diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2015-05-20 18:24:52 +0300 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-07-08 01:56:52 +0200 |
commit | 88c10dd9750516f49e6bbfa0246d390b3a10fc91 (patch) | |
tree | d87b9ece4b0d69025e6b8b851cd41be8c3cac778 /daemons/ipa-kdb/ipa_kdb_mspac.c | |
parent | e8ff6a3ef689e897a4b4bd0ceb1d84c4da82bbc6 (diff) | |
download | freeipa-88c10dd9750516f49e6bbfa0246d390b3a10fc91.tar.gz freeipa-88c10dd9750516f49e6bbfa0246d390b3a10fc91.tar.xz freeipa-88c10dd9750516f49e6bbfa0246d390b3a10fc91.zip |
ipa-kdb: use proper memory chunk size when moving sids
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1222475
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb_mspac.c')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_mspac.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 0e53a8099..390111f7d 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -1394,7 +1394,15 @@ static krb5_error_code filter_logon_info(krb5_context context, if (result) { filter_logon_info_log_message(info->info->info3.sids[i].sid); } else { + /* Go over incoming SID blacklist */ for(k = 0; k < domain->len_sid_blacklist_incoming; k++) { + /* if SID is an exact match, filter it out */ + result = dom_sid_check(&domain->sid_blacklist_incoming[k], info->info->info3.sids[i].sid, true); + if (result) { + filter_logon_info_log_message(info->info->info3.sids[i].sid); + break; + } + /* if SID is a suffix of the blacklist element, filter it out*/ result = dom_sid_is_prefix(&domain->sid_blacklist_incoming[k], info->info->info3.sids[i].sid); if (result) { filter_logon_info_log_message(info->info->info3.sids[i].sid); @@ -1403,11 +1411,17 @@ static krb5_error_code filter_logon_info(krb5_context context, } } if (result) { + k = count - i - j - 1; + if (k != 0) { + memmove(info->info->info3.sids+i, + info->info->info3.sids+i+1, + sizeof(struct netr_SidAttr)*k); + } j++; - memmove(info->info->info3.sids+i, info->info->info3.sids+i+1, count-i-1); + } else { + i++; } - i++; - } while (i < count); + } while ((i + j) < count); if (j != 0) { count = count-j; |