diff options
| author | Martin Kosek <mkosek@redhat.com> | 2013-02-07 14:52:35 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-02-12 10:37:47 +0100 |
| commit | 827ea50566dbb2a0906da76d318a2ba68a4b818e (patch) | |
| tree | 70afff4fc80c28fe548b0b020acdcaa02ef3e212 /util | |
| parent | d4d19ff4231c2643ed2008ed2c8870419ae02aac (diff) | |
| download | freeipa-827ea50566dbb2a0906da76d318a2ba68a4b818e.tar.gz freeipa-827ea50566dbb2a0906da76d318a2ba68a4b818e.tar.xz freeipa-827ea50566dbb2a0906da76d318a2ba68a4b818e.zip | |
ipa-kdb: read SID blacklist from LDAP
SIDs in incoming MS-PAC were checked and filtered with a fixed list of
well-known SIDs. Allow reading the SID blacklist from LDAP
(ipaNTSIDBlacklistIncoming and ipaNTSIDBlacklistOutgoing) and add the list
to mspac adtrust structure. Use the hardcoded SID list only if the LDAP
SID list is not configured.
LIMITATION: SID blacklist list is not used yet.
https://fedorahosted.org/freeipa/ticket/3289
Diffstat (limited to 'util')
| -rw-r--r-- | util/ipa_mspac.h | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/util/ipa_mspac.h b/util/ipa_mspac.h new file mode 100644 index 000000000..152317b18 --- /dev/null +++ b/util/ipa_mspac.h @@ -0,0 +1,32 @@ +#ifndef __IPA_MSPAC_H_ +#define __IPA_MSPAC_H_ + +char *ipa_mspac_well_known_sids[] = { + "S-1-0", + "S-1-1", + "S-1-2", + "S-1-3", + "S-1-5-1", + "S-1-5-2", + "S-1-5-3", + "S-1-5-4", + "S-1-5-5", + "S-1-5-6", + "S-1-5-7", + "S-1-5-8", + "S-1-5-9", + "S-1-5-10", + "S-1-5-11", + "S-1-5-12", + "S-1-5-13", + "S-1-5-14", + "S-1-5-15", + "S-1-5-16", + "S-1-5-17", + "S-1-5-18", + "S-1-5-19", + "S-1-5-20", + NULL +}; + +#endif /* __IPA_MSPAC_H_ */ |