diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-05-10 09:55:31 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-06 23:58:56 +0200 |
| commit | 92af6f25864b5c389b57d0f659686801b45ca58c (patch) | |
| tree | 739bd3da9da35820d45c2b2c4bdb0c65ae8777d4 /src/responder/pac/pacsrv.h | |
| parent | 3680bb9c72ea5c60e6ac2fd2cf500b801341ca59 (diff) | |
| download | sssd-92af6f25864b5c389b57d0f659686801b45ca58c.tar.gz sssd-92af6f25864b5c389b57d0f659686801b45ca58c.tar.xz sssd-92af6f25864b5c389b57d0f659686801b45ca58c.zip | |
Enhance PAC responder for AD users
This patch modifies the PAC responder so that it can be used with the AD
provider as well. The main difference is that the POSIX UIDs and GIDs
are now lookup up with the help of the SID instead of being calculated
algorithmically. This was necessary because the AD provider allows
either algorithmic mapping or reading the value from attributes stored
in AD.
Fixes https://fedorahosted.org/sssd/ticket/1558
Diffstat (limited to 'src/responder/pac/pacsrv.h')
| -rw-r--r-- | src/responder/pac/pacsrv.h | 61 |
1 files changed, 7 insertions, 54 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h index 71c24f979..6477e4499 100644 --- a/src/responder/pac/pacsrv.h +++ b/src/responder/pac/pacsrv.h @@ -54,80 +54,33 @@ struct pac_ctx { struct local_mapping_ranges *range_map; }; -struct range { - uint32_t min; - uint32_t max; -}; - -struct local_mapping_ranges { - struct range local_ids; - struct range primary_rids; - struct range secondary_rids; -}; - struct grp_info { gid_t gid; char *orig_dn; struct ldb_dn *dn; }; -struct pac_dom_grps { - struct sss_domain_info *grp_dom; - size_t gid_count; - gid_t *gids; -}; - struct sss_cmd_table *get_pac_cmds(void); -errno_t local_sid_to_id(struct local_mapping_ranges *map, struct dom_sid *sid, - uint32_t *id); - -errno_t add_idmap_domain(struct sss_idmap_ctx *idmap_ctx, - struct sysdb_ctx *sysdb, - const char *domain_name, - const char *dom_sid_str); - -errno_t domsid_rid_to_uid(struct pac_ctx *pac_ctx, - struct sysdb_ctx *sysdb, - const char *domain_name, - struct dom_sid2 *domsid, uint32_t rid, - uid_t *uid); - -errno_t get_parent_domain_data(struct pac_ctx *pac_ctx, - struct sss_domain_info *dom, - struct dom_sid **_sid, - struct local_mapping_ranges **_range_map); - -errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, +errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx, struct pac_ctx *pac_ctx, - struct local_mapping_ranges *range_map, - struct dom_sid *domain_sid, struct PAC_LOGON_INFO *logon_info, - size_t *_gid_count, struct pac_dom_grps **_gids); + char **_user_sid_str, + char **_primary_group_sid_str, + hash_table_t **_sid_table); errno_t get_data_from_pac(TALLOC_CTX *mem_ctx, uint8_t *pac_blob, size_t pac_len, struct PAC_LOGON_INFO **_logon_info); errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx, - struct pac_ctx *pac_ctx, struct sss_domain_info *dom, + char *user_sid_str, + char *primary_group_sid_str, + hash_table_t *sid_table, struct PAC_LOGON_INFO *logon_info, struct passwd **_pwd, struct sysdb_attrs **_attrs); -errno_t diff_gid_lists(TALLOC_CTX *mem_ctx, - size_t cur_grp_num, - struct grp_info *cur_gid_list, - size_t new_gid_num, - struct pac_dom_grps *new_gid_list, - size_t *_add_gid_num, - struct pac_dom_grps **_add_gid_list, - size_t *_del_gid_num, - struct grp_info ***_del_gid_list); - -struct sss_domain_info *find_domain_by_id(struct sss_domain_info *domains, - const char *id_str); - bool new_and_cached_user_differs(struct passwd *pwd, struct ldb_message *msg); #endif /* __PACSRV_H__ */ |