From 6ac0feca0cdc66fc8d8a612e25d37a49d27c0233 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Tue, 17 Dec 2013 17:32:04 +0000 Subject: responder: Set forest attribute in AD domains Resolves: https://fedorahosted.org/sssd/ticket/2160 --- src/db/sysdb.h | 3 ++- src/db/sysdb_subdomains.c | 35 ++++++++++++++++++++++++++++- src/providers/ad/ad_domain_info.c | 46 +++++++++++++++++++++++++++++++------- src/providers/ad/ad_domain_info.h | 3 ++- src/providers/ad/ad_id.c | 5 +++-- src/providers/ad/ad_subdomains.c | 9 +++++--- src/providers/ipa/ipa_subdomains.c | 2 +- src/providers/ldap/sdap_access.c | 2 +- 8 files changed, 87 insertions(+), 18 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 255a135f0..9677294b2 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -388,7 +388,8 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain); errno_t sysdb_master_domain_update(struct sss_domain_info *domain); errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, - const char *flat, const char *id); + const char *flat, const char *id, + const char* forest); errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name); diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index 43c75799c..9c2926c00 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -208,6 +208,7 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain) SYSDB_SUBDOMAIN_REALM, SYSDB_SUBDOMAIN_FLAT, SYSDB_SUBDOMAIN_ID, + SYSDB_SUBDOMAIN_FOREST, NULL}; tmp_ctx = talloc_new(NULL); @@ -278,13 +279,27 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain) } } + tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FOREST, + NULL); + if (tmp_str != NULL && + (domain->forest == NULL || + strcasecmp(tmp_str, domain->forest) != 0)) { + talloc_free(domain->forest); + domain->forest = talloc_strdup(domain, tmp_str); + if (domain->forest == NULL) { + ret = ENOMEM; + goto done; + } + } + done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, - const char *flat, const char *id) + const char *flat, const char *id, + const char* forest) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; @@ -345,6 +360,24 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, do_update = true; } + if (forest != NULL && (domain->forest == NULL || + strcmp(domain->forest, forest) != 0)) { + ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FOREST, + LDB_FLAG_MOD_REPLACE, NULL); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FOREST, forest); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + do_update = true; + } + if (do_update == false) { ret = EOK; goto done; diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c index eff2034d1..5475c5bc7 100644 --- a/src/providers/ad/ad_domain_info.c +++ b/src/providers/ad/ad_domain_info.c @@ -41,9 +41,9 @@ #define MASTER_DOMAIN_SID_FILTER "objectclass=domain" static errno_t -netlogon_get_flat_name(TALLOC_CTX *mem_ctx, - struct sysdb_attrs *reply, - char **_flat_name) +netlogon_get_domain_info(TALLOC_CTX *mem_ctx, + struct sysdb_attrs *reply, + char **_flat_name, char **_forest) { errno_t ret; struct ldb_message_element *el; @@ -52,6 +52,7 @@ netlogon_get_flat_name(TALLOC_CTX *mem_ctx, enum ndr_err_code ndr_err; struct netlogon_samlogon_response response; const char *flat_name; + const char *forest; ret = sysdb_attrs_get_el(reply, AD_AT_NETLOGON, &el); if (ret != EOK) { @@ -92,11 +93,13 @@ netlogon_get_flat_name(TALLOC_CTX *mem_ctx, goto done; } + /* get flat name */ if (response.data.nt5_ex.domain_name != NULL && *response.data.nt5_ex.domain_name != '\0') { flat_name = response.data.nt5_ex.domain_name; } else { - DEBUG(SSSDBG_MINOR_FAILURE, ("No netlogon data available\n")); + DEBUG(SSSDBG_MINOR_FAILURE, + ("No netlogon domain name data available\n")); ret = ENOENT; goto done; } @@ -107,6 +110,24 @@ netlogon_get_flat_name(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } + + /* get forest */ + if (response.data.nt5_ex.forest != NULL && + *response.data.nt5_ex.forest != '\0') { + forest = response.data.nt5_ex.forest; + } else { + DEBUG(SSSDBG_MINOR_FAILURE, ("No netlogon forest data available\n")); + ret = ENOENT; + goto done; + } + + *_forest = talloc_strdup(mem_ctx, forest); + if (*_forest == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); + ret = ENOMEM; + goto done; + } + ret = EOK; done: talloc_free(ndr_pull); @@ -124,6 +145,7 @@ struct ad_master_domain_state { int base_iter; char *flat; + char *forest; char *sid; }; @@ -338,14 +360,17 @@ ad_master_domain_netlogon_done(struct tevent_req *subreq) /* Exactly one flat name. Carry on */ - ret = netlogon_get_flat_name(state, reply[0], &state->flat); + ret = netlogon_get_domain_info(state, reply[0], &state->flat, + &state->forest); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, ("Could not get the flat name\n")); + DEBUG(SSSDBG_MINOR_FAILURE, + ("Could not get the flat name or forest\n")); /* Not fatal. Just quit. */ goto done; } - DEBUG(SSSDBG_TRACE_FUNC, ("Found flat name [%s].\n", state->flat)); + DEBUG(SSSDBG_TRACE_FUNC, ("Found forest [%s].\n", state->forest)); + done: tevent_req_done(req); return; @@ -355,7 +380,8 @@ errno_t ad_master_domain_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **_flat, - char **_id) + char **_id, + char **_forest) { struct ad_master_domain_state *state = tevent_req_data(req, struct ad_master_domain_state); @@ -366,6 +392,10 @@ ad_master_domain_recv(struct tevent_req *req, *_flat = talloc_steal(mem_ctx, state->flat); } + if (_forest) { + *_forest = talloc_steal(mem_ctx, state->forest); + } + if (_id) { *_id = talloc_steal(mem_ctx, state->sid); } diff --git a/src/providers/ad/ad_domain_info.h b/src/providers/ad/ad_domain_info.h index d21706396..d3a6416ce 100644 --- a/src/providers/ad/ad_domain_info.h +++ b/src/providers/ad/ad_domain_info.h @@ -36,6 +36,7 @@ errno_t ad_master_domain_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **_flat, - char **_id); + char **_id, + char **_forest); #endif /* _AD_MASTER_DOMAIN_H_ */ diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index e47c41863..44bfa0098 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -519,9 +519,10 @@ ad_enumeration_master_done(struct tevent_req *subreq) struct ad_enumeration_state); char *flat_name; char *master_sid; + char *forest; ret = ad_master_domain_recv(subreq, state, - &flat_name, &master_sid); + &flat_name, &master_sid, &forest); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve master domain info\n")); @@ -530,7 +531,7 @@ ad_enumeration_master_done(struct tevent_req *subreq) } ret = sysdb_master_domain_add_info(state->sdom->dom, - flat_name, master_sid); + flat_name, master_sid, forest); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot save master domain info\n")); tevent_req_error(req, ret); diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index e438a688c..62c3e16d0 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -85,6 +85,7 @@ struct ad_subdomains_req_ctx { char *master_sid; char *flat_name; + char *forest; }; static errno_t @@ -294,7 +295,7 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx, /* AD subdomains are currently all mpg and do not enumerate */ ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str, - mpg, false, NULL); + mpg, false, domain->forest); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n")); goto done; @@ -539,7 +540,8 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req) ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx); ret = ad_master_domain_recv(req, ctx, - &ctx->flat_name, &ctx->master_sid); + &ctx->flat_name, &ctx->master_sid, + &ctx->forest); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve master domain info\n")); @@ -547,7 +549,8 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req) } ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain, - ctx->flat_name, ctx->master_sid); + ctx->flat_name, ctx->master_sid, + ctx->forest); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot save master domain info\n")); goto done; diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 9efbd725f..d9c204451 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -1076,7 +1076,7 @@ static void ipa_subdomains_handler_master_done(struct tevent_req *req) } ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain, - flat, id); + flat, id, NULL); } else { ctx->search_base_iter++; ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_MASTER); diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 6b387271a..f0df24e7f 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -214,7 +214,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq) ret = sdap_access_filter_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(1, ("Error retrieving access check result.\n")); + DEBUG(SSSDBG_CRIT_FAILURE, ("Error retrieving access check result.\n")); tevent_req_error(req, ret); return; } -- cgit