diff options
| author | Sumit Bose <sbose@redhat.com> | 2012-11-14 14:22:15 +0100 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-11-30 16:39:07 -0500 |
| commit | c5e055ae00a2f4a41df4bdcbc95e81d771a4f8cf (patch) | |
| tree | af651f50e08f811e7787a193a9c5ef63e1796d08 | |
| parent | 5269458f552380759c86018cd1f30b64761be92e (diff) | |
| download | freeipa-c5e055ae00a2f4a41df4bdcbc95e81d771a4f8cf.tar.gz freeipa-c5e055ae00a2f4a41df4bdcbc95e81d771a4f8cf.tar.xz freeipa-c5e055ae00a2f4a41df4bdcbc95e81d771a4f8cf.zip | |
Lookup the user SID in external group as well
Currently only the group SIDs from a PAC are used to find out about the
membership in local groups. This patch adds the user SID to the list.
Fixes https://fedorahosted.org/freeipa/ticket/3257
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_mspac.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index efb4cb9b6..ed2c7fb8c 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -678,9 +678,9 @@ static char *gen_sid_string(TALLOC_CTX *memctx, struct dom_sid *dom_sid, return str; } -static int get_group_sids(TALLOC_CTX *memctx, - struct PAC_LOGON_INFO_CTR *logon_info, - char ***_group_sids) +static int get_user_and_group_sids(TALLOC_CTX *memctx, + struct PAC_LOGON_INFO_CTR *logon_info, + char ***_group_sids) { int ret; size_t c; @@ -696,7 +696,7 @@ static int get_group_sids(TALLOC_CTX *memctx, } group_sids = talloc_array(memctx, char *, - 2 + + 3 + logon_info->info->info3.base.groups.count + logon_info->info->info3.sidcount); if (group_sids == NULL) { @@ -706,6 +706,15 @@ static int get_group_sids(TALLOC_CTX *memctx, } group_sids[p] = gen_sid_string(memctx, domain_sid, + logon_info->info->info3.base.rid); + if (group_sids[p] == NULL) { + krb5_klog_syslog(LOG_ERR, "gen_sid_string failed"); + ret = EINVAL; + goto done; + } + p++; + + group_sids[p] = gen_sid_string(memctx, domain_sid, logon_info->info->info3.base.primary_gid); if (group_sids[p] == NULL) { krb5_klog_syslog(LOG_ERR, "gen_sid_string failed"); @@ -949,7 +958,7 @@ static krb5_error_code add_local_groups(krb5_context context, size_t ipa_group_sids_count = 0; struct dom_sid *ipa_group_sids = NULL; - ret = get_group_sids(memctx, info, &group_sids); + ret = get_user_and_group_sids(memctx, info, &group_sids); if (ret != 0) { return KRB5_KDB_INTERNAL_ERROR; } |