diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-02-28 13:22:49 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-06-07 09:39:09 +0200 |
| commit | b32204fccc280714a32d56c15f70f770df82dfbd (patch) | |
| tree | d02fde1860a7374e7485ee72513e9c8829b437eb /daemons | |
| parent | 52a9eb7a9c4673c6ce927a209833f2c35ffb70ed (diff) | |
| download | freeipa-b32204fccc280714a32d56c15f70f770df82dfbd.tar.gz freeipa-b32204fccc280714a32d56c15f70f770df82dfbd.tar.xz freeipa-b32204fccc280714a32d56c15f70f770df82dfbd.zip | |
Add separate attribute to store trusted domain SID
We need two attributes in the ipaNTTrustedDomain objectclass to store different
kind of SID. Currently ipaNTSecurityIdentifier is used to store the Domain-SID
of the trusted domain. A second attribute is needed to store the SID for the
trusted domain user. Since it cannot be derived safely from other values and
since it does not make sense to create a separate object for the user a new
attribute is needed.
https://fedorahosted.org/freeipa/ticket/2191
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-sam/ipa_sam.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c index be97cb7c4..c362988d3 100644 --- a/daemons/ipa-sam/ipa_sam.c +++ b/daemons/ipa-sam/ipa_sam.c @@ -123,6 +123,7 @@ do { \ #define LDAP_PAGE_SIZE 1024 #define LDAP_OBJ_SAMBASAMACCOUNT "ipaNTUserAttrs" #define LDAP_OBJ_TRUSTED_DOMAIN "ipaNTTrustedDomain" +#define LDAP_ATTRIBUTE_TRUST_SID "ipaNTTrustedDomainSID" #define LDAP_ATTRIBUTE_SID "ipaNTSecurityIdentifier" #define LDAP_OBJ_GROUPMAP "ipaNTGroupAttrs" @@ -1674,7 +1675,7 @@ static bool get_trusted_domain_by_sid_int(struct ldapsam_privates *ldap_state, filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=%s))", LDAP_OBJ_TRUSTED_DOMAIN, - LDAP_ATTRIBUTE_SECURITY_IDENTIFIER, sid); + LDAP_ATTRIBUTE_TRUST_SID, sid); if (filter == NULL) { return false; } @@ -1734,10 +1735,10 @@ static bool fill_pdb_trusted_domain(TALLOC_CTX *mem_ctx, /* All attributes are MAY */ dummy = get_single_attribute(NULL, priv2ld(ldap_state), entry, - LDAP_ATTRIBUTE_SECURITY_IDENTIFIER); + LDAP_ATTRIBUTE_TRUST_SID); if (dummy == NULL) { DEBUG(9, ("Attribute %s not present.\n", - LDAP_ATTRIBUTE_SECURITY_IDENTIFIER)); + LDAP_ATTRIBUTE_TRUST_SID)); ZERO_STRUCT(td->security_identifier); } else { res = string_to_sid(&td->security_identifier, dummy); @@ -2021,7 +2022,7 @@ static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods, if (!is_null_sid(&td->security_identifier)) { smbldap_make_mod(priv2ld(ldap_state), entry, &mods, - LDAP_ATTRIBUTE_SECURITY_IDENTIFIER, + LDAP_ATTRIBUTE_TRUST_SID, sid_string_talloc(tmp_ctx, &td->security_identifier)); } |