diff options
author | Pavel Reichl <preichl@redhat.com> | 2014-09-25 14:52:31 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-29 18:27:07 +0200 |
commit | 830ded27453015080a54d6ba85fd4999ee7e9af1 (patch) | |
tree | 2dcdecd4d211c25e7e1dd909e062e534348227db /src/util | |
parent | cb7644495e76ffa3e19ba10efb4a0f5f3817ba33 (diff) | |
download | sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.tar.gz sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.tar.xz sssd-830ded27453015080a54d6ba85fd4999ee7e9af1.zip |
PAM: new options pam_trusted_users & pam_public_domains
pam_public_domains option is a list of numerical UIDs or user names
that are trusted.
pam_public_domains option is a list of domains accessible even for
untrusted users.
Based on:
https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/domain_info_utils.c | 60 | ||||
-rw-r--r-- | src/util/util.h | 5 |
2 files changed, 65 insertions, 0 deletions
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index 8933f5235..520feb36d 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -569,3 +569,63 @@ done: talloc_free(tmp_ctx); return ret; } + +/* Save domain names, do not descend. */ +errno_t get_dom_names(TALLOC_CTX *mem_ctx, + struct sss_domain_info *start_dom, + char ***_dom_names, + int *_dom_names_count) +{ + struct sss_domain_info *dom; + TALLOC_CTX *tmp_ctx; + char **dom_names; + size_t count, i; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + /* get count of domains*/ + count = 0; + dom = start_dom; + while (dom) { + count++; + dom = get_next_domain(dom, false); + } + + dom_names = talloc_array(tmp_ctx, char*, count); + if (dom_names == NULL) { + ret = ENOMEM; + goto done; + } + + /* copy names */ + i = 0; + dom = start_dom; + while (dom) { + dom_names[i] = talloc_strdup(dom_names, dom->name); + if (dom_names[i] == NULL) { + ret = ENOMEM; + goto done; + } + dom = get_next_domain(dom, false); + i++; + } + + if (_dom_names != NULL ) { + *_dom_names = talloc_steal(mem_ctx, dom_names); + } + + if (_dom_names_count != NULL ) { + *_dom_names_count = count; + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} diff --git a/src/util/util.h b/src/util/util.h index d3b746be3..df82b3fa4 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -547,6 +547,11 @@ errno_t sssd_domain_init(TALLOC_CTX *mem_ctx, errno_t sss_write_domain_mappings(struct sss_domain_info *domain, bool add_capaths); +errno_t get_dom_names(TALLOC_CTX *mem_ctx, + struct sss_domain_info *start_dom, + char ***_dom_names, + int *_dom_names_count); + /* from util_lock.c */ errno_t sss_br_lock_file(int fd, size_t start, size_t len, int num_tries, useconds_t wait); |