diff options
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb.h | 1 | ||||
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 17 |
2 files changed, 18 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index 7b1576124..9daaab80d 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -105,6 +105,7 @@ struct ipadb_e_data { char **pw_history; struct ipapwd_policy *pol; time_t last_admin_unlock; + char **authz_data; }; struct ipadb_context *ipadb_get_context(krb5_context kcontext); diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 13f6a21f1..11c155e64 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -63,6 +63,7 @@ static char *std_principal_attrs[] = { /* IPA SPECIFIC ATTRIBUTES */ "nsaccountlock", "passwordHistory", + IPA_KRB_AUTHZ_DATA_ATTR, "objectClass", NULL @@ -237,6 +238,7 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext, krb5_kvno mkvno = 0; char **restrlist; char *restring; + char **authz_data_list; krb5_timestamp restime; bool resbool; int result; @@ -503,6 +505,17 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext, ied->last_admin_unlock = restime; } + ret = ipadb_ldap_attr_to_strlist(lcontext, lentry, + IPA_KRB_AUTHZ_DATA_ATTR, &authz_data_list); + if (ret != 0 && ret != ENOENT) { + kerr = KRB5_KDB_INTERNAL_ERROR; + goto done; + } + if (ret == 0) { + ied->authz_data = authz_data_list; + } + + kerr = 0; done: @@ -831,6 +844,10 @@ void ipadb_free_principal(krb5_context kcontext, krb5_db_entry *entry) free(ied->pw_history[i]); } free(ied->pw_history); + for (i = 0; ied->authz_data && ied->authz_data[i]; i++) { + free(ied->authz_data[i]); + } + free(ied->authz_data); free(ied->pol); free(ied); } |