On Thu, Apr 14, 2016 at 12:59:55PM -0400, Matt Rogers wrote: > > > ----- Original Message ----- > > From: "Nathaniel McCallum" <npmccal...@redhat.com> > > To: "Matt Rogers" <mrog...@redhat.com>, freeipa-devel@redhat.com > > Sent: Thursday, April 14, 2016 10:32:15 AM > > Subject: Re: [Freeipa-devel] [PATCH] 0001 ipa_kdb add krbPrincipalAuthInd > > handling > > > > On Mon, 2016-04-11 at 10:41 -0400, Matt Rogers wrote: > > > Hi, > > > > > > The attached patch is a part of the authentication indicator > > > enhancements, > > > adding indicator value storage and retrieval for the KDB driver. > > > > > > https://fedorahosted.org/freeipa/ticket/5782 > > > > Can you add some whitespace in next_attr()? The density of the code > > there hurts readability. > > > Sure, I've attached the revised patch.
Hi Matt, thank you for the patch. Currently I have the following question. You call krb5_dbe_set_string to remove the 'require_auth' data before calling ipadb_get_ldap_mod_extra_data() > + /* Delete authinds from tl_data so it is not included in > krbExtraData. */ > + kerr = krb5_dbe_set_string(kcontext, entry, "require_auth", NULL); > + if (kerr) { > + goto done; > + } > + > kerr = ipadb_get_ldap_mod_extra_data(imods, > entry->tl_data, > mod_op); > Why it is needed to filter this data again in ipadb_get_ldap_mod_extra_data()? > + > static krb5_error_code ipadb_get_ldap_mod_extra_data(struct ipadb_mods > *imods, > krb5_tl_data *tl_data, > int mod_op) > { > krb5_error_code kerr; > krb5_tl_data *data; > + krb5_tl_data *data_tmp = NULL; > struct berval **bvs = NULL; > krb5_int16 be_type; > int n, i; > @@ -1463,6 +1663,20 @@ static krb5_error_code > ipadb_get_ldap_mod_extra_data(struct ipadb_mods *imods, > continue; > } > > + /* Exclude any auth indicators from krbExtraData */ > + kerr = filter_authind_str_attrs(data, &data_tmp); > + if (kerr) { > + goto done; > + } > + if (data_tmp != NULL) { > + if (data_tmp->tl_data_contents == NULL) { > + free(data_tmp); > + data_tmp = NULL; > + continue; > + } > + data = data_tmp; > + } > + > be_type = htons(data->tl_data_type); > > bvs[i] = calloc(1, sizeof(struct berval)); bye, Sumit -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code