rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
2d22c7100c
ipa/freeipa-3.0.0.pre1-071-load-list-of-trusted-domain-on-connecting-to-ldap.patch
Martin Kosek 3c91c125af Add missing 3.0.0 beta 2 development patches
2012-08-06 18:17:49 +02:00

161 lines
4.4 KiB
Diff
Raw Blame History

From 4baf6ad21ccc8ef26d494b74e074758d38222eb6 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Tue, 10 Jul 2012 10:50:14 -0400
Subject: [PATCH 71/79] Load list of trusted domain on connecting to ldap
This list is used to validate data in mspac filtering
---
daemons/ipa-kdb/ipa_kdb_mspac.c | 110 +++++++++++++++++++++++++++++++++++++---
1 file changed, 104 insertions(+), 6 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 44cf522a00e4973077d716a9545f69f325e870ba..2ed093d30a0fea20ef620b8df9858ec4802d1191 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -26,11 +26,20 @@
#include "util/time.h"
#include "gen_ndr/ndr_krb5pac.h"
+struct ipadb_adtrusts {
+ char *domain_name;
+ char *flat_name;
+ char *domain_sid;
+};
+
struct ipadb_mspac {
char *flat_domain_name;
char *flat_server_name;
char *fallback_group;
uint32_t fallback_rid;
+
+ int num_trusts;
+ struct ipadb_adtrusts *trusts;
};
@@ -1311,6 +1320,99 @@ static char *get_server_netbios_name(void)
return strdup(hostname);
}
+void ipadb_mspac_struct_free(struct ipadb_mspac **mspac)
+{
+ int i;
+
+ if (!*mspac) return;
+
+ free((*mspac)->flat_domain_name);
+ free((*mspac)->fallback_group);
+
+ if ((*mspac)->num_trusts) {
+ for (i = 0; i < (*mspac)->num_trusts; i++) {
+ free((*mspac)->trusts[i].domain_name);
+ free((*mspac)->trusts[i].flat_name);
+ free((*mspac)->trusts[i].domain_sid);
+ }
+ }
+
+ *mspac = NULL;
+}
+
+krb5_error_code ipadb_mspac_get_trusted_domains(struct ipadb_context *ipactx)
+{
+ struct ipadb_adtrusts *t;
+ LDAP *lc = ipactx->lcontext;
+ char *attrs[] = { "ipaNTTrustPartner", "ipaNTFlatName",
+ "ipaNTTrustedDomainSID", NULL };
+ char *filter = "(objectclass=ipaNTTrustedDomain)";
+ krb5_error_code kerr;
+ LDAPMessage *res = NULL;
+ LDAPMessage *le;
+ char *base = NULL;
+ int ret, n;
+
+ ret = asprintf(&base, "cn=ad,cn=trusts,%s", ipactx->base);
+ if (ret == -1) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ kerr = ipadb_simple_search(ipactx, base, LDAP_SCOPE_SUBTREE,
+ filter, attrs, &res);
+ if (kerr == KRB5_KDB_NOENTRY) {
+ /* nothing to do, there are no trusts */
+ ret = 0;
+ goto done;
+ } else if (kerr != 0) {
+ ret = EIO;
+ goto done;
+ }
+
+ for (le = ldap_first_entry(lc, res); le; le = ldap_next_entry(lc, le)) {
+ n = ipactx->mspac->num_trusts;
+ ipactx->mspac->num_trusts++;
+ t = realloc(ipactx->mspac->trusts,
+ sizeof(struct ipadb_adtrusts) * ipactx->mspac->num_trusts);
+ if (!t) {
+ ret = ENOMEM;
+ goto done;
+ }
+ ipactx->mspac->trusts = t;
+
+ ret = ipadb_ldap_attr_to_str(lc, le, "ipaNTTrustPartner",
+ &t[n].domain_name);
+ if (ret) {
+ ret = EINVAL;
+ goto done;
+ }
+
+ ret = ipadb_ldap_attr_to_str(lc, le, "ipaNTFlatName",
+ &t[n].flat_name);
+ if (ret) {
+ ret = EINVAL;
+ goto done;
+ }
+
+ ret = ipadb_ldap_attr_to_str(lc, le, "ipaNTTrustedDomainSID",
+ &t[n].domain_sid);
+ if (ret) {
+ ret = EINVAL;
+ goto done;
+ }
+ }
+
+ ret = 0;
+
+done:
+ if (ret != 0) {
+ krb5_klog_syslog(LOG_ERR, "Failed to read list of trusted domains");
+ }
+ free(base);
+ return ret;
+}
+
krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx)
{
char *dom_attrs[] = { "ipaNTFlatName",
@@ -1325,11 +1427,7 @@ krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx)
int ret;
/* clean up in case we had old values around */
- if (ipactx->mspac) {
- free(ipactx->mspac->flat_domain_name);
- free(ipactx->mspac->fallback_group);
- free(ipactx->mspac);
- }
+ ipadb_mspac_struct_free(&ipactx->mspac);
ipactx->mspac = calloc(1, sizeof(struct ipadb_mspac));
if (!ipactx->mspac) {
@@ -1419,7 +1517,7 @@ krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx)
}
}
- kerr = 0;
+ kerr = ipadb_mspac_get_trusted_domains(ipactx);
done:
ldap_msgfree(result);
--
1.7.11.2
Reference in New Issue View Git Blame Copy Permalink