summaryrefslogtreecommitdiff
path: root/src/providers/ipa
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-06-14 13:09:00 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-28 20:20:59 +0200
commit5e60c73cb91d1659755fb5ea829837db68d46163 (patch)
tree4a8408f379e5f39e55c822e774f88b743d6c6bdd /src/providers/ipa
parent8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121f (diff)
downloadsssd-5e60c73cb91d1659755fb5ea829837db68d46163.tar.gz
sssd-5e60c73cb91d1659755fb5ea829837db68d46163.tar.bz2
sssd-5e60c73cb91d1659755fb5ea829837db68d46163.zip
Add support for new ipaRangeType attribute
Recent versions of FreeIPA support a range type attribute to allow different type of ranges for sub/trusted-domains. If the attribute is available it will be used, if not the right value is determined with the help of the other idrange attributes. Fixes https://fedorahosted.org/sssd/ticket/1961
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_common.h4
-rw-r--r--src/providers/ipa/ipa_idmap.c5
-rw-r--r--src/providers/ipa/ipa_subdomains.c33
3 files changed, 36 insertions, 6 deletions
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 6dacdc57..8bf2d3e1 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -142,6 +142,10 @@ struct ipa_options {
struct ipa_auth_ctx *auth_ctx;
};
+#define IPA_RANGE_LOCAL "ipa-local"
+#define IPA_RANGE_AD_TRUST "ipa-ad-trust"
+#define IPA_RANGE_AD_TRUST_POSIX "ipa-ad-trust-posix"
+
/* options parsers */
int ipa_get_options(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
diff --git a/src/providers/ipa/ipa_idmap.c b/src/providers/ipa/ipa_idmap.c
index a02724f3..c108ca75 100644
--- a/src/providers/ipa/ipa_idmap.c
+++ b/src/providers/ipa/ipa_idmap.c
@@ -23,10 +23,7 @@
#include "util/util.h"
#include "providers/ldap/sdap_idmap.h"
-
-#define IPA_RANGE_LOCAL "ipa-local"
-#define IPA_RANGE_AD_TRUST "ipa-ad-trust"
-#define IPA_RANGE_AD_TRUST_POSIX "ipa-ad-trust-posix"
+#include "providers/ipa/ipa_common.h"
static void *
ipa_idmap_talloc(size_t size, void *pvt)
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 76ea709a..120b9553 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -35,6 +35,7 @@
#define IPA_FLATNAME "ipaNTFlatName"
#define IPA_SID "ipaNTSecurityIdentifier"
#define IPA_TRUSTED_DOMAIN_SID "ipaNTTrustedDomainSID"
+#define IPA_RANGE_TYPE "ipaRangeType"
#define IPA_BASE_ID "ipaBaseID"
#define IPA_ID_RANGE_SIZE "ipaIDRangeSize"
@@ -60,7 +61,7 @@ enum ipa_subdomains_req_type {
struct ipa_subdomains_req_params {
const char *filter;
tevent_req_fn cb;
- const char *attrs[8];
+ const char *attrs[9];
};
struct ipa_subdomains_ctx {
@@ -188,6 +189,34 @@ static errno_t ipa_ranges_parse_results(TALLOC_CTX *mem_ctx,
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
goto done;
}
+
+ ret = sysdb_attrs_get_string(reply[c], IPA_RANGE_TYPE, &value);
+ if (ret == EOK) {
+ range_list[c]->range_type = talloc_strdup(range_list[c], value);
+ if (range_list[c]->range_type == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+ } else if (ret == ENOENT) {
+ /* Older IPA servers might not have the range_type attribute, but
+ * only support local ranges and trusts with algorithmic mapping. */
+ if (range_list[c]->trusted_dom_sid == NULL) {
+ range_list[c]->range_type = talloc_strdup(range_list[c],
+ IPA_RANGE_LOCAL);
+ } else {
+ range_list[c]->range_type = talloc_strdup(range_list[c],
+ IPA_RANGE_AD_TRUST);
+ }
+ } else {
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
+ goto done;
+ }
+ if (range_list[c]->range_type == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
+ ret = ENOMEM;
+ goto done;
+ }
}
range_list[c] = NULL;
@@ -377,7 +406,7 @@ static struct ipa_subdomains_req_params subdomain_requests[] = {
ipa_subdomains_handler_ranges_done,
{ OBJECTCLASS, IPA_CN,
IPA_BASE_ID, IPA_BASE_RID, IPA_SECONDARY_BASE_RID,
- IPA_ID_RANGE_SIZE, IPA_TRUSTED_DOMAIN_SID, NULL
+ IPA_ID_RANGE_SIZE, IPA_TRUSTED_DOMAIN_SID, IPA_RANGE_TYPE, NULL
}
}
};