rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
3c1392be1b
ipa/freeipa-3.0.0.pre1-073-split-out-manipulation-of-logon_info-blob.patch
Martin Kosek 3c91c125af Add missing 3.0.0 beta 2 development patches
2012-08-06 18:17:49 +02:00

184 lines
5.7 KiB
Diff
Raw Blame History

From 754d0bea06206cbedf0bc238efc501d14e51acfd Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Fri, 13 Jul 2012 12:42:11 -0400
Subject: [PATCH 73/79] Split out manipulation of logon_info blob
This way multiple functions can manipulate the logon info structure until all
operations we want to do on it are done and then fold it back once.
---
daemons/ipa-kdb/ipa_kdb_mspac.c | 117 +++++++++++++++++++++++++---------------
1 file changed, 73 insertions(+), 44 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 7e6e71d5b316022cc53438a67dfd3ec4595f0245..2a48c4f8ca7cee30d01380fbc12dddb928472963 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -900,83 +900,112 @@ done:
return kerr;
}
+static krb5_error_code get_logon_info(krb5_context context,
+ TALLOC_CTX *memctx,
+ krb5_data *pac_blob,
+ struct PAC_LOGON_INFO_CTR *info)
+{
+ DATA_BLOB pac_data;
+ enum ndr_err_code ndr_err;
+
+ pac_data.length = pac_blob->length;
+ pac_data.data = (uint8_t *)pac_blob->data;
+
+ ndr_err = ndr_pull_union_blob(&pac_data, memctx, info,
+ PAC_TYPE_LOGON_INFO,
+ (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return KRB5_KDB_INTERNAL_ERROR;
+ }
+
+ return 0;
+}
+
static krb5_error_code add_local_groups(krb5_context context,
- krb5_data *pac_blob)
+ TALLOC_CTX *memctx,
+ struct PAC_LOGON_INFO_CTR *info)
{
- DATA_BLOB pac_data;
- union PAC_INFO pac_info;
- krb5_error_code kerr;
- enum ndr_err_code ndr_err;
- TALLOC_CTX *tmpctx;
int ret;
char **group_sids = NULL;
size_t ipa_group_sids_count = 0;
struct dom_sid *ipa_group_sids = NULL;
- tmpctx = talloc_new(NULL);
- if (!tmpctx) {
- return ENOMEM;
- }
-
- pac_data.length = pac_blob->length;
- pac_data.data = (uint8_t *)pac_blob->data;
-
- ndr_err = ndr_pull_union_blob(&pac_data, tmpctx, &pac_info,
- PAC_TYPE_LOGON_INFO,
- (ndr_pull_flags_fn_t) ndr_pull_PAC_INFO);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- krb5_klog_syslog(LOG_ERR, "ndr_pull_union_blob failed");
- kerr = KRB5_KDB_INTERNAL_ERROR;
- goto done;
- }
-
- ret = get_group_sids(tmpctx, &pac_info.logon_info, &group_sids);
+ ret = get_group_sids(memctx, info, &group_sids);
if (ret != 0) {
- krb5_klog_syslog(LOG_ERR, "get_group_sids failed");
- kerr = KRB5_KDB_INTERNAL_ERROR;
- goto done;
+ return KRB5_KDB_INTERNAL_ERROR;
}
- ret = map_groups(tmpctx, context, group_sids, &ipa_group_sids_count,
+ ret = map_groups(memctx, context, group_sids, &ipa_group_sids_count,
&ipa_group_sids);
if (ret != 0) {
- krb5_klog_syslog(LOG_ERR, "map_groups failed");
- kerr = KRB5_KDB_INTERNAL_ERROR;
- goto done;
+ return KRB5_KDB_INTERNAL_ERROR;
}
- ret = add_groups(tmpctx, &pac_info.logon_info, ipa_group_sids_count,
- ipa_group_sids);
+ ret = add_groups(memctx, info, ipa_group_sids_count, ipa_group_sids);
if (ret != 0) {
krb5_klog_syslog(LOG_ERR, "add_groups failed");
- kerr = KRB5_KDB_INTERNAL_ERROR;
- goto done;
+ return KRB5_KDB_INTERNAL_ERROR;
}
- ndr_err = ndr_push_union_blob(&pac_data, tmpctx, &pac_info,
+ return 0;
+}
+
+static krb5_error_code save_logon_info(krb5_context context,
+ TALLOC_CTX *memctx,
+ struct PAC_LOGON_INFO_CTR *info,
+ krb5_data *pac_blob)
+{
+ DATA_BLOB pac_data;
+ enum ndr_err_code ndr_err;
+
+ ndr_err = ndr_push_union_blob(&pac_data, memctx, info,
PAC_TYPE_LOGON_INFO,
(ndr_push_flags_fn_t)ndr_push_PAC_INFO);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- krb5_klog_syslog(LOG_ERR, "ndr_push_union_blob failed");
- kerr = KRB5_KDB_INTERNAL_ERROR;
- goto done;
+ return KRB5_KDB_INTERNAL_ERROR;
}
free(pac_blob->data);
pac_blob->data = malloc(pac_data.length);
if (pac_blob->data == NULL) {
pac_blob->length = 0;
- kerr = ENOMEM;
- goto done;
+ return ENOMEM;
}
memcpy(pac_blob->data, pac_data.data, pac_data.length);
pac_blob->length = pac_data.length;
- kerr = 0;
+ return 0;
+}
+
+static krb5_error_code ipadb_check_logon_info(krb5_context context,
+ krb5_data *pac_blob)
+{
+ struct PAC_LOGON_INFO_CTR info;
+ krb5_error_code kerr;
+ TALLOC_CTX *tmpctx;
+
+ tmpctx = talloc_new(NULL);
+ if (!tmpctx) {
+ return ENOMEM;
+ }
+
+ kerr = get_logon_info(context, tmpctx, pac_blob, &info);
+ if (kerr) {
+ goto done;
+ }
+
+ kerr = add_local_groups(context, tmpctx, &info);
+ if (kerr) {
+ goto done;
+ }
+
+ kerr = save_logon_info(context, tmpctx, &info, pac_blob);
+ if (kerr) {
+ goto done;
+ }
done:
talloc_free(tmpctx);
-
return kerr;
}
@@ -1050,7 +1079,7 @@ static krb5_error_code ipadb_verify_pac(krb5_context context,
goto done;
}
- kerr = add_local_groups(context, &pac_blob);
+ kerr = ipadb_check_logon_info(context, &pac_blob);
if (kerr != 0) {
goto done;
}
--
1.7.11.2
Reference in New Issue View Git Blame Copy Permalink