From 4a856d8ff597ec516cc1eb05f06e062bb4ecca5b Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Thu, 28 May 2015 11:49:58 +0000 Subject: trusts: pass AD DC hostname if specified explicitly Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1222047 --- API.txt | 3 ++- VERSION | 2 +- ipalib/plugins/trust.py | 9 ++++++++- ipaserver/dcerpc.py | 10 +++++++--- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/API.txt b/API.txt index e226712d3..f3b4df8d4 100644 --- a/API.txt +++ b/API.txt @@ -4998,10 +4998,11 @@ output: Output('result', , None) output: Output('summary', (, ), None) output: ListOfPrimaryKeys('value', None, None) command: trust_fetch_domains -args: 1,4,4 +args: 1,5,4 arg: Str('cn', attribute=True, cli_name='realm', multivalue=False, primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('realm_server?', cli_name='server') option: Flag('rights', autofill=True, default=False) option: Str('version?', exclude='webui') output: Output('count', , None) diff --git a/VERSION b/VERSION index 266a04af1..c31ddfc97 100644 --- a/VERSION +++ b/VERSION @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=137 +IPA_API_VERSION_MINOR=138 # Last change: mbabinsk: Commands to manage user/host/service certificates diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index 5b884ca89..13ac52ddd 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -1302,9 +1302,10 @@ def fetch_domains_from_trust(self, trustinstance, trust_entry, **options): sp.insert(0, trustinstance.remote_domain.info['name']) creds = u"{name}%{password}".format(name="\\".join(sp), password=password) + server = options.get('realm_server', None) domains = ipaserver.dcerpc.fetch_domains(self.api, trustinstance.local_flatname, - trust_name, creds=creds) + trust_name, creds=creds, server=server) result = [] if not domains: return result @@ -1342,6 +1343,12 @@ class trust_fetch_domains(LDAPRetrieve): __doc__ = _('Refresh list of the domains associated with the trust') has_output = output.standard_list_of_entries + takes_options = LDAPRetrieve.takes_options + ( + Str('realm_server?', + cli_name='server', + label=_('Domain controller for the Active Directory domain (optional)'), + ), + ) def execute(self, *keys, **options): if not _bindings_installed: diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 725b2cd90..753e10e97 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -1046,7 +1046,7 @@ class TrustDomainInstance(object): return False -def fetch_domains(api, mydomain, trustdomain, creds=None): +def fetch_domains(api, mydomain, trustdomain, creds=None, server=None): trust_flags = dict( NETR_TRUST_FLAG_IN_FOREST = 0x00000001, NETR_TRUST_FLAG_OUTBOUND = 0x00000002, @@ -1087,8 +1087,12 @@ def fetch_domains(api, mydomain, trustdomain, creds=None): cr.set_workstation(domain_validator.flatname) netrc = net.Net(creds=cr, lp=td.parm) try: - result = netrc.finddc(domain=trustdomain, - flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS) + if server: + result = netrc.finddc(address=server, + flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS) + else: + result = netrc.finddc(domain=trustdomain, + flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS) except RuntimeError, e: raise assess_dcerpc_exception(message=str(e)) -- cgit