|
|
2fc102 |
From 6ac0feca0cdc66fc8d8a612e25d37a49d27c0233 Mon Sep 17 00:00:00 2001
|
|
|
2fc102 |
From: Pavel Reichl <pavel.reichl@redhat.com>
|
|
|
2fc102 |
Date: Tue, 17 Dec 2013 17:32:04 +0000
|
|
|
2fc102 |
Subject: [PATCH 46/47] responder: Set forest attribute in AD domains
|
|
|
2fc102 |
|
|
|
2fc102 |
Resolves:
|
|
|
2fc102 |
https://fedorahosted.org/sssd/ticket/2160
|
|
|
2fc102 |
---
|
|
|
2fc102 |
src/db/sysdb.h | 3 ++-
|
|
|
2fc102 |
src/db/sysdb_subdomains.c | 35 ++++++++++++++++++++++++++++-
|
|
|
2fc102 |
src/providers/ad/ad_domain_info.c | 46 +++++++++++++++++++++++++++++++-------
|
|
|
2fc102 |
src/providers/ad/ad_domain_info.h | 3 ++-
|
|
|
2fc102 |
src/providers/ad/ad_id.c | 5 +++--
|
|
|
2fc102 |
src/providers/ad/ad_subdomains.c | 9 +++++---
|
|
|
2fc102 |
src/providers/ipa/ipa_subdomains.c | 2 +-
|
|
|
2fc102 |
src/providers/ldap/sdap_access.c | 2 +-
|
|
|
2fc102 |
8 files changed, 87 insertions(+), 18 deletions(-)
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
|
|
|
2fc102 |
index 255a135f0cad788e4c952b86fe24ca10f5e63732..9677294b22e47f5169d7631673beec2dbc6117ad 100644
|
|
|
2fc102 |
--- a/src/db/sysdb.h
|
|
|
2fc102 |
+++ b/src/db/sysdb.h
|
|
|
2fc102 |
@@ -388,7 +388,8 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain);
|
|
|
2fc102 |
errno_t sysdb_master_domain_update(struct sss_domain_info *domain);
|
|
|
2fc102 |
|
|
|
2fc102 |
errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
|
|
|
2fc102 |
- const char *flat, const char *id);
|
|
|
2fc102 |
+ const char *flat, const char *id,
|
|
|
2fc102 |
+ const char* forest);
|
|
|
2fc102 |
|
|
|
2fc102 |
errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name);
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
|
|
|
2fc102 |
index 43c75799cdc2856916b2dc95c3a544ef99b56081..9c2926c00b0cc08cb8e317ae838e26c82506ee37 100644
|
|
|
2fc102 |
--- a/src/db/sysdb_subdomains.c
|
|
|
2fc102 |
+++ b/src/db/sysdb_subdomains.c
|
|
|
2fc102 |
@@ -208,6 +208,7 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
|
|
|
2fc102 |
SYSDB_SUBDOMAIN_REALM,
|
|
|
2fc102 |
SYSDB_SUBDOMAIN_FLAT,
|
|
|
2fc102 |
SYSDB_SUBDOMAIN_ID,
|
|
|
2fc102 |
+ SYSDB_SUBDOMAIN_FOREST,
|
|
|
2fc102 |
NULL};
|
|
|
2fc102 |
|
|
|
2fc102 |
tmp_ctx = talloc_new(NULL);
|
|
|
2fc102 |
@@ -278,13 +279,27 @@ errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
|
|
|
2fc102 |
}
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
+ tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FOREST,
|
|
|
2fc102 |
+ NULL);
|
|
|
2fc102 |
+ if (tmp_str != NULL &&
|
|
|
2fc102 |
+ (domain->forest == NULL ||
|
|
|
2fc102 |
+ strcasecmp(tmp_str, domain->forest) != 0)) {
|
|
|
2fc102 |
+ talloc_free(domain->forest);
|
|
|
2fc102 |
+ domain->forest = talloc_strdup(domain, tmp_str);
|
|
|
2fc102 |
+ if (domain->forest == NULL) {
|
|
|
2fc102 |
+ ret = ENOMEM;
|
|
|
2fc102 |
+ goto done;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
done:
|
|
|
2fc102 |
talloc_free(tmp_ctx);
|
|
|
2fc102 |
return ret;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
|
|
|
2fc102 |
- const char *flat, const char *id)
|
|
|
2fc102 |
+ const char *flat, const char *id,
|
|
|
2fc102 |
+ const char* forest)
|
|
|
2fc102 |
{
|
|
|
2fc102 |
TALLOC_CTX *tmp_ctx;
|
|
|
2fc102 |
struct ldb_message *msg;
|
|
|
2fc102 |
@@ -345,6 +360,24 @@ errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
|
|
|
2fc102 |
do_update = true;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
+ if (forest != NULL && (domain->forest == NULL ||
|
|
|
2fc102 |
+ strcmp(domain->forest, forest) != 0)) {
|
|
|
2fc102 |
+ ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FOREST,
|
|
|
2fc102 |
+ LDB_FLAG_MOD_REPLACE, NULL);
|
|
|
2fc102 |
+ if (ret != LDB_SUCCESS) {
|
|
|
2fc102 |
+ ret = sysdb_error_to_errno(ret);
|
|
|
2fc102 |
+ goto done;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FOREST, forest);
|
|
|
2fc102 |
+ if (ret != LDB_SUCCESS) {
|
|
|
2fc102 |
+ ret = sysdb_error_to_errno(ret);
|
|
|
2fc102 |
+ goto done;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ do_update = true;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
if (do_update == false) {
|
|
|
2fc102 |
ret = EOK;
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
|
|
|
2fc102 |
index eff2034d12261510ed7535dee7098a6e68f1f2c2..5475c5bc7ec74e81080566c6fbd6919c54a60f40 100644
|
|
|
2fc102 |
--- a/src/providers/ad/ad_domain_info.c
|
|
|
2fc102 |
+++ b/src/providers/ad/ad_domain_info.c
|
|
|
2fc102 |
@@ -41,9 +41,9 @@
|
|
|
2fc102 |
#define MASTER_DOMAIN_SID_FILTER "objectclass=domain"
|
|
|
2fc102 |
|
|
|
2fc102 |
static errno_t
|
|
|
2fc102 |
-netlogon_get_flat_name(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
- struct sysdb_attrs *reply,
|
|
|
2fc102 |
- char **_flat_name)
|
|
|
2fc102 |
+netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
+ struct sysdb_attrs *reply,
|
|
|
2fc102 |
+ char **_flat_name, char **_forest)
|
|
|
2fc102 |
{
|
|
|
2fc102 |
errno_t ret;
|
|
|
2fc102 |
struct ldb_message_element *el;
|
|
|
2fc102 |
@@ -52,6 +52,7 @@ netlogon_get_flat_name(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
enum ndr_err_code ndr_err;
|
|
|
2fc102 |
struct netlogon_samlogon_response response;
|
|
|
2fc102 |
const char *flat_name;
|
|
|
2fc102 |
+ const char *forest;
|
|
|
2fc102 |
|
|
|
2fc102 |
ret = sysdb_attrs_get_el(reply, AD_AT_NETLOGON, &el);
|
|
|
2fc102 |
if (ret != EOK) {
|
|
|
2fc102 |
@@ -92,11 +93,13 @@ netlogon_get_flat_name(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
+ /* get flat name */
|
|
|
2fc102 |
if (response.data.nt5_ex.domain_name != NULL &&
|
|
|
2fc102 |
*response.data.nt5_ex.domain_name != '\0') {
|
|
|
2fc102 |
flat_name = response.data.nt5_ex.domain_name;
|
|
|
2fc102 |
} else {
|
|
|
2fc102 |
- DEBUG(SSSDBG_MINOR_FAILURE, ("No netlogon data available\n"));
|
|
|
2fc102 |
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
2fc102 |
+ ("No netlogon domain name data available\n"));
|
|
|
2fc102 |
ret = ENOENT;
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
@@ -107,6 +110,24 @@ netlogon_get_flat_name(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
ret = ENOMEM;
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ /* get forest */
|
|
|
2fc102 |
+ if (response.data.nt5_ex.forest != NULL &&
|
|
|
2fc102 |
+ *response.data.nt5_ex.forest != '\0') {
|
|
|
2fc102 |
+ forest = response.data.nt5_ex.forest;
|
|
|
2fc102 |
+ } else {
|
|
|
2fc102 |
+ DEBUG(SSSDBG_MINOR_FAILURE, ("No netlogon forest data available\n"));
|
|
|
2fc102 |
+ ret = ENOENT;
|
|
|
2fc102 |
+ goto done;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ *_forest = talloc_strdup(mem_ctx, forest);
|
|
|
2fc102 |
+ if (*_forest == NULL) {
|
|
|
2fc102 |
+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
|
|
|
2fc102 |
+ ret = ENOMEM;
|
|
|
2fc102 |
+ goto done;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
ret = EOK;
|
|
|
2fc102 |
done:
|
|
|
2fc102 |
talloc_free(ndr_pull);
|
|
|
2fc102 |
@@ -124,6 +145,7 @@ struct ad_master_domain_state {
|
|
|
2fc102 |
int base_iter;
|
|
|
2fc102 |
|
|
|
2fc102 |
char *flat;
|
|
|
2fc102 |
+ char *forest;
|
|
|
2fc102 |
char *sid;
|
|
|
2fc102 |
};
|
|
|
2fc102 |
|
|
|
2fc102 |
@@ -338,14 +360,17 @@ ad_master_domain_netlogon_done(struct tevent_req *subreq)
|
|
|
2fc102 |
|
|
|
2fc102 |
/* Exactly one flat name. Carry on */
|
|
|
2fc102 |
|
|
|
2fc102 |
- ret = netlogon_get_flat_name(state, reply[0], &state->flat);
|
|
|
2fc102 |
+ ret = netlogon_get_domain_info(state, reply[0], &state->flat,
|
|
|
2fc102 |
+ &state->forest);
|
|
|
2fc102 |
if (ret != EOK) {
|
|
|
2fc102 |
- DEBUG(SSSDBG_MINOR_FAILURE, ("Could not get the flat name\n"));
|
|
|
2fc102 |
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
2fc102 |
+ ("Could not get the flat name or forest\n"));
|
|
|
2fc102 |
/* Not fatal. Just quit. */
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
-
|
|
|
2fc102 |
DEBUG(SSSDBG_TRACE_FUNC, ("Found flat name [%s].\n", state->flat));
|
|
|
2fc102 |
+ DEBUG(SSSDBG_TRACE_FUNC, ("Found forest [%s].\n", state->forest));
|
|
|
2fc102 |
+
|
|
|
2fc102 |
done:
|
|
|
2fc102 |
tevent_req_done(req);
|
|
|
2fc102 |
return;
|
|
|
2fc102 |
@@ -355,7 +380,8 @@ errno_t
|
|
|
2fc102 |
ad_master_domain_recv(struct tevent_req *req,
|
|
|
2fc102 |
TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
char **_flat,
|
|
|
2fc102 |
- char **_id)
|
|
|
2fc102 |
+ char **_id,
|
|
|
2fc102 |
+ char **_forest)
|
|
|
2fc102 |
{
|
|
|
2fc102 |
struct ad_master_domain_state *state = tevent_req_data(req,
|
|
|
2fc102 |
struct ad_master_domain_state);
|
|
|
2fc102 |
@@ -366,6 +392,10 @@ ad_master_domain_recv(struct tevent_req *req,
|
|
|
2fc102 |
*_flat = talloc_steal(mem_ctx, state->flat);
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
+ if (_forest) {
|
|
|
2fc102 |
+ *_forest = talloc_steal(mem_ctx, state->forest);
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
if (_id) {
|
|
|
2fc102 |
*_id = talloc_steal(mem_ctx, state->sid);
|
|
|
2fc102 |
}
|
|
|
2fc102 |
diff --git a/src/providers/ad/ad_domain_info.h b/src/providers/ad/ad_domain_info.h
|
|
|
2fc102 |
index d21706396034509a498391e666e03a8e2eda8e08..d3a6416cebd07b524aceedcb63a18c4467e3dc4e 100644
|
|
|
2fc102 |
--- a/src/providers/ad/ad_domain_info.h
|
|
|
2fc102 |
+++ b/src/providers/ad/ad_domain_info.h
|
|
|
2fc102 |
@@ -36,6 +36,7 @@ errno_t
|
|
|
2fc102 |
ad_master_domain_recv(struct tevent_req *req,
|
|
|
2fc102 |
TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
char **_flat,
|
|
|
2fc102 |
- char **_id);
|
|
|
2fc102 |
+ char **_id,
|
|
|
2fc102 |
+ char **_forest);
|
|
|
2fc102 |
|
|
|
2fc102 |
#endif /* _AD_MASTER_DOMAIN_H_ */
|
|
|
2fc102 |
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
|
|
|
2fc102 |
index e47c41863a14eed695907548d64f4559fbae629d..44bfa00986b6c0ebfa65dd7b83dd45eb64b87946 100644
|
|
|
2fc102 |
--- a/src/providers/ad/ad_id.c
|
|
|
2fc102 |
+++ b/src/providers/ad/ad_id.c
|
|
|
2fc102 |
@@ -519,9 +519,10 @@ ad_enumeration_master_done(struct tevent_req *subreq)
|
|
|
2fc102 |
struct ad_enumeration_state);
|
|
|
2fc102 |
char *flat_name;
|
|
|
2fc102 |
char *master_sid;
|
|
|
2fc102 |
+ char *forest;
|
|
|
2fc102 |
|
|
|
2fc102 |
ret = ad_master_domain_recv(subreq, state,
|
|
|
2fc102 |
- &flat_name, &master_sid);
|
|
|
2fc102 |
+ &flat_name, &master_sid, &forest);
|
|
|
2fc102 |
talloc_zfree(subreq);
|
|
|
2fc102 |
if (ret != EOK) {
|
|
|
2fc102 |
DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve master domain info\n"));
|
|
|
2fc102 |
@@ -530,7 +531,7 @@ ad_enumeration_master_done(struct tevent_req *subreq)
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
ret = sysdb_master_domain_add_info(state->sdom->dom,
|
|
|
2fc102 |
- flat_name, master_sid);
|
|
|
2fc102 |
+ flat_name, master_sid, forest);
|
|
|
2fc102 |
if (ret != EOK) {
|
|
|
2fc102 |
DEBUG(SSSDBG_OP_FAILURE, ("Cannot save master domain info\n"));
|
|
|
2fc102 |
tevent_req_error(req, ret);
|
|
|
2fc102 |
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
|
|
|
2fc102 |
index e438a688c364084a3f2bbca338a39d61aa86b5d6..62c3e16d0d3323a32848b4fbf54d2a151c16f64c 100644
|
|
|
2fc102 |
--- a/src/providers/ad/ad_subdomains.c
|
|
|
2fc102 |
+++ b/src/providers/ad/ad_subdomains.c
|
|
|
2fc102 |
@@ -85,6 +85,7 @@ struct ad_subdomains_req_ctx {
|
|
|
2fc102 |
|
|
|
2fc102 |
char *master_sid;
|
|
|
2fc102 |
char *flat_name;
|
|
|
2fc102 |
+ char *forest;
|
|
|
2fc102 |
};
|
|
|
2fc102 |
|
|
|
2fc102 |
static errno_t
|
|
|
2fc102 |
@@ -294,7 +295,7 @@ ad_subdom_store(struct ad_subdomains_ctx *ctx,
|
|
|
2fc102 |
|
|
|
2fc102 |
/* AD subdomains are currently all mpg and do not enumerate */
|
|
|
2fc102 |
ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str,
|
|
|
2fc102 |
- mpg, false, NULL);
|
|
|
2fc102 |
+ mpg, false, domain->forest);
|
|
|
2fc102 |
if (ret != EOK) {
|
|
|
2fc102 |
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n"));
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
@@ -539,7 +540,8 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req)
|
|
|
2fc102 |
ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx);
|
|
|
2fc102 |
|
|
|
2fc102 |
ret = ad_master_domain_recv(req, ctx,
|
|
|
2fc102 |
- &ctx->flat_name, &ctx->master_sid);
|
|
|
2fc102 |
+ &ctx->flat_name, &ctx->master_sid,
|
|
|
2fc102 |
+ &ctx->forest);
|
|
|
2fc102 |
talloc_zfree(req);
|
|
|
2fc102 |
if (ret != EOK) {
|
|
|
2fc102 |
DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve master domain info\n"));
|
|
|
2fc102 |
@@ -547,7 +549,8 @@ static void ad_subdomains_master_dom_done(struct tevent_req *req)
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain,
|
|
|
2fc102 |
- ctx->flat_name, ctx->master_sid);
|
|
|
2fc102 |
+ ctx->flat_name, ctx->master_sid,
|
|
|
2fc102 |
+ ctx->forest);
|
|
|
2fc102 |
if (ret != EOK) {
|
|
|
2fc102 |
DEBUG(SSSDBG_OP_FAILURE, ("Cannot save master domain info\n"));
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
|
|
|
2fc102 |
index 9efbd725f1102d34af2107801286bca1c6412c19..d9c204451f1b734ee98ce4c48f3f139731e47dec 100644
|
|
|
2fc102 |
--- a/src/providers/ipa/ipa_subdomains.c
|
|
|
2fc102 |
+++ b/src/providers/ipa/ipa_subdomains.c
|
|
|
2fc102 |
@@ -1076,7 +1076,7 @@ static void ipa_subdomains_handler_master_done(struct tevent_req *req)
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain,
|
|
|
2fc102 |
- flat, id);
|
|
|
2fc102 |
+ flat, id, NULL);
|
|
|
2fc102 |
} else {
|
|
|
2fc102 |
ctx->search_base_iter++;
|
|
|
2fc102 |
ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_MASTER);
|
|
|
2fc102 |
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
|
|
|
2fc102 |
index 6b387271a229668ddfa5d67143a585e667a16ddd..f0df24e7f3a855304b0cfd9d075ac67334f9bb1a 100644
|
|
|
2fc102 |
--- a/src/providers/ldap/sdap_access.c
|
|
|
2fc102 |
+++ b/src/providers/ldap/sdap_access.c
|
|
|
2fc102 |
@@ -214,7 +214,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq)
|
|
|
2fc102 |
ret = sdap_access_filter_recv(subreq);
|
|
|
2fc102 |
talloc_zfree(subreq);
|
|
|
2fc102 |
if (ret != EOK) {
|
|
|
2fc102 |
- DEBUG(1, ("Error retrieving access check result.\n"));
|
|
|
2fc102 |
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Error retrieving access check result.\n"));
|
|
|
2fc102 |
tevent_req_error(req, ret);
|
|
|
2fc102 |
return;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
--
|
|
|
2fc102 |
1.8.4.2
|
|
|
2fc102 |
|