summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-kdb/ipa_kdb_principals.c
diff options
context:
space:
mode:
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb_principals.c')
-rw-r--r--daemons/ipa-kdb/ipa_kdb_principals.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 13f6a21f1..11c155e64 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -63,6 +63,7 @@ static char *std_principal_attrs[] = {
/* IPA SPECIFIC ATTRIBUTES */
"nsaccountlock",
"passwordHistory",
+ IPA_KRB_AUTHZ_DATA_ATTR,
"objectClass",
NULL
@@ -237,6 +238,7 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
krb5_kvno mkvno = 0;
char **restrlist;
char *restring;
+ char **authz_data_list;
krb5_timestamp restime;
bool resbool;
int result;
@@ -503,6 +505,17 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
ied->last_admin_unlock = restime;
}
+ ret = ipadb_ldap_attr_to_strlist(lcontext, lentry,
+ IPA_KRB_AUTHZ_DATA_ATTR, &authz_data_list);
+ if (ret != 0 && ret != ENOENT) {
+ kerr = KRB5_KDB_INTERNAL_ERROR;
+ goto done;
+ }
+ if (ret == 0) {
+ ied->authz_data = authz_data_list;
+ }
+
+
kerr = 0;
done:
@@ -831,6 +844,10 @@ void ipadb_free_principal(krb5_context kcontext, krb5_db_entry *entry)
free(ied->pw_history[i]);
}
free(ied->pw_history);
+ for (i = 0; ied->authz_data && ied->authz_data[i]; i++) {
+ free(ied->authz_data[i]);
+ }
+ free(ied->authz_data);
free(ied->pol);
free(ied);
}
generated by cgit (git 2.34.1) at 2024-06-15 10:43:00 +0000