diff options
Diffstat (limited to 'daemons/ipa-kdb')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb.h | 9 | ||||
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_mspac.c | 49 |
2 files changed, 33 insertions, 25 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index c1cc7a7d8..0a179dbcf 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -74,12 +74,7 @@ #define IPA_SETUP "ipa-setup-override-restrictions" -struct ipadb_wincompat { - char *flat_domain_name; - char *flat_server_name; - char *fallback_group; - uint32_t fallback_rid; -}; +struct ipadb_mspac; struct ipadb_context { char *uri; @@ -91,7 +86,7 @@ struct ipadb_context { bool override_restrictions; krb5_key_salt_tuple *supp_encs; int n_supp_encs; - struct ipadb_wincompat wc; + struct ipadb_mspac *mspac; bool disable_last_success; bool disable_lockout; }; diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 1c7487c3c..44cf522a0 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -26,6 +26,13 @@ #include "util/time.h" #include "gen_ndr/ndr_krb5pac.h" +struct ipadb_mspac { + char *flat_domain_name; + char *flat_server_name; + char *fallback_group; + uint32_t fallback_rid; +}; + int krb5_klog_syslog(int, const char *, ...); @@ -460,8 +467,8 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, } if (info3->base.primary_gid == 0) { - if (ipactx->wc.fallback_rid) { - info3->base.primary_gid = ipactx->wc.fallback_rid; + if (ipactx->mspac->fallback_rid) { + info3->base.primary_gid = ipactx->mspac->fallback_rid; } else { /* can't give a pack without a primary group rid */ return ENOENT; @@ -474,9 +481,9 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, /* always zero out, not used for Krb, only NTLM */ memset(&info3->base.key, '\0', sizeof(info3->base.key)); - if (ipactx->wc.flat_server_name) { + if (ipactx->mspac->flat_server_name) { info3->base.logon_server.string = - talloc_strdup(memctx, ipactx->wc.flat_server_name); + talloc_strdup(memctx, ipactx->mspac->flat_server_name); if (!info3->base.logon_server.string) { return ENOMEM; } @@ -485,9 +492,9 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, return ENOENT; } - if (ipactx->wc.flat_domain_name) { + if (ipactx->mspac->flat_domain_name) { info3->base.logon_domain.string = - talloc_strdup(memctx, ipactx->wc.flat_domain_name); + talloc_strdup(memctx, ipactx->mspac->flat_domain_name); if (!info3->base.logon_domain.string) { return ENOMEM; } @@ -1318,11 +1325,17 @@ krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx) int ret; /* clean up in case we had old values around */ - free(ipactx->wc.flat_domain_name); - ipactx->wc.flat_domain_name = NULL; - free(ipactx->wc.fallback_group); - ipactx->wc.fallback_group = NULL; - ipactx->wc.fallback_rid = 0; + if (ipactx->mspac) { + free(ipactx->mspac->flat_domain_name); + free(ipactx->mspac->fallback_group); + free(ipactx->mspac); + } + + ipactx->mspac = calloc(1, sizeof(struct ipadb_mspac)); + if (!ipactx->mspac) { + kerr = ENOMEM; + goto done; + } kerr = ipadb_simple_search(ipactx, ipactx->base, LDAP_SCOPE_SUBTREE, "(objectclass=ipaNTDomainAttrs)", dom_attrs, @@ -1341,22 +1354,22 @@ krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx) ret = ipadb_ldap_attr_to_str(ipactx->lcontext, lentry, "ipaNTFlatName", - &ipactx->wc.flat_domain_name); + &ipactx->mspac->flat_domain_name); if (ret) { kerr = ret; goto done; } - free(ipactx->wc.flat_server_name); - ipactx->wc.flat_server_name = get_server_netbios_name(); - if (!ipactx->wc.flat_server_name) { + free(ipactx->mspac->flat_server_name); + ipactx->mspac->flat_server_name = get_server_netbios_name(); + if (!ipactx->mspac->flat_server_name) { kerr = ENOMEM; goto done; } ret = ipadb_ldap_attr_to_str(ipactx->lcontext, lentry, "ipaNTFallbackPrimaryGroup", - &ipactx->wc.fallback_group); + &ipactx->mspac->fallback_group); if (ret && ret != ENOENT) { kerr = ret; goto done; @@ -1368,7 +1381,7 @@ krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx) lentry = NULL; if (ret != ENOENT) { - kerr = ipadb_simple_search(ipactx, ipactx->wc.fallback_group, + kerr = ipadb_simple_search(ipactx, ipactx->mspac->fallback_group, LDAP_SCOPE_BASE, "(objectclass=posixGroup)", grp_attrs, &result); @@ -1397,7 +1410,7 @@ krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx) kerr = ret; goto done; } - ret = sid_split_rid(&gsid, &ipactx->wc.fallback_rid); + ret = sid_split_rid(&gsid, &ipactx->mspac->fallback_rid); if (ret) { kerr = ret; goto done; |