summaryrefslogtreecommitdiffstats
path: root/src/providers
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ipa/ipa_subdomains.c47
-rw-r--r--src/providers/ipa/ipa_subdomains.h6
-rw-r--r--src/providers/ipa/ipa_subdomains_utils.c100
3 files changed, 111 insertions, 42 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 2a898d7eb..5a3f90fe3 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -328,56 +328,18 @@ static errno_t ipa_subdom_get_forest(TALLOC_CTX *mem_ctx,
char **_forest)
{
int ret;
- const char *orig_dn;
struct ldb_dn *dn = NULL;
const struct ldb_val *val;
char *forest = NULL;
- ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn);
- if (ret) {
- DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
- goto done;
- }
- DEBUG(SSSDBG_TRACE_ALL, "Checking if we need the forest name for [%s].\n",
- orig_dn);
-
- dn = ldb_dn_new(mem_ctx, ldb_ctx, orig_dn);
+ dn = ipa_subdom_ldb_dn(mem_ctx, ldb_ctx, attrs);
if (dn == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
- goto done;
- }
-
- if (!ldb_dn_validate(dn)) {
- DEBUG(SSSDBG_OP_FAILURE, "Original DN [%s] is not a valid DN.\n",
- orig_dn);
- ret = EINVAL;
- goto done;
- }
-
- if (ldb_dn_get_comp_num(dn) < 5) {
- /* We are only interested in the member domain objects. In IPA the
- * forest root object is stored as e.g.
- * cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Member domains in the
- * forest are children of the forest root object e.g.
- * cn=SUB.AD.DOM,cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Since
- * the forest name is not stored in the member objects we derive it
- * from the RDN of the forest root object. */
- ret = EOK;
- goto done;
- }
-
- val = ldb_dn_get_component_val(dn, 3);
- if (strncasecmp("trusts", (const char *) val->data, val->length) != 0) {
- DEBUG(SSSDBG_TRACE_FUNC,
- "4th component is not 'trust', nothing to do.\n");
- ret = EOK;
+ DEBUG(SSSDBG_OP_FAILURE, "ipa_subdom_ldb_dn failed.\n");
+ ret = EIO;
goto done;
}
- val = ldb_dn_get_component_val(dn, 2);
- if (strncasecmp("ad", (const char *) val->data, val->length) != 0) {
- DEBUG(SSSDBG_TRACE_FUNC,
- "3rd component is not 'ad', nothing to do.\n");
+ if (ipa_subdom_is_member_dom(dn) == false) {
ret = EOK;
goto done;
}
@@ -390,6 +352,7 @@ static errno_t ipa_subdom_get_forest(TALLOC_CTX *mem_ctx,
goto done;
}
+ ret = EOK;
done:
talloc_free(dn);
diff --git a/src/providers/ipa/ipa_subdomains.h b/src/providers/ipa/ipa_subdomains.h
index d92bd01e8..94027c091 100644
--- a/src/providers/ipa/ipa_subdomains.h
+++ b/src/providers/ipa/ipa_subdomains.h
@@ -59,6 +59,12 @@ void ipa_ad_subdom_remove(struct be_ctx *be_ctx,
int ipa_ad_subdom_init(struct be_ctx *be_ctx,
struct ipa_id_ctx *id_ctx);
+struct ldb_dn *ipa_subdom_ldb_dn(TALLOC_CTX *mem_ctx,
+ struct ldb_context *ldb_ctx,
+ struct sysdb_attrs *attrs);
+
+bool ipa_subdom_is_member_dom(struct ldb_dn *dn);
+
/* struct for external group memberships, defined in
* ipa_subdomains_ext_groups.c */
struct ipa_ext_groups;
diff --git a/src/providers/ipa/ipa_subdomains_utils.c b/src/providers/ipa/ipa_subdomains_utils.c
new file mode 100644
index 000000000..27fc0a4d1
--- /dev/null
+++ b/src/providers/ipa/ipa_subdomains_utils.c
@@ -0,0 +1,100 @@
+/*
+ SSSD
+
+ IPA Subdomains Module - utilities
+
+ Authors:
+ Sumit Bose <sbose@redhat.com>
+
+ Copyright (C) 2015 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "providers/ipa/ipa_subdomains.h"
+#include "providers/ipa/ipa_common.h"
+#include "providers/ipa/ipa_id.h"
+
+struct ldb_dn *ipa_subdom_ldb_dn(TALLOC_CTX *mem_ctx,
+ struct ldb_context *ldb_ctx,
+ struct sysdb_attrs *attrs)
+{
+ int ret;
+ const char *orig_dn;
+ struct ldb_dn *dn = NULL;
+
+ if (attrs == NULL || ldb_ctx == NULL) {
+ return NULL;
+ }
+
+ ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn);
+ if (ret) {
+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed: %d\n", ret);
+ return NULL;
+ }
+
+ dn = ldb_dn_new(mem_ctx, ldb_ctx, orig_dn);
+ if (dn == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
+ return NULL;
+ }
+
+ if (!ldb_dn_validate(dn)) {
+ DEBUG(SSSDBG_OP_FAILURE, "Original DN [%s] is not a valid DN.\n",
+ orig_dn);
+ talloc_free(dn);
+ return NULL;
+ }
+
+ return dn;
+}
+
+bool ipa_subdom_is_member_dom(struct ldb_dn *dn)
+{
+ const struct ldb_val *val;
+
+ if (dn == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Wrong input!\n");
+ return false;
+ }
+
+ if (ldb_dn_get_comp_num(dn) < 5) {
+ /* We are only interested in the member domain objects. In IPA the
+ * forest root object is stored as e.g.
+ * cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Member domains in the
+ * forest are children of the forest root object e.g.
+ * cn=SUB.AD.DOM,cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Since
+ * the forest name is not stored in the member objects we derive it
+ * from the RDN of the forest root object. */
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "DN too short, not a member domain\n");
+ return false;
+ }
+
+ val = ldb_dn_get_component_val(dn, 3);
+ if (strncasecmp("trusts", (const char *) val->data, val->length) != 0) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "4th component is not 'trust', not a member domain\n");
+ return false;
+ }
+
+ val = ldb_dn_get_component_val(dn, 2);
+ if (strncasecmp("ad", (const char *) val->data, val->length) != 0) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "3rd component is not 'ad', not a member domain\n");
+ return false;
+ }
+
+ return true;
+}