diff options
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 47 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains.h | 6 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains_utils.c | 100 |
3 files changed, 111 insertions, 42 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 2a898d7eb..5a3f90fe3 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -328,56 +328,18 @@ static errno_t ipa_subdom_get_forest(TALLOC_CTX *mem_ctx, char **_forest) { int ret; - const char *orig_dn; struct ldb_dn *dn = NULL; const struct ldb_val *val; char *forest = NULL; - ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn); - if (ret) { - DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n"); - goto done; - } - DEBUG(SSSDBG_TRACE_ALL, "Checking if we need the forest name for [%s].\n", - orig_dn); - - dn = ldb_dn_new(mem_ctx, ldb_ctx, orig_dn); + dn = ipa_subdom_ldb_dn(mem_ctx, ldb_ctx, attrs); if (dn == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n"); - goto done; - } - - if (!ldb_dn_validate(dn)) { - DEBUG(SSSDBG_OP_FAILURE, "Original DN [%s] is not a valid DN.\n", - orig_dn); - ret = EINVAL; - goto done; - } - - if (ldb_dn_get_comp_num(dn) < 5) { - /* We are only interested in the member domain objects. In IPA the - * forest root object is stored as e.g. - * cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Member domains in the - * forest are children of the forest root object e.g. - * cn=SUB.AD.DOM,cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Since - * the forest name is not stored in the member objects we derive it - * from the RDN of the forest root object. */ - ret = EOK; - goto done; - } - - val = ldb_dn_get_component_val(dn, 3); - if (strncasecmp("trusts", (const char *) val->data, val->length) != 0) { - DEBUG(SSSDBG_TRACE_FUNC, - "4th component is not 'trust', nothing to do.\n"); - ret = EOK; + DEBUG(SSSDBG_OP_FAILURE, "ipa_subdom_ldb_dn failed.\n"); + ret = EIO; goto done; } - val = ldb_dn_get_component_val(dn, 2); - if (strncasecmp("ad", (const char *) val->data, val->length) != 0) { - DEBUG(SSSDBG_TRACE_FUNC, - "3rd component is not 'ad', nothing to do.\n"); + if (ipa_subdom_is_member_dom(dn) == false) { ret = EOK; goto done; } @@ -390,6 +352,7 @@ static errno_t ipa_subdom_get_forest(TALLOC_CTX *mem_ctx, goto done; } + ret = EOK; done: talloc_free(dn); diff --git a/src/providers/ipa/ipa_subdomains.h b/src/providers/ipa/ipa_subdomains.h index d92bd01e8..94027c091 100644 --- a/src/providers/ipa/ipa_subdomains.h +++ b/src/providers/ipa/ipa_subdomains.h @@ -59,6 +59,12 @@ void ipa_ad_subdom_remove(struct be_ctx *be_ctx, int ipa_ad_subdom_init(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx); +struct ldb_dn *ipa_subdom_ldb_dn(TALLOC_CTX *mem_ctx, + struct ldb_context *ldb_ctx, + struct sysdb_attrs *attrs); + +bool ipa_subdom_is_member_dom(struct ldb_dn *dn); + /* struct for external group memberships, defined in * ipa_subdomains_ext_groups.c */ struct ipa_ext_groups; diff --git a/src/providers/ipa/ipa_subdomains_utils.c b/src/providers/ipa/ipa_subdomains_utils.c new file mode 100644 index 000000000..27fc0a4d1 --- /dev/null +++ b/src/providers/ipa/ipa_subdomains_utils.c @@ -0,0 +1,100 @@ +/* + SSSD + + IPA Subdomains Module - utilities + + Authors: + Sumit Bose <sbose@redhat.com> + + Copyright (C) 2015 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "providers/ipa/ipa_subdomains.h" +#include "providers/ipa/ipa_common.h" +#include "providers/ipa/ipa_id.h" + +struct ldb_dn *ipa_subdom_ldb_dn(TALLOC_CTX *mem_ctx, + struct ldb_context *ldb_ctx, + struct sysdb_attrs *attrs) +{ + int ret; + const char *orig_dn; + struct ldb_dn *dn = NULL; + + if (attrs == NULL || ldb_ctx == NULL) { + return NULL; + } + + ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn); + if (ret) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed: %d\n", ret); + return NULL; + } + + dn = ldb_dn_new(mem_ctx, ldb_ctx, orig_dn); + if (dn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n"); + return NULL; + } + + if (!ldb_dn_validate(dn)) { + DEBUG(SSSDBG_OP_FAILURE, "Original DN [%s] is not a valid DN.\n", + orig_dn); + talloc_free(dn); + return NULL; + } + + return dn; +} + +bool ipa_subdom_is_member_dom(struct ldb_dn *dn) +{ + const struct ldb_val *val; + + if (dn == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Wrong input!\n"); + return false; + } + + if (ldb_dn_get_comp_num(dn) < 5) { + /* We are only interested in the member domain objects. In IPA the + * forest root object is stored as e.g. + * cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Member domains in the + * forest are children of the forest root object e.g. + * cn=SUB.AD.DOM,cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Since + * the forest name is not stored in the member objects we derive it + * from the RDN of the forest root object. */ + DEBUG(SSSDBG_TRACE_FUNC, + "DN too short, not a member domain\n"); + return false; + } + + val = ldb_dn_get_component_val(dn, 3); + if (strncasecmp("trusts", (const char *) val->data, val->length) != 0) { + DEBUG(SSSDBG_TRACE_FUNC, + "4th component is not 'trust', not a member domain\n"); + return false; + } + + val = ldb_dn_get_component_val(dn, 2); + if (strncasecmp("ad", (const char *) val->data, val->length) != 0) { + DEBUG(SSSDBG_TRACE_FUNC, + "3rd component is not 'ad', not a member domain\n"); + return false; + } + + return true; +} |