summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPavel Reichl <pavel.reichl@redhat.com>2013-12-17 17:32:04 +0000
committerJakub Hrozek <jhrozek@redhat.com>2014-01-09 11:50:59 +0100
commit17195241500e46272018d7897d6e87249870caf2 (patch)
treed4cd863028e0f1b210110160b0fab1f9fdbd9e17 /src
parentfe521d1ad610920ce5411589a158157d6a5f0794 (diff)
downloadsssd-17195241500e46272018d7897d6e87249870caf2.tar.gz
sssd-17195241500e46272018d7897d6e87249870caf2.tar.xz
sssd-17195241500e46272018d7897d6e87249870caf2.zip
responder: Set forest attribute in AD domains
Resolves: https://fedorahosted.org/sssd/ticket/2160
Diffstat (limited to 'src')
-rw-r--r--src/db/sysdb.h3
-rw-r--r--src/db/sysdb_subdomains.c35
-rw-r--r--src/providers/ad/ad_domain_info.c46
-rw-r--r--src/providers/ad/ad_domain_info.h3
-rw-r--r--src/providers/ad/ad_id.c5
-rw-r--r--src/providers/ad/ad_subdomains.c9
-rw-r--r--src/providers/ipa/ipa_subdomains.c2
-rw-r--r--src/providers/ldap/sdap_access.c2
8 files changed, 87 insertions, 18 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 7b5bf8710..1f779875d 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -385,7 +385,8 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain);
errno_t sysdb_master_domain_update(struct sss_domain_info *domain);
errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
- const char *flat, const char *id);
+ const char *flat, const char *id,
+ const char* forest);
errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name);
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index 43c75799c..9c2926c00 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -208,6 +208,7 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
SYSDB_SUBDOMAIN_REALM,
SYSDB_SUBDOMAIN_FLAT,
SYSDB_SUBDOMAIN_ID,
+ SYSDB_SUBDOMAIN_FOREST,
NULL};
tmp_ctx = talloc_new(NULL);
@@ -278,13 +279,27 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
}
}
+ tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FOREST,
+ NULL);
+ if (tmp_str != NULL &&
+ (domain->forest == NULL ||
+ strcasecmp(tmp_str, domain->forest) != 0)) {
+ talloc_free(domain->forest);
+ domain->forest = talloc_strdup(domain, tmp_str);
+ if (domain->forest == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
- const char *flat, const char *id)
+ const char *flat, const char *id,
+ const char* forest)
{
TALLOC_CTX *tmp_ctx;
struct ldb_message *msg;
@@ -345,6 +360,24 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
do_update = true;
}
+ if (forest != NULL && (domain->forest == NULL ||
+ strcmp(domain->forest, forest) != 0)) {
+ ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FOREST,
+ LDB_FLAG_MOD_REPLACE, NULL);
+ if (ret != LDB_SUCCESS) {
+ ret = sysdb_error_to_errno(ret);
+ goto done;
+ }
+
+ ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FOREST, forest);
+ if (ret != LDB_SUCCESS) {
+ ret = sysdb_error_to_errno(ret);
+ goto done;
+ }
+
+ do_update = true;
+ }
+
if (do_update == false) {
ret = EOK;
goto done;
diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
index c24da939f..e8987a482 100644
--- a/src/providers/ad/ad_domain_info.c
+++ b/src/providers/ad/ad_domain_info.c
@@ -42,9 +42,9 @@
#define MASTER_DOMAIN_SID_FILTER "objectclass=domain"
static errno_t
-netlogon_get_flat_name(TALLOC_CTX *mem_ctx,
- struct sysdb_attrs *reply,
- char **_flat_name)
+netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
+ struct sysdb_attrs *reply,
+ char **_flat_name, char **_forest)
{
errno_t ret;
struct ldb_message_element *el;
@@ -53,6 +53,7 @@ netlogon_get_flat_name(TALLOC_CTX *mem_ctx,
enum ndr_err_code ndr_err;
struct netlogon_samlogon_response response;
const char *flat_name;
+ const char *forest;
ret = sysdb_attrs_get_el(reply, AD_AT_NETLOGON, &el);
if (ret != EOK) {
@@ -93,11 +94,13 @@ netlogon_get_flat_name(TALLOC_CTX *mem_ctx,
goto done;
}
+ /* get flat name */
if (response.data.nt5_ex.domain_name != NULL &&
*response.data.nt5_ex.domain_name != '\0') {
flat_name = response.data.nt5_ex.domain_name;
} else {
- DEBUG(SSSDBG_MINOR_FAILURE, ("No netlogon data available\n"));
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("No netlogon domain name data available\n"));
ret = ENOENT;
goto done;
}
@@ -108,6 +111,24 @@ netlogon_get_flat_name(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto done;
}
+
+ /* get forest */
+ if (response.data.nt5_ex.forest != NULL &&
+ *response.data.nt5_ex.forest != '\0') {
+ forest = response.data.nt5_ex.forest;
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("No netlogon forest data available\n"));
+ ret = ENOENT;
+ goto done;
+ }
+
+ *_forest = talloc_strdup(mem_ctx, forest);
+ if (*_forest == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+
ret = EOK;
done:
talloc_free(ndr_pull);
@@ -125,6 +146,7 @@ struct ad_master_domain_state {
int base_iter;
char *flat;
+ char *forest;
char *sid;
};
@@ -339,14 +361,17 @@ ad_master_domain_netlogon_done(struct tevent_req *subreq)
/* Exactly one flat name. Carry on */
- ret = netlogon_get_flat_name(state, reply[0], &state->flat);
+ ret = netlogon_get_domain_info(state, reply[0], &state->flat,
+ &state->forest);
if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, ("Could not get the flat name\n"));
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Could not get the flat name or forest\n"));
/* Not fatal. Just quit. */
goto done;
}
-
DEBUG(SSSDBG_TRACE_FUNC, ("Found flat name [%s].\n", state->flat));
+ DEBUG(SSSDBG_TRACE_FUNC, ("Found forest [%s].\n", state->forest));
+
done:
tevent_req_done(req);
return;
@@ -356,7 +381,8 @@ errno_t
ad_master_domain_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
char **_flat,
- char **_id)
+ char **_id,
+ char **_forest)
{
struct ad_master_domain_state *state = tevent_req_data(req,
struct ad_master_domain_state);
@@ -367,6 +393,10 @@ ad_master_domain_recv(struct tevent_req *req,
*_flat = talloc_steal(mem_ctx, state->flat);
}
+ if (_forest) {
+ *_forest = talloc_steal(mem_ctx, state->forest);
+ }
+
if (_id) {
*_id = talloc_steal(mem_ctx, state->sid);
}
diff --git a/src/providers/ad/ad_domain_info.h b/src/providers/ad/ad_domain_info.h
index d21706396..d3a6416ce 100644
--- a/src/providers/ad/ad_domain_info.h
+++ b/src/providers/ad/ad_domain_info.h
@@ -36,6 +36,7 @@ errno_t
ad_master_domain_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
char **_flat,
- char **_id);
+ char **_id,
+ char **_forest);
#endif /* _AD_MASTER_DOMAIN_H_ */
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
index 0280d755c..0a2afda58 100644
--- a/src/providers/ad/ad_id.c
+++ b/src/providers/ad/ad_id.c
@@ -519,9 +519,10 @@ ad_enumeration_master_done(struct tevent_req *subreq)
struct ad_enumeration_state);
char *flat_name;
char *master_sid;
+ char *forest;
ret = ad_master_domain_recv(subreq, state,
- &flat_name, &master_sid);
+ &flat_name, &master_sid, &forest);
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve master domain info\n"));
@@ -530,7 +531,7 @@ ad_enumeration_master_done(struct tevent_req *subreq)
}
ret = sysdb_master_domain_add_info(state->sdom->dom,
- flat_name, master_sid);
+ flat_name, master_sid, forest);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Cannot save master domain info\n"));
tevent_req_error(req, ret);
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index e438a688c..62c3e16d0 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -85,6 +85,7 @@ struct ad_subdomains_req_ctx {
char *master_sid;
char *flat_name;
+ char *forest;
};
static errno_t
@@ -294,7 +295,7 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx,
/* AD subdomains are currently all mpg and do not enumerate */
ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str,
- mpg, false, NULL);
+ mpg, false, domain->forest);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n"));
goto done;
@@ -539,7 +540,8 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req)
ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx);
ret = ad_master_domain_recv(req, ctx,
- &ctx->flat_name, &ctx->master_sid);
+ &ctx->flat_name, &ctx->master_sid,
+ &ctx->forest);
talloc_zfree(req);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve master domain info\n"));
@@ -547,7 +549,8 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req)
}
ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain,
- ctx->flat_name, ctx->master_sid);
+ ctx->flat_name, ctx->master_sid,
+ ctx->forest);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Cannot save master domain info\n"));
goto done;
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 9efbd725f..d9c204451 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -1076,7 +1076,7 @@ static void ipa_subdomains_handler_master_done(struct tevent_req *req)
}
ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain,
- flat, id);
+ flat, id, NULL);
} else {
ctx->search_base_iter++;
ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_MASTER);
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index e93400db1..91a180764 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -213,7 +213,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq)
ret = sdap_access_filter_recv(subreq);
talloc_zfree(subreq);
if (ret != EOK) {
- DEBUG(1, ("Error retrieving access check result.\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Error retrieving access check result.\n"));
tevent_req_error(req, ret);
return;
}