summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@ipa-devel.ipa.devel>2015-01-16 12:35:57 +0100
committerSumit Bose <sbose@redhat.com>2016-07-06 16:41:09 +0200
commit7e3a0ebfec05a5eef7455ef7219cdda507568a23 (patch)
tree2c05d9c510ec67fa5f27f92cfa951509058af5af
parentf784532d4ed6f25cf8ba12f83a7c322515434855 (diff)
downloadfreeipa-7e3a0ebfec05a5eef7455ef7219cdda507568a23.tar.gz
freeipa-7e3a0ebfec05a5eef7455ef7219cdda507568a23.tar.xz
freeipa-7e3a0ebfec05a5eef7455ef7219cdda507568a23.zip
ipa-sam: use proper domain GUID
-rw-r--r--daemons/ipa-sam/ipa_sam.c28
1 files changed, 16 insertions, 12 deletions
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index 4c1fda5f8..8ed18bf5e 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -131,6 +131,7 @@ void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_i
#define LDAP_ATTRIBUTE_SUPPORTED_ENC_TYPE "ipaNTSupportedEncryptionTypes"
#define LDAP_ATTRIBUTE_TRUST_PARTNER "ipaNTTrustPartner"
#define LDAP_ATTRIBUTE_FLAT_NAME "ipaNTFlatName"
+#define LDAP_ATTRIBUTE_DOMAIN_GUID "ipaNTDomainGUID"
#define LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING "ipaNTTrustAuthOutgoing"
#define LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING "ipaNTTrustAuthIncoming"
#define LDAP_ATTRIBUTE_SECURITY_IDENTIFIER "ipaNTSecurityIdentifier"
@@ -194,6 +195,7 @@ struct ipasam_privates {
char *base_dn;
char *trust_dn;
char *flat_name;
+ char *guid;
struct dom_sid fallback_primary_group;
char *server_princ;
char *client_princ;
@@ -3522,8 +3524,6 @@ static struct pdb_domain_info *pdb_ipasam_get_domain_info(struct pdb_methods *pd
struct pdb_domain_info *info;
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)pdb_methods->private_data;
- char sid_buf[24];
- DATA_BLOB sid_blob;
NTSTATUS status;
info = talloc(mem_ctx, struct pdb_domain_info);
@@ -3551,16 +3551,7 @@ static struct pdb_domain_info *pdb_ipasam_get_domain_info(struct pdb_methods *pd
sid_copy(&info->sid, &ldap_state->domain_sid);
- if (!sid_linearize(sid_buf, sizeof(sid_buf), &info->sid)) {
- goto fail;
- }
-
- /* the first 8 bytes of the linearized SID are not random,
- * so we skip them */
- sid_blob.data = (uint8_t *) sid_buf + 8 ;
- sid_blob.length = 16;
-
- status = GUID_from_ndr_blob(&sid_blob, &info->guid);
+ status = GUID_from_string(ldap_state->ipasam_privates->guid, &info->guid);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
@@ -3661,6 +3652,7 @@ static NTSTATUS ipasam_search_domain_info(struct smbldap_state *ldap_state,
const char *filter = "objectClass=ipaNTDomainAttrs";
const char *attr_list[] = {
LDAP_ATTRIBUTE_FLAT_NAME,
+ LDAP_ATTRIBUTE_DOMAIN_GUID,
LDAP_ATTRIBUTE_SID,
LDAP_ATTRIBUTE_FALLBACK_PRIMARY_GROUP,
LDAP_ATTRIBUTE_OBJECTCLASS,
@@ -4574,6 +4566,18 @@ static NTSTATUS pdb_init_ipasam(struct pdb_methods **pdb_method,
return NT_STATUS_INVALID_PARAMETER;
}
+ ldap_state->ipasam_privates->guid = get_single_attribute(
+ ldap_state,
+ ldap_state->smbldap_state->ldap_struct,
+ entry,
+ LDAP_ATTRIBUTE_DOMAIN_GUID);
+ if (ldap_state->ipasam_privates->guid == NULL) {
+ DEBUG(0, ("Missing mandatory attribute %s.\n",
+ LDAP_ATTRIBUTE_DOMAIN_GUID));
+ ldap_msgfree(result);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
err = sss_idmap_init(idmap_talloc, ldap_state->ipasam_privates,
idmap_talloc_free,
&ldap_state->ipasam_privates->idmap_ctx);