diff options
author | Sumit Bose <sbose@redhat.com> | 2012-11-26 13:50:48 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-08 15:05:48 +0100 |
commit | 27696f6d7ef8a856fb44816288e9ae808bba76b2 (patch) | |
tree | 0746f8f6e02005ff6e0dee1ad7c2a5ddcba640ab /src/responder/pac/pacsrv_utils.c | |
parent | 035008dc7676339c9568ab4d44b5fcc1fee98f54 (diff) | |
download | sssd-27696f6d7ef8a856fb44816288e9ae808bba76b2.tar.gz sssd-27696f6d7ef8a856fb44816288e9ae808bba76b2.tar.xz sssd-27696f6d7ef8a856fb44816288e9ae808bba76b2.zip |
Save domain and GID for groups from the configured domain
Currently users from subdomains can only be members of groups from the
configured domain and to access those groups a pointer to the domain
struct of the configured domain is used. This patch sets the dom_grp
member of struct pac_grp to point to the domain struct of the configured
for groups from this domain. This is a first step to allow group
membership for groups from subdomains as well. For those groups a
pointer to the related subdomain structure will be saved.
Diffstat (limited to 'src/responder/pac/pacsrv_utils.c')
-rw-r--r-- | src/responder/pac/pacsrv_utils.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c index d79adb1f2..217e27ab5 100644 --- a/src/responder/pac/pacsrv_utils.c +++ b/src/responder/pac/pacsrv_utils.c @@ -425,6 +425,7 @@ bool dom_sid_in_domain(const struct dom_sid *domain_sid, * domain and convert them to GIDs. */ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, + struct pac_ctx *pac_ctx, struct local_mapping_ranges *range_map, struct dom_sid *domain_sid, struct PAC_LOGON_INFO *logon_info, @@ -435,6 +436,15 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, size_t s; struct netr_SamInfo3 *info3; struct pac_grp *gids = NULL; + struct sss_domain_info *grp_dom; + char *sid_str; + enum idmap_error_code err; + + if (pac_ctx == NULL || range_map == NULL || domain_sid == NULL || + logon_info == NULL || _gid_count == NULL || _gids == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("Missing parameter.\n")); + return EINVAL; + } info3 = &logon_info->info3; @@ -451,6 +461,22 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, goto done; } + + err = sss_idmap_smb_sid_to_sid(pac_ctx->idmap_ctx, domain_sid, + &sid_str); + if (err != IDMAP_SUCCESS) { + DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_smb_sid_to_sid failed.\n")); + ret = EFAULT; + goto done; + } + + grp_dom = find_domain_by_id(pac_ctx->rctx->domains, sid_str); + if (grp_dom == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("find_domain_by_id failed.\n")); + ret = EINVAL; + goto done; + } + for(s = 0; s < info3->sidcount; s++) { if (dom_sid_in_domain(domain_sid, info3->sids[s].sid)) { ret = local_sid_to_id(range_map, info3->sids[s].sid, @@ -459,6 +485,7 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_OP_FAILURE, ("get_rid failed.\n")); goto done; } + gids[g].grp_dom = grp_dom; DEBUG(SSSDBG_TRACE_ALL, ("Found extra group " "with gid [%d].\n", gids[g].gid)); g++; |