diff options
author | Sumit Bose <sbose@ipa-devel.ipa.devel> | 2015-01-16 12:35:57 +0100 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2016-07-06 16:41:09 +0200 |
commit | 7e3a0ebfec05a5eef7455ef7219cdda507568a23 (patch) | |
tree | 2c05d9c510ec67fa5f27f92cfa951509058af5af | |
parent | f784532d4ed6f25cf8ba12f83a7c322515434855 (diff) | |
download | freeipa-7e3a0ebfec05a5eef7455ef7219cdda507568a23.tar.gz freeipa-7e3a0ebfec05a5eef7455ef7219cdda507568a23.tar.xz freeipa-7e3a0ebfec05a5eef7455ef7219cdda507568a23.zip |
ipa-sam: use proper domain GUID
-rw-r--r-- | daemons/ipa-sam/ipa_sam.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c index 4c1fda5f8..8ed18bf5e 100644 --- a/daemons/ipa-sam/ipa_sam.c +++ b/daemons/ipa-sam/ipa_sam.c @@ -131,6 +131,7 @@ void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_i #define LDAP_ATTRIBUTE_SUPPORTED_ENC_TYPE "ipaNTSupportedEncryptionTypes" #define LDAP_ATTRIBUTE_TRUST_PARTNER "ipaNTTrustPartner" #define LDAP_ATTRIBUTE_FLAT_NAME "ipaNTFlatName" +#define LDAP_ATTRIBUTE_DOMAIN_GUID "ipaNTDomainGUID" #define LDAP_ATTRIBUTE_TRUST_AUTH_OUTGOING "ipaNTTrustAuthOutgoing" #define LDAP_ATTRIBUTE_TRUST_AUTH_INCOMING "ipaNTTrustAuthIncoming" #define LDAP_ATTRIBUTE_SECURITY_IDENTIFIER "ipaNTSecurityIdentifier" @@ -194,6 +195,7 @@ struct ipasam_privates { char *base_dn; char *trust_dn; char *flat_name; + char *guid; struct dom_sid fallback_primary_group; char *server_princ; char *client_princ; @@ -3522,8 +3524,6 @@ static struct pdb_domain_info *pdb_ipasam_get_domain_info(struct pdb_methods *pd struct pdb_domain_info *info; struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)pdb_methods->private_data; - char sid_buf[24]; - DATA_BLOB sid_blob; NTSTATUS status; info = talloc(mem_ctx, struct pdb_domain_info); @@ -3551,16 +3551,7 @@ static struct pdb_domain_info *pdb_ipasam_get_domain_info(struct pdb_methods *pd sid_copy(&info->sid, &ldap_state->domain_sid); - if (!sid_linearize(sid_buf, sizeof(sid_buf), &info->sid)) { - goto fail; - } - - /* the first 8 bytes of the linearized SID are not random, - * so we skip them */ - sid_blob.data = (uint8_t *) sid_buf + 8 ; - sid_blob.length = 16; - - status = GUID_from_ndr_blob(&sid_blob, &info->guid); + status = GUID_from_string(ldap_state->ipasam_privates->guid, &info->guid); if (!NT_STATUS_IS_OK(status)) { goto fail; } @@ -3661,6 +3652,7 @@ static NTSTATUS ipasam_search_domain_info(struct smbldap_state *ldap_state, const char *filter = "objectClass=ipaNTDomainAttrs"; const char *attr_list[] = { LDAP_ATTRIBUTE_FLAT_NAME, + LDAP_ATTRIBUTE_DOMAIN_GUID, LDAP_ATTRIBUTE_SID, LDAP_ATTRIBUTE_FALLBACK_PRIMARY_GROUP, LDAP_ATTRIBUTE_OBJECTCLASS, @@ -4574,6 +4566,18 @@ static NTSTATUS pdb_init_ipasam(struct pdb_methods **pdb_method, return NT_STATUS_INVALID_PARAMETER; } + ldap_state->ipasam_privates->guid = get_single_attribute( + ldap_state, + ldap_state->smbldap_state->ldap_struct, + entry, + LDAP_ATTRIBUTE_DOMAIN_GUID); + if (ldap_state->ipasam_privates->guid == NULL) { + DEBUG(0, ("Missing mandatory attribute %s.\n", + LDAP_ATTRIBUTE_DOMAIN_GUID)); + ldap_msgfree(result); + return NT_STATUS_INVALID_PARAMETER; + } + err = sss_idmap_init(idmap_talloc, ldap_state->ipasam_privates, idmap_talloc_free, &ldap_state->ipasam_privates->idmap_ctx); |