diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-02-12 11:01:11 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-03-08 10:46:00 +0100 |
| commit | d5216d5428dc9653c382656bd5187f1e49b3fe02 (patch) | |
| tree | 44fc2b4b16337ac2a028ccc9182e2aae6d2177c2 | |
| parent | 2d90724a7e3a810b58293eb4930b5c5b5793bd66 (diff) | |
| download | freeipa-d5216d5428dc9653c382656bd5187f1e49b3fe02.tar.gz freeipa-d5216d5428dc9653c382656bd5187f1e49b3fe02.tar.xz freeipa-d5216d5428dc9653c382656bd5187f1e49b3fe02.zip | |
ipa-kdb: Read global defaul ipaKrbAuthzData
The ipaKrbAuthzData LDAP attribute is read from the ipaConfig object
and the read value(s) are stored in the ipadb context.
https://fedorahosted.org/freeipa/ticket/2960
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb.c | 27 | ||||
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb.h | 3 |
2 files changed, 29 insertions, 1 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index 2a344dc69..e5c718ea9 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -40,6 +40,8 @@ struct ipadb_context *ipadb_get_context(krb5_context kcontext) static void ipadb_context_free(krb5_context kcontext, struct ipadb_context **ctx) { + size_t c; + if (*ctx != NULL) { free((*ctx)->uri); free((*ctx)->base); @@ -51,6 +53,12 @@ static void ipadb_context_free(krb5_context kcontext, free((*ctx)->supp_encs); ipadb_mspac_struct_free(&(*ctx)->mspac); krb5_free_default_realm(kcontext, (*ctx)->realm); + + for (c = 0; (*ctx)->authz_data && (*ctx)->authz_data[c]; c++) { + free((*ctx)->authz_data[c]); + } + free((*ctx)->authz_data); + free(*ctx); *ctx = NULL; } @@ -167,13 +175,14 @@ done: int ipadb_get_global_configs(struct ipadb_context *ipactx) { - char *attrs[] = { "ipaConfigString", NULL }; + char *attrs[] = { "ipaConfigString", IPA_KRB_AUTHZ_DATA_ATTR, NULL }; struct berval **vals = NULL; LDAPMessage *res = NULL; LDAPMessage *first; char *base = NULL; int i; int ret; + char **authz_data_list; ret = asprintf(&base, "cn=ipaConfig,cn=etc,%s", ipactx->base); if (ret == -1) { @@ -215,6 +224,22 @@ int ipadb_get_global_configs(struct ipadb_context *ipactx) } } + ret = ipadb_ldap_attr_to_strlist(ipactx->lcontext, first, + IPA_KRB_AUTHZ_DATA_ATTR, &authz_data_list); + if (ret != 0 && ret != ENOENT) { + goto done; + } + if (ret == 0) { + if (ipactx->authz_data != NULL) { + for (i = 0; ipactx->authz_data[i]; i++) { + free(ipactx->authz_data[i]); + } + free(ipactx->authz_data); + } + + ipactx->authz_data = authz_data_list; + } + ret = 0; done: diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index f472f0245..7b1576124 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -74,6 +74,8 @@ #define IPA_SETUP "ipa-setup-override-restrictions" +#define IPA_KRB_AUTHZ_DATA_ATTR "ipaKrbAuthzData" + struct ipadb_mspac; struct ipadb_context { @@ -89,6 +91,7 @@ struct ipadb_context { struct ipadb_mspac *mspac; bool disable_last_success; bool disable_lockout; + char **authz_data; }; #define IPA_E_DATA_MAGIC 0x0eda7a |