From 8d371b14623e1dced3ddc885ff7d8cd2cbf50604 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Jan 08 2013 13:42:56 +0000 Subject: Use struct pac_grp instead of gid_t for groups from PAC To be able to handle groupmemberships from other domains more data than just the gid must be kept for groups given in the PAC. --- diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h index 8b73d99..8cd4928 100644 --- a/src/responder/pac/pacsrv.h +++ b/src/responder/pac/pacsrv.h @@ -71,6 +71,11 @@ struct grp_info { struct ldb_dn *dn; }; +struct pac_grp { + gid_t gid; + struct sss_domain_info *grp_dom; +}; + int pac_cmd_execute(struct cli_ctx *cctx); struct sss_cmd_table *get_pac_cmds(void); @@ -98,7 +103,7 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, struct local_mapping_ranges *range_map, struct dom_sid *domain_sid, struct PAC_LOGON_INFO *logon_info, - size_t *_gid_count, gid_t **_gids); + size_t *_gid_count, struct pac_grp **_gids); errno_t get_data_from_pac(TALLOC_CTX *mem_ctx, uint8_t *pac_blob, size_t pac_len, @@ -115,9 +120,9 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx, size_t cur_grp_num, struct grp_info *cur_gid_list, size_t new_gid_num, - gid_t *new_gid_list, + struct pac_grp *new_gid_list, size_t *_add_gid_num, - gid_t **_add_gid_list, + struct pac_grp **_add_gid_list, size_t *_del_gid_num, struct grp_info ***_del_gid_list); #endif /* __PACSRV_H__ */ diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index 277cf4b..9f201f5 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -60,13 +60,13 @@ struct pac_req_ctx { struct dom_sid2 *domain_sid; size_t gid_count; - gid_t *gids; + struct pac_grp *gids; size_t current_grp_count; struct grp_info *current_grp_list; size_t add_gid_count; - gid_t *add_gids; + struct pac_grp *add_gids; size_t del_grp_count; struct grp_info **del_grp_list; @@ -581,7 +581,7 @@ static errno_t pac_save_memberships_next(struct tevent_req *req) } while (state->gid_iter < pr_ctx->add_gid_count) { - gid = pr_ctx->add_gids[state->gid_iter]; + gid = pr_ctx->add_gids[state->gid_iter].gid; ret = pac_store_membership(state->pr_ctx, state->group_dom->sysdb, state->user_dn, state->gid_iter); @@ -671,7 +671,7 @@ pac_store_membership(struct pac_req_ctx *pr_ctx, return ENOMEM; } - gid = pr_ctx->add_gids[gid_iter]; + gid = pr_ctx->add_gids[gid_iter].gid; ret = sysdb_search_group_by_gid(tmp_ctx, group_sysdb, gid, group_attrs, &group); diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c index 53113fb..6e0f4bf 100644 --- a/src/responder/pac/pacsrv_utils.c +++ b/src/responder/pac/pacsrv_utils.c @@ -389,13 +389,13 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, struct local_mapping_ranges *range_map, struct dom_sid *domain_sid, struct PAC_LOGON_INFO *logon_info, - size_t *_gid_count, gid_t **_gids) + size_t *_gid_count, struct pac_grp **_gids) { int ret; size_t g = 0; size_t s; struct netr_SamInfo3 *info3; - gid_t *gids = NULL; + struct pac_grp *gids = NULL; info3 = &logon_info->info3; @@ -405,7 +405,7 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, goto done; } - gids = talloc_array(mem_ctx, gid_t, info3->sidcount); + gids = talloc_zero_array(mem_ctx, struct pac_grp, info3->sidcount); if (gids == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n")); ret = ENOMEM; @@ -414,13 +414,14 @@ errno_t get_gids_from_pac(TALLOC_CTX *mem_ctx, for(s = 0; s < info3->sidcount; s++) { if (dom_sid_in_domain(domain_sid, info3->sids[s].sid)) { - ret = local_sid_to_id(range_map, info3->sids[s].sid, &gids[g]); + ret = local_sid_to_id(range_map, info3->sids[s].sid, + &gids[g].gid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("get_rid failed.\n")); goto done; } DEBUG(SSSDBG_TRACE_ALL, ("Found extra group " - "with gid [%d].\n", gids[g])); + "with gid [%d].\n", gids[g].gid)); g++; } } @@ -627,9 +628,9 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx, size_t cur_grp_num, struct grp_info *cur_grp_list, size_t new_gid_num, - gid_t *new_gid_list, + struct pac_grp *new_gid_list, size_t *_add_gid_num, - gid_t **_add_gid_list, + struct pac_grp **_add_gid_list, size_t *_del_grp_num, struct grp_info ***_del_grp_list) { @@ -639,7 +640,7 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx, hash_key_t key; hash_value_t value; size_t add_gid_num = 0; - gid_t *add_gid_list = NULL; + struct pac_grp *add_gid_list = NULL; size_t del_grp_num = 0; struct grp_info **del_grp_list = NULL; TALLOC_CTX *tmp_ctx = NULL; @@ -666,7 +667,7 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx, if (cur_grp_num == 0 && new_gid_num != 0) { add_gid_num = new_gid_num; - add_gid_list = talloc_array(tmp_ctx, gid_t, add_gid_num); + add_gid_list = talloc_array(tmp_ctx, struct pac_grp, add_gid_num); if (add_gid_list == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n")); ret = ENOMEM; @@ -721,13 +722,14 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx, } for (c = 0; c < new_gid_num; c++) { - key.ul = (unsigned long) new_gid_list[c]; + key.ul = (unsigned long) new_gid_list[c].gid; ret = hash_delete(table, &key); if (ret == HASH_ERROR_KEY_NOT_FOUND) { /* gid not found, must be added */ add_gid_num++; - add_gid_list = talloc_realloc(tmp_ctx, add_gid_list, gid_t, add_gid_num); + add_gid_list = talloc_realloc(tmp_ctx, add_gid_list, struct pac_grp, + add_gid_num); if (add_gid_list == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_realloc failed.\n")); ret = ENOMEM; diff --git a/src/tests/pac_responder-tests.c b/src/tests/pac_responder-tests.c index 02cc242..11870ce 100644 --- a/src/tests/pac_responder-tests.c +++ b/src/tests/pac_responder-tests.c @@ -76,13 +76,16 @@ START_TEST(pac_test_get_gids_to_add_and_remove) int ret; size_t c; size_t add_gid_count = 0; - gid_t *add_gids = NULL; + struct pac_grp *add_gids = NULL; size_t del_gid_count = 0; struct grp_info **del_gids = NULL; - gid_t gid_list_2[] = {2}; - gid_t gid_list_3[] = {3}; - gid_t gid_list_23[] = {2, 3}; + struct pac_grp pac_grp_2 = {2, NULL}; + struct pac_grp pac_grp_3 = {3, NULL}; + + struct pac_grp gid_list_2[] = {pac_grp_2}; + struct pac_grp gid_list_3[] = {pac_grp_3}; + struct pac_grp gid_list_23[] = {pac_grp_2, pac_grp_3}; struct grp_info grp_info_1 = {1, NULL, NULL}; struct grp_info grp_info_2 = {2, NULL, NULL}; @@ -93,10 +96,10 @@ START_TEST(pac_test_get_gids_to_add_and_remove) size_t cur_gid_count; struct grp_info *cur_gids; size_t gid_count; - gid_t *gids; + struct pac_grp *gids; int exp_ret; size_t exp_add_gid_count; - gid_t *exp_add_gids; + struct pac_grp *exp_add_gids; size_t exp_del_gid_count; struct grp_info *exp_del_gids; } a_and_r_data[] = { @@ -155,10 +158,10 @@ START_TEST(pac_test_get_gids_to_add_and_remove) * only look at lists with 1 element. TODO: add code to compare lists * with more than 1 member. */ if (add_gid_count == 1) { - fail_unless(add_gids[0] == a_and_r_data[c].exp_add_gids[0], + fail_unless(add_gids[0].gid == a_and_r_data[c].exp_add_gids[0].gid, "Unexpected gid to add for test data #%d, " \ "expected [%d], got [%d]", - c, a_and_r_data[c].exp_add_gids[0], add_gids[0]); + c, a_and_r_data[c].exp_add_gids[0].gid, add_gids[0].gid); } if (del_gid_count == 1) {