdb_principals.c17
2 files changed, 18 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 7b1576124..9daaab80d 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -105,6 +105,7 @@ struct ipadb_e_data {
char **pw_history;
struct ipapwd_policy *pol;
time_t last_admin_unlock;
+ char **authz_data;
};
struct ipadb_context *ipadb_get_context(krb5_context kcontext);
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 13f6a21f1..11c155e64 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -63,6 +63,7 @@ static char *std_principal_attrs[] = {
/* IPA SPECIFIC ATTRIBUTES */
"nsaccountlock",
"passwordHistory",
+ IPA_KRB_AUTHZ_DATA_ATTR,
"objectClass",
NULL
@@ -237,6 +238,7 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
krb5_kvno mkvno = 0;
char **restrlist;
char *restring;
+ char **authz_data_list;
krb5_timestamp restime;
bool resbool;
int result;
@@ -503,6 +505,17 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
ied->last_admin_unlock = restime;
}
+ ret = ipadb_ldap_attr_to_strlist(lcontext, lentry,
+ IPA_KRB_AUTHZ_DATA_ATTR, &authz_data_list);
+ if (ret != 0 && ret != ENOENT) {
+ kerr = KRB5_KDB_INTERNAL_ERROR;
+ goto done;
+ }
+ if (ret == 0) {
+ ied->authz_data = authz_data_list;
+ }
+
+
kerr = 0;
done:
@@ -831,6 +844,10 @@ void ipadb_free_principal(krb5_context kcontext, krb5_db_entry *entry)
free(ied->pw_history[i]);
}
free(ied->pw_history);
+ for (i = 0; ied->authz_data && ied->authz_data[i]; i++) {
+ free(ied->authz_data[i]);
+ }
+ free(ied->authz_data);
free(ied->pol);
free(ied);
}
generated by cgit (git 2.34.1) at 2024-05-07 09:36:31 +0000