summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-11-23 18:35:08 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-01-08 14:42:56 +0100
commit8d371b14623e1dced3ddc885ff7d8cd2cbf50604 (patch)
tree14dec6e1da7e10dc84bff0701e363f2b95607019 /src
parent53bf0219474371e4c7bc0315a42d1e39acf083bb (diff)
downloadsssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.tar.gz
sssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.tar.xz
sssd-8d371b14623e1dced3ddc885ff7d8cd2cbf50604.zip
Use struct pac_grp instead of gid_t for groups from PAC
To be able to handle groupmemberships from other domains more data than just the gid must be kept for groups given in the PAC.
Diffstat (limited to 'src')
-rw-r--r--src/responder/pac/pacsrv.h11
-rw-r--r--src/responder/pac/pacsrv_cmd.c8
-rw-r--r--src/responder/pac/pacsrv_utils.c24
-rw-r--r--src/tests/pac_responder-tests.c19
4 files changed, 36 insertions, 26 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h
index 8b73d9957..8cd492842 100644
--- a/src/responder/pac/pacsrv.h
+++ b/src/responder/pac/pacsrv.h
@@ -71,6 +71,11 @@ struct grp_info {
struct ldb_dn *dn;
};
+struct pac_grp {
+ gid_t gid;
+ struct sss_domain_info *grp_dom;
+};
+
int pac_cmd_execute(struct cli_ctx *cctx);
struct sss_cmd_table *get_pac_cmds(void);
@@ -98,7 +103,7 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
struct local_mapping_ranges *range_map,
struct dom_sid *domain_sid,
struct PAC_LOGON_INFO *logon_info,
- size_t *_gid_count, gid_t **_gids);
+ size_t *_gid_count, struct pac_grp **_gids);
errno_t get_data_from_pac(TALLOC_CTX *mem_ctx,
uint8_t *pac_blob, size_t pac_len,
@@ -115,9 +120,9 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
size_t cur_grp_num,
struct grp_info *cur_gid_list,
size_t new_gid_num,
- gid_t *new_gid_list,
+ struct pac_grp *new_gid_list,
size_t *_add_gid_num,
- gid_t **_add_gid_list,
+ struct pac_grp **_add_gid_list,
size_t *_del_gid_num,
struct grp_info ***_del_gid_list);
#endif /* __PACSRV_H__ */
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index 277cf4b12..9f201f5c8 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -60,13 +60,13 @@ struct pac_req_ctx {
struct dom_sid2 *domain_sid;
size_t gid_count;
- gid_t *gids;
+ struct pac_grp *gids;
size_t current_grp_count;
struct grp_info *current_grp_list;
size_t add_gid_count;
- gid_t *add_gids;
+ struct pac_grp *add_gids;
size_t del_grp_count;
struct grp_info **del_grp_list;
@@ -581,7 +581,7 @@ static errno_t pac_save_memberships_next(struct tevent_req *req)
}
while (state->gid_iter < pr_ctx->add_gid_count) {
- gid = pr_ctx->add_gids[state->gid_iter];
+ gid = pr_ctx->add_gids[state->gid_iter].gid;
ret = pac_store_membership(state->pr_ctx, state->group_dom->sysdb,
state->user_dn, state->gid_iter);
@@ -671,7 +671,7 @@ pac_store_membership(struct pac_req_ctx *pr_ctx,
return ENOMEM;
}
- gid = pr_ctx->add_gids[gid_iter];
+ gid = pr_ctx->add_gids[gid_iter].gid;
ret = sysdb_search_group_by_gid(tmp_ctx, group_sysdb,
gid, group_attrs, &group);
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index 53113fb0d..6e0f4bfa6 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -389,13 +389,13 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
struct local_mapping_ranges *range_map,
struct dom_sid *domain_sid,
struct PAC_LOGON_INFO *logon_info,
- size_t *_gid_count, gid_t **_gids)
+ size_t *_gid_count, struct pac_grp **_gids)
{
int ret;
size_t g = 0;
size_t s;
struct netr_SamInfo3 *info3;
- gid_t *gids = NULL;
+ struct pac_grp *gids = NULL;
info3 = &logon_info->info3;
@@ -405,7 +405,7 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
goto done;
}
- gids = talloc_array(mem_ctx, gid_t, info3->sidcount);
+ gids = talloc_zero_array(mem_ctx, struct pac_grp, info3->sidcount);
if (gids == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n"));
ret = ENOMEM;
@@ -414,13 +414,14 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx,
for(s = 0; s < info3->sidcount; s++) {
if (dom_sid_in_domain(domain_sid, info3->sids[s].sid)) {
- ret = local_sid_to_id(range_map, info3->sids[s].sid, &gids[g]);
+ ret = local_sid_to_id(range_map, info3->sids[s].sid,
+ &gids[g].gid);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("get_rid failed.\n"));
goto done;
}
DEBUG(SSSDBG_TRACE_ALL, ("Found extra group "
- "with gid [%d].\n", gids[g]));
+ "with gid [%d].\n", gids[g].gid));
g++;
}
}
@@ -627,9 +628,9 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
size_t cur_grp_num,
struct grp_info *cur_grp_list,
size_t new_gid_num,
- gid_t *new_gid_list,
+ struct pac_grp *new_gid_list,
size_t *_add_gid_num,
- gid_t **_add_gid_list,
+ struct pac_grp **_add_gid_list,
size_t *_del_grp_num,
struct grp_info ***_del_grp_list)
{
@@ -639,7 +640,7 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
hash_key_t key;
hash_value_t value;
size_t add_gid_num = 0;
- gid_t *add_gid_list = NULL;
+ struct pac_grp *add_gid_list = NULL;
size_t del_grp_num = 0;
struct grp_info **del_grp_list = NULL;
TALLOC_CTX *tmp_ctx = NULL;
@@ -666,7 +667,7 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
if (cur_grp_num == 0 && new_gid_num != 0) {
add_gid_num = new_gid_num;
- add_gid_list = talloc_array(tmp_ctx, gid_t, add_gid_num);
+ add_gid_list = talloc_array(tmp_ctx, struct pac_grp, add_gid_num);
if (add_gid_list == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n"));
ret = ENOMEM;
@@ -721,13 +722,14 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
}
for (c = 0; c < new_gid_num; c++) {
- key.ul = (unsigned long) new_gid_list[c];
+ key.ul = (unsigned long) new_gid_list[c].gid;
ret = hash_delete(table, &key);
if (ret == HASH_ERROR_KEY_NOT_FOUND) {
/* gid not found, must be added */
add_gid_num++;
- add_gid_list = talloc_realloc(tmp_ctx, add_gid_list, gid_t, add_gid_num);
+ add_gid_list = talloc_realloc(tmp_ctx, add_gid_list, struct pac_grp,
+ add_gid_num);
if (add_gid_list == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_realloc failed.\n"));
ret = ENOMEM;
diff --git a/src/tests/pac_responder-tests.c b/src/tests/pac_responder-tests.c
index 02cc242a4..11870ce4d 100644
--- a/src/tests/pac_responder-tests.c
+++ b/src/tests/pac_responder-tests.c
@@ -76,13 +76,16 @@ START_TEST(pac_test_get_gids_to_add_and_remove)
int ret;
size_t c;
size_t add_gid_count = 0;
- gid_t *add_gids = NULL;
+ struct pac_grp *add_gids = NULL;
size_t del_gid_count = 0;
struct grp_info **del_gids = NULL;
- gid_t gid_list_2[] = {2};
- gid_t gid_list_3[] = {3};
- gid_t gid_list_23[] = {2, 3};
+ struct pac_grp pac_grp_2 = {2, NULL};
+ struct pac_grp pac_grp_3 = {3, NULL};
+
+ struct pac_grp gid_list_2[] = {pac_grp_2};
+ struct pac_grp gid_list_3[] = {pac_grp_3};
+ struct pac_grp gid_list_23[] = {pac_grp_2, pac_grp_3};
struct grp_info grp_info_1 = {1, NULL, NULL};
struct grp_info grp_info_2 = {2, NULL, NULL};
@@ -93,10 +96,10 @@ START_TEST(pac_test_get_gids_to_add_and_remove)
size_t cur_gid_count;
struct grp_info *cur_gids;
size_t gid_count;
- gid_t *gids;
+ struct pac_grp *gids;
int exp_ret;
size_t exp_add_gid_count;
- gid_t *exp_add_gids;
+ struct pac_grp *exp_add_gids;
size_t exp_del_gid_count;
struct grp_info *exp_del_gids;
} a_and_r_data[] = {
@@ -155,10 +158,10 @@ START_TEST(pac_test_get_gids_to_add_and_remove)
* only look at lists with 1 element. TODO: add code to compare lists
* with more than 1 member. */
if (add_gid_count == 1) {
- fail_unless(add_gids[0] == a_and_r_data[c].exp_add_gids[0],
+ fail_unless(add_gids[0].gid == a_and_r_data[c].exp_add_gids[0].gid,
"Unexpected gid to add for test data #%d, " \
"expected [%d], got [%d]",
- c, a_and_r_data[c].exp_add_gids[0], add_gids[0]);
+ c, a_and_r_data[c].exp_add_gids[0].gid, add_gids[0].gid);
}
if (del_gid_count == 1) {