|
 |
190a2a |
From 3a4057a37254d6dbb0191da32cd110f7cd50d4e4 Mon Sep 17 00:00:00 2001
|
|
|
190a2a |
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
190a2a |
Date: Wed, 20 May 2015 18:24:52 +0300
|
|
|
190a2a |
Subject: [PATCH] ipa-kdb: use proper memory chunk size when moving sids
|
|
|
190a2a |
|
|
|
190a2a |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1222475
|
|
|
190a2a |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
190a2a |
---
|
|
|
190a2a |
daemons/ipa-kdb/ipa_kdb_mspac.c | 20 +++++++++++++++++---
|
|
|
190a2a |
1 file changed, 17 insertions(+), 3 deletions(-)
|
|
|
190a2a |
|
|
|
190a2a |
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
|
|
|
190a2a |
index e3215db4ea11632dce8f039fc6b89c4a09acd87a..74ee2f3fd4b81bd3433c9ff9c77f7434b72e7f4d 100644
|
|
|
190a2a |
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
|
|
|
190a2a |
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
|
|
|
190a2a |
@@ -1397,7 +1397,15 @@ static krb5_error_code filter_logon_info(krb5_context context,
|
|
|
190a2a |
if (result) {
|
|
|
190a2a |
filter_logon_info_log_message(info->info->info3.sids[i].sid);
|
|
|
190a2a |
} else {
|
|
|
190a2a |
+ /* Go over incoming SID blacklist */
|
|
|
190a2a |
for(k = 0; k < domain->len_sid_blacklist_incoming; k++) {
|
|
|
190a2a |
+ /* if SID is an exact match, filter it out */
|
|
|
190a2a |
+ result = dom_sid_check(&domain->sid_blacklist_incoming[k], info->info->info3.sids[i].sid, true);
|
|
|
190a2a |
+ if (result) {
|
|
|
190a2a |
+ filter_logon_info_log_message(info->info->info3.sids[i].sid);
|
|
|
190a2a |
+ break;
|
|
|
190a2a |
+ }
|
|
|
190a2a |
+ /* if SID is a suffix of the blacklist element, filter it out*/
|
|
|
190a2a |
result = dom_sid_is_prefix(&domain->sid_blacklist_incoming[k], info->info->info3.sids[i].sid);
|
|
|
190a2a |
if (result) {
|
|
|
190a2a |
filter_logon_info_log_message(info->info->info3.sids[i].sid);
|
|
|
190a2a |
@@ -1406,11 +1414,17 @@ static krb5_error_code filter_logon_info(krb5_context context,
|
|
|
190a2a |
}
|
|
|
190a2a |
}
|
|
|
190a2a |
if (result) {
|
|
|
190a2a |
+ k = count - i - j - 1;
|
|
|
190a2a |
+ if (k != 0) {
|
|
|
190a2a |
+ memmove(info->info->info3.sids+i,
|
|
|
190a2a |
+ info->info->info3.sids+i+1,
|
|
|
190a2a |
+ sizeof(struct netr_SidAttr)*k);
|
|
|
190a2a |
+ }
|
|
|
190a2a |
j++;
|
|
|
190a2a |
- memmove(info->info->info3.sids+i, info->info->info3.sids+i+1, count-i-1);
|
|
|
190a2a |
+ } else {
|
|
|
190a2a |
+ i++;
|
|
|
190a2a |
}
|
|
|
190a2a |
- i++;
|
|
|
190a2a |
- } while (i < count);
|
|
|
190a2a |
+ } while ((i + j) < count);
|
|
|
190a2a |
|
|
|
190a2a |
if (j != 0) {
|
|
|
190a2a |
count = count-j;
|
|
|
190a2a |
--
|
|
|
190a2a |
2.1.0
|
|
|
190a2a |
|