diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2013-09-27 12:39:57 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-10-04 10:25:31 +0200 |
| commit | f734988e24012bccdc5f982d56795213f9733f84 (patch) | |
| tree | ab699fa22a98390766a6345b19da6a85f915aebd /ipaserver | |
| parent | a87813bf420c19a99b1a19711e63d231cd4afd86 (diff) | |
| download | freeipa-f734988e24012bccdc5f982d56795213f9733f84.tar.gz freeipa-f734988e24012bccdc5f982d56795213f9733f84.tar.xz freeipa-f734988e24012bccdc5f982d56795213f9733f84.zip | |
trust: integrate subdomains support into trust-add
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/dcerpc.py | 80 |
1 files changed, 47 insertions, 33 deletions
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 2b0da45b..86bb4288 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -939,7 +939,8 @@ class TrustDomainInstance(object): return True return False -def fetch_domains(api, mydomain, trustdomain): + +def fetch_domains(api, mydomain, trustdomain, creds=None): trust_flags = dict( NETR_TRUST_FLAG_IN_FOREST = 0x00000001, NETR_TRUST_FLAG_OUTBOUND = 0x00000002, @@ -959,38 +960,51 @@ def fetch_domains(api, mydomain, trustdomain): NETR_TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020, NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040) - domval = DomainValidator(api) - (ccache_name, principal) = domval.kinit_as_http(trustdomain) - if ccache_name: - with installutils.private_ccache(path=ccache_name): - td = TrustDomainInstance('') - td.parm.set('workgroup', mydomain) - td.creds = credentials.Credentials() - td.creds.set_kerberos_state(credentials.MUST_USE_KERBEROS) - td.creds.guess(td.parm) - netrc = net.Net(creds=td.creds, lp=td.parm) - try: - result = netrc.finddc(domain=trustdomain, flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS) - except RuntimeError, e: - raise assess_dcerpc_exception(message=str(e)) - if not result: - return None - td.retrieve(unicode(result.pdc_dns_name)) - - netr_pipe = netlogon.netlogon(td.binding, td.parm, td.creds) - domains = netr_pipe.netr_DsrEnumerateDomainTrusts(td.binding, 1) - - result = [] - for t in domains.array: - if ((t.trust_attributes & trust_attributes['NETR_TRUST_ATTRIBUTE_WITHIN_FOREST']) and - (t.trust_flags & trust_flags['NETR_TRUST_FLAG_IN_FOREST'])): - res = dict() - res['cn'] = unicode(t.dns_name) - res['ipantflatname'] = unicode(t.netbios_name) - res['ipanttrusteddomainsid'] = unicode(t.sid) - res['ipanttrustpartner'] = res['cn'] - result.append(res) - return result + def communicate(td): + td.creds.guess(td.parm) + netrc = net.Net(creds=td.creds, lp=td.parm) + try: + result = netrc.finddc(domain=trustdomain, flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS) + except RuntimeError, e: + raise assess_dcerpc_exception(message=str(e)) + if not result: + return None + td.retrieve(unicode(result.pdc_dns_name)) + + netr_pipe = netlogon.netlogon(td.binding, td.parm, td.creds) + domains = netr_pipe.netr_DsrEnumerateDomainTrusts(td.binding, 1) + return domains + + domains = None + td = TrustDomainInstance('') + td.parm.set('workgroup', mydomain) + td.creds = credentials.Credentials() + if creds is None: + domval = DomainValidator(api) + (ccache_name, principal) = domval.kinit_as_http(trustdomain) + td.creds.set_kerberos_state(credentials.MUST_USE_KERBEROS) + if ccache_name: + with installutils.private_ccache(path=ccache_name): + domains = communicate(td) + else: + td.creds.set_kerberos_state(credentials.DONT_USE_KERBEROS) + td.creds.parse_string(creds) + domains = communicate(td) + + if domains is None: + return None + + result = [] + for t in domains.array: + if ((t.trust_attributes & trust_attributes['NETR_TRUST_ATTRIBUTE_WITHIN_FOREST']) and + (t.trust_flags & trust_flags['NETR_TRUST_FLAG_IN_FOREST'])): + res = dict() + res['cn'] = unicode(t.dns_name) + res['ipantflatname'] = unicode(t.netbios_name) + res['ipanttrusteddomainsid'] = unicode(t.sid) + res['ipanttrustpartner'] = res['cn'] + result.append(res) + return result class TrustDomainJoins(object): |