diff options
author | Martin Kosek <mkosek@redhat.com> | 2013-02-08 10:13:35 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-02-12 10:37:52 +0100 |
commit | 994e2cda39989190ba9bb2dff94d9ede99eeb1b4 (patch) | |
tree | 62427601980099930b9244a4b1093a586f8b914f /daemons | |
parent | 827ea50566dbb2a0906da76d318a2ba68a4b818e (diff) | |
download | freeipa-994e2cda39989190ba9bb2dff94d9ede99eeb1b4.tar.gz freeipa-994e2cda39989190ba9bb2dff94d9ede99eeb1b4.tar.xz freeipa-994e2cda39989190ba9bb2dff94d9ede99eeb1b4.zip |
ipa-sam: Fill SID blacklist when trust is added
Fill incoming and outgoing trust LDAP entry with default SID
blacklist value.
https://fedorahosted.org/freeipa/ticket/3289
Diffstat (limited to 'daemons')
-rw-r--r-- | daemons/ipa-sam/ipa_sam.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c index 3c4c97cd1..adf482221 100644 --- a/daemons/ipa-sam/ipa_sam.c +++ b/daemons/ipa-sam/ipa_sam.c @@ -32,6 +32,7 @@ #include <sss_idmap.h> #include "ipa_krb5.h" #include "ipa_pwd.h" +#include "ipa_mspac.h" /* from drsblobs.h */ struct AuthInfoNone { @@ -121,6 +122,8 @@ bool secrets_store(const char *key, const void *data, size_t size); /* available #define LDAP_ATTRIBUTE_HOME_PATH "ipaNTHomeDirectory" #define LDAP_ATTRIBUTE_LOGON_SCRIPT "ipaNTLogonScript" #define LDAP_ATTRIBUTE_PROFILE_PATH "ipaNTProfilePath" +#define LDAP_ATTRIBUTE_SID_BLACKLIST_INCOMING "ipaNTSIDBlacklistIncoming" +#define LDAP_ATTRIBUTE_SID_BLACKLIST_OUTGOING "ipaNTSIDBlacklistOutgoing" #define LDAP_ATTRIBUTE_NTHASH "ipaNTHash" #define LDAP_ATTRIBUTE_UIDNUMBER "uidnumber" #define LDAP_ATTRIBUTE_GIDNUMBER "gidnumber" @@ -2165,7 +2168,7 @@ static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods, LDAPMod **mods; bool res; char *trusted_dn = NULL; - int ret; + int ret, i; NTSTATUS status; TALLOC_CTX *tmp_ctx; char *trustpw; @@ -2290,6 +2293,15 @@ static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods, &td->trust_forest_trust_info); } + for (i = 0; ipa_mspac_well_known_sids && ipa_mspac_well_known_sids[i]; i++) { + smbldap_make_mod(priv2ld(ldap_state), entry, &mods, + LDAP_ATTRIBUTE_SID_BLACKLIST_INCOMING, + ipa_mspac_well_known_sids[i]); + smbldap_make_mod(priv2ld(ldap_state), entry, &mods, + LDAP_ATTRIBUTE_SID_BLACKLIST_OUTGOING, + ipa_mspac_well_known_sids[i]); + } + smbldap_talloc_autofree_ldapmod(tmp_ctx, mods); trusted_dn = trusted_domain_dn(tmp_ctx, ldap_state, domain); |