diff options
author | Sumit Bose <sbose@redhat.com> | 2013-09-25 13:42:24 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-27 10:33:25 +0200 |
commit | c5711b0279ea85d69fe3c77dfb194360c346e1d7 (patch) | |
tree | ffc3b851532fdd0635f5b7b882f593aaa81681f4 /src/providers | |
parent | 82d248c7e7d61dba7065a1a744823bc06c1b5b96 (diff) | |
download | sssd-c5711b0279ea85d69fe3c77dfb194360c346e1d7.tar.gz sssd-c5711b0279ea85d69fe3c77dfb194360c346e1d7.tar.bz2 sssd-c5711b0279ea85d69fe3c77dfb194360c346e1d7.zip |
IPA: store forest name for forest member domains
In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of
the forest must be known for a member domain of the forest.
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ad/ad_subdomains.c | 2 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 87 |
2 files changed, 87 insertions, 2 deletions
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index b95f4e46..e8345ae5 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -160,7 +160,7 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx, /* AD subdomains are currently all mpg and do not enumerate */ ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str, - true, false); + true, false, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n")); goto done; diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 496af42b..03b780d6 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -456,6 +456,84 @@ static errno_t ipa_subdom_enumerates(struct sss_domain_info *parent, return EOK; } +static errno_t ipa_subdom_get_forest(TALLOC_CTX *mem_ctx, + struct ldb_context *ldb_ctx, + struct sysdb_attrs *attrs, + char **_forest) +{ + int ret; + const char *orig_dn; + struct ldb_dn *dn = NULL; + const struct ldb_val *val; + char *forest = NULL; + + ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn); + if (ret) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); + goto done; + } + DEBUG(SSSDBG_TRACE_ALL, ("Checking if we need the forest name for [%s].\n", + orig_dn)); + + dn = ldb_dn_new(mem_ctx, ldb_ctx, orig_dn); + if (dn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("ldb_dn_new failed.\n")); + goto done; + } + + if (!ldb_dn_validate(dn)) { + DEBUG(SSSDBG_OP_FAILURE, ("Original DN [%s] is not a valid DN.\n", + orig_dn)); + ret = EINVAL; + goto done; + } + + if (ldb_dn_get_comp_num(dn) < 5) { + /* We are only interested in the member domain objects. In IPA the + * forest root object is stored as e.g. + * cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Member domains in the + * forest are children of the forest root object e.g. + * cn=SUB.AD.DOM,cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Since + * the forest name is not stored in the member objects we derive it + * from the RDN of the forest root object. */ + ret = EOK; + goto done; + } + + val = ldb_dn_get_component_val(dn, 3); + if (strncasecmp("trusts", (const char *) val->data, val->length) != 0) { + DEBUG(SSSDBG_TRACE_FUNC, + ("4th component is not 'trust', nothing to do.\n")); + ret = EOK; + goto done; + } + + val = ldb_dn_get_component_val(dn, 2); + if (strncasecmp("ad", (const char *) val->data, val->length) != 0) { + DEBUG(SSSDBG_TRACE_FUNC, + ("3rd component is not 'ad', nothing to do.\n")); + ret = EOK; + goto done; + } + + val = ldb_dn_get_component_val(dn, 1); + forest = talloc_strndup(mem_ctx, (const char *) val->data, val->length); + if (forest == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("talloc_strndup failed.\n")); + ret = ENOMEM; + goto done; + } + +done: + talloc_free(dn); + + if (ret == EOK) { + *_forest = forest; + } + + return ret; +} + static errno_t ipa_subdom_store(struct sss_domain_info *parent, struct sdap_idmap_ctx *sdap_idmap_ctx, struct sysdb_attrs *attrs, @@ -466,6 +544,7 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent, char *realm; const char *flat; const char *id; + char *forest = NULL; int ret; bool mpg; @@ -500,8 +579,14 @@ static errno_t ipa_subdom_store(struct sss_domain_info *parent, mpg = sdap_idmap_domain_has_algorithmic_mapping(sdap_idmap_ctx, id); + ret = ipa_subdom_get_forest(tmp_ctx, sysdb_ctx_get_ldb(parent->sysdb), + attrs, &forest); + if (ret != EOK) { + goto done; + } + ret = sysdb_subdomain_store(parent->sysdb, name, realm, flat, - id, mpg, enumerate); + id, mpg, enumerate, forest); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n")); goto done; |