summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-06-14 13:09:00 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-28 20:20:59 +0200
commit5e60c73cb91d1659755fb5ea829837db68d46163 (patch)
tree4a8408f379e5f39e55c822e774f88b743d6c6bdd
parent8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121f (diff)
downloadsssd-5e60c73cb91d1659755fb5ea829837db68d46163.tar.gz
sssd-5e60c73cb91d1659755fb5ea829837db68d46163.tar.bz2
sssd-5e60c73cb91d1659755fb5ea829837db68d46163.zip
Add support for new ipaRangeType attribute
Recent versions of FreeIPA support a range type attribute to allow different type of ranges for sub/trusted-domains. If the attribute is available it will be used, if not the right value is determined with the help of the other idrange attributes. Fixes https://fedorahosted.org/sssd/ticket/1961
-rw-r--r--src/db/sysdb.h2
-rw-r--r--src/db/sysdb_ranges.c16
-rw-r--r--src/providers/ipa/ipa_common.h4
-rw-r--r--src/providers/ipa/ipa_idmap.c5
-rw-r--r--src/providers/ipa/ipa_subdomains.c33
5 files changed, 54 insertions, 6 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 489188b7..0b99dee0 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -130,6 +130,7 @@
#define SYSDB_BASE_RID "baseRID"
#define SYSDB_SECONDARY_BASE_RID "secondaryBaseRID"
#define SYSDB_DOMAIN_ID "domainID"
+#define SYSDB_ID_RANGE_TYPE "idRangeType"
#define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
@@ -245,6 +246,7 @@ struct range_info {
uint32_t base_rid;
uint32_t secondary_base_rid;
char *trusted_dom_sid;
+ char *range_type;
};
diff --git a/src/db/sysdb_ranges.c b/src/db/sysdb_ranges.c
index cc72033e..5b444eac 100644
--- a/src/db/sysdb_ranges.c
+++ b/src/db/sysdb_ranges.c
@@ -53,6 +53,7 @@ errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
SYSDB_BASE_RID,
SYSDB_SECONDARY_BASE_RID,
SYSDB_DOMAIN_ID,
+ SYSDB_ID_RANGE_TYPE,
NULL};
struct range_info **list;
struct ldb_dn *basedn;
@@ -140,6 +141,17 @@ errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
DEBUG(SSSDBG_MINOR_FAILURE, ("find_attr_as_uint32_t failed.\n"));
goto done;
}
+
+ tmp_str = ldb_msg_find_attr_as_string(res->msgs[c], SYSDB_ID_RANGE_TYPE,
+ NULL);
+ if (tmp_str != NULL) {
+ list[c]->range_type = talloc_strdup(list, tmp_str);
+ if (list[c]->range_type == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+
}
list[res->count] = NULL;
@@ -228,6 +240,10 @@ errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range)
(unsigned long)time(NULL));
if (ret) goto done;
+ ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_ID_RANGE_TYPE,
+ range->range_type);
+ if (ret) goto done;
+
ret = ldb_add(sysdb->ldb, msg);
if (ret) goto done;
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 6dacdc57..8bf2d3e1 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -142,6 +142,10 @@ struct ipa_options {
struct ipa_auth_ctx *auth_ctx;
};
+#define IPA_RANGE_LOCAL "ipa-local"
+#define IPA_RANGE_AD_TRUST "ipa-ad-trust"
+#define IPA_RANGE_AD_TRUST_POSIX "ipa-ad-trust-posix"
+
/* options parsers */
int ipa_get_options(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
diff --git a/src/providers/ipa/ipa_idmap.c b/src/providers/ipa/ipa_idmap.c
index a02724f3..c108ca75 100644
--- a/src/providers/ipa/ipa_idmap.c
+++ b/src/providers/ipa/ipa_idmap.c
@@ -23,10 +23,7 @@
#include "util/util.h"
#include "providers/ldap/sdap_idmap.h"
-
-#define IPA_RANGE_LOCAL "ipa-local"
-#define IPA_RANGE_AD_TRUST "ipa-ad-trust"
-#define IPA_RANGE_AD_TRUST_POSIX "ipa-ad-trust-posix"
+#include "providers/ipa/ipa_common.h"
static void *
ipa_idmap_talloc(size_t size, void *pvt)
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 76ea709a..120b9553 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -35,6 +35,7 @@
#define IPA_FLATNAME "ipaNTFlatName"
#define IPA_SID "ipaNTSecurityIdentifier"
#define IPA_TRUSTED_DOMAIN_SID "ipaNTTrustedDomainSID"
+#define IPA_RANGE_TYPE "ipaRangeType"
#define IPA_BASE_ID "ipaBaseID"
#define IPA_ID_RANGE_SIZE "ipaIDRangeSize"
@@ -60,7 +61,7 @@ enum ipa_subdomains_req_type {
struct ipa_subdomains_req_params {
const char *filter;
tevent_req_fn cb;
- const char *attrs[8];
+ const char *attrs[9];
};
struct ipa_subdomains_ctx {
@@ -188,6 +189,34 @@ static errno_t ipa_ranges_parse_results(TALLOC_CTX *mem_ctx,
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
goto done;
}
+
+ ret = sysdb_attrs_get_string(reply[c], IPA_RANGE_TYPE, &value);
+ if (ret == EOK) {
+ range_list[c]->range_type = talloc_strdup(range_list[c], value);
+ if (range_list[c]->range_type == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+ } else if (ret == ENOENT) {
+ /* Older IPA servers might not have the range_type attribute, but
+ * only support local ranges and trusts with algorithmic mapping. */
+ if (range_list[c]->trusted_dom_sid == NULL) {
+ range_list[c]->range_type = talloc_strdup(range_list[c],
+ IPA_RANGE_LOCAL);
+ } else {
+ range_list[c]->range_type = talloc_strdup(range_list[c],
+ IPA_RANGE_AD_TRUST);
+ }
+ } else {
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
+ goto done;
+ }
+ if (range_list[c]->range_type == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
+ ret = ENOMEM;
+ goto done;
+ }
}
range_list[c] = NULL;
@@ -377,7 +406,7 @@ static struct ipa_subdomains_req_params subdomain_requests[] = {
ipa_subdomains_handler_ranges_done,
{ OBJECTCLASS, IPA_CN,
IPA_BASE_ID, IPA_BASE_RID, IPA_SECONDARY_BASE_RID,
- IPA_ID_RANGE_SIZE, IPA_TRUSTED_DOMAIN_SID, NULL
+ IPA_ID_RANGE_SIZE, IPA_TRUSTED_DOMAIN_SID, IPA_RANGE_TYPE, NULL
}
}
};