From 72de98228926627673edb99fb83c84f0b835baf5 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 24 Aug 2010 13:48:18 +0200 Subject: [PATCH] s3-ipasam: add ipasam_get_trusted_domain_by_sid() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Günther Deschner --- source3/include/passdb.h | 4 ++ source3/include/proto.h | 2 + source3/passdb/pdb_interface.c | 16 ++++++ source3/passdb/pdb_ipa.c | 97 +++++++++++++++++++++++++++------- 4 files changed, 101 insertions(+), 18 deletions(-) diff --git a/source3/include/passdb.h b/source3/include/passdb.h index 5610897b42..ddf3d9489a 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -454,6 +454,10 @@ struct pdb_methods TALLOC_CTX *mem_ctx, const char *domain, struct pdb_trusted_domain **td); + NTSTATUS (*get_trusted_domain_by_sid)(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + struct dom_sid *sid, + struct pdb_trusted_domain **td); NTSTATUS (*set_trusted_domain)(struct pdb_methods *methods, const char* domain, const struct pdb_trusted_domain *td); diff --git a/source3/include/proto.h b/source3/include/proto.h index 5ce6bd6a9d..3a964c3c52 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3875,6 +3875,8 @@ NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32_t *num_domains, struct trustdom_info ***domains); NTSTATUS pdb_get_trusted_domain(TALLOC_CTX *mem_ctx, const char *domain, struct pdb_trusted_domain **td); +NTSTATUS pdb_get_trusted_domain_by_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid, + struct pdb_trusted_domain **td); NTSTATUS pdb_set_trusted_domain(const char* domain, const struct pdb_trusted_domain *td); NTSTATUS pdb_del_trusted_domain(const char *domain); diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 7712a85301..c286cc18f7 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -2109,6 +2109,13 @@ NTSTATUS pdb_get_trusted_domain(TALLOC_CTX *mem_ctx, const char *domain, return pdb->get_trusted_domain(pdb, mem_ctx, domain, td); } +NTSTATUS pdb_get_trusted_domain_by_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid, + struct pdb_trusted_domain **td) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return pdb->get_trusted_domain_by_sid(pdb, mem_ctx, sid, td); +} + NTSTATUS pdb_set_trusted_domain(const char* domain, const struct pdb_trusted_domain *td) { @@ -2137,6 +2144,14 @@ static NTSTATUS pdb_default_get_trusted_domain(struct pdb_methods *methods, return NT_STATUS_NOT_IMPLEMENTED; } +static NTSTATUS pdb_default_get_trusted_domain_by_sid(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + struct dom_sid *sid, + struct pdb_trusted_domain **td) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + static NTSTATUS pdb_default_set_trusted_domain(struct pdb_methods *methods, const char* domain, const struct pdb_trusted_domain *td) @@ -2230,6 +2245,7 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) (*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms; (*methods)->get_trusted_domain = pdb_default_get_trusted_domain; + (*methods)->get_trusted_domain_by_sid = pdb_default_get_trusted_domain_by_sid; (*methods)->set_trusted_domain = pdb_default_set_trusted_domain; (*methods)->del_trusted_domain = pdb_default_del_trusted_domain; (*methods)->enum_trusted_domains = pdb_default_enum_trusted_domains; diff --git a/source3/passdb/pdb_ipa.c b/source3/passdb/pdb_ipa.c index 868958d207..7e86177cab 100644 --- a/source3/passdb/pdb_ipa.c +++ b/source3/passdb/pdb_ipa.c @@ -72,30 +72,20 @@ static char *trusted_domain_base_dn(struct ldapsam_privates *ldap_state) static bool get_trusted_domain_int(struct ldapsam_privates *ldap_state, TALLOC_CTX *mem_ctx, - const char *domain, LDAPMessage **entry) + const char *filter, LDAPMessage **entry) { int rc; - char *filter = NULL; char *base_dn = NULL; LDAPMessage *result = NULL; uint32_t num_result; - filter = talloc_asprintf(talloc_tos(), - "(&(objectClass=%s)(|(sambaFlatName=%s)(cn=%s)(sambaTrustPartner=%s)))", - LDAP_OBJ_TRUSTED_DOMAIN, domain, domain, domain); - if (filter == NULL) { - return false; - } - base_dn = trusted_domain_base_dn(ldap_state); if (base_dn == NULL) { - TALLOC_FREE(filter); return false; } rc = smbldap_search(ldap_state->smbldap_state, base_dn, LDAP_SCOPE_SUBTREE, filter, NULL, 0, &result); - TALLOC_FREE(filter); TALLOC_FREE(base_dn); if (result != NULL) { @@ -115,15 +105,15 @@ static bool get_trusted_domain_int(struct ldapsam_privates *ldap_state, if (num_result > 1) { DEBUG(1, ("get_trusted_domain_int: more than one " - "%s object for domain '%s'?!\n", - LDAP_OBJ_TRUSTED_DOMAIN, domain)); + "%s object with filter '%s'?!\n", + LDAP_OBJ_TRUSTED_DOMAIN, filter)); return false; } if (num_result == 0) { DEBUG(1, ("get_trusted_domain_int: no " - "%s object for domain %s.\n", - LDAP_OBJ_TRUSTED_DOMAIN, domain)); + "%s object with filter '%s'.\n", + LDAP_OBJ_TRUSTED_DOMAIN, filter)); *entry = NULL; } else { *entry = ldap_first_entry(priv2ld(ldap_state), result); @@ -132,6 +122,41 @@ static bool get_trusted_domain_int(struct ldapsam_privates *ldap_state, return true; } +static bool get_trusted_domain_by_name_int(struct ldapsam_privates *ldap_state, + TALLOC_CTX *mem_ctx, + const char *domain, + LDAPMessage **entry) +{ + char *filter = NULL; + + filter = talloc_asprintf(talloc_tos(), + "(&(objectClass=%s)(|(%s=%s)(%s=%s)(cn=%s)))", + LDAP_OBJ_TRUSTED_DOMAIN, + LDAP_ATTRIBUTE_FLAT_NAME, domain, + LDAP_ATTRIBUTE_TRUST_PARTNER, domain, domain); + if (filter == NULL) { + return false; + } + + return get_trusted_domain_int(ldap_state, mem_ctx, filter, entry); +} + +static bool get_trusted_domain_by_sid_int(struct ldapsam_privates *ldap_state, + TALLOC_CTX *mem_ctx, + const char *sid, LDAPMessage **entry) +{ + char *filter = NULL; + + filter = talloc_asprintf(talloc_tos(), "(&(objectClass=%s)(%s=%s))", + LDAP_OBJ_TRUSTED_DOMAIN, + LDAP_ATTRIBUTE_SECURITY_IDENTIFIER, sid); + if (filter == NULL) { + return false; + } + + return get_trusted_domain_int(ldap_state, mem_ctx, filter, entry); +} + static bool get_uint32_t_from_ldap_msg(struct ldapsam_privates *ldap_state, LDAPMessage *entry, const char *attr, @@ -284,7 +309,8 @@ static NTSTATUS ipasam_get_trusted_domain(struct pdb_methods *methods, DEBUG(10, ("ipasam_get_trusted_domain called for domain %s\n", domain)); - if (!get_trusted_domain_int(ldap_state, talloc_tos(), domain, &entry)) { + if (!get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain, + &entry)) { return NT_STATUS_UNSUCCESSFUL; } if (entry == NULL) { @@ -300,6 +326,38 @@ static NTSTATUS ipasam_get_trusted_domain(struct pdb_methods *methods, return NT_STATUS_OK; } +static NTSTATUS ipasam_get_trusted_domain_by_sid(struct pdb_methods *methods, + TALLOC_CTX *mem_ctx, + struct dom_sid *sid, + struct pdb_trusted_domain **td) +{ + struct ldapsam_privates *ldap_state = + (struct ldapsam_privates *)methods->private_data; + LDAPMessage *entry = NULL; + char *sid_str; + + sid_str = sid_string_tos(sid); + + DEBUG(10, ("ipasam_get_trusted_domain_by_sid called for sid %s\n", + sid_str)); + + if (!get_trusted_domain_by_sid_int(ldap_state, talloc_tos(), sid_str, + &entry)) { + return NT_STATUS_UNSUCCESSFUL; + } + if (entry == NULL) { + DEBUG(5, ("ipasam_get_trusted_domain_by_sid: no trusted domain " + "with sid: %s\n", sid_str)); + return NT_STATUS_NO_SUCH_DOMAIN; + } + + if (!fill_pdb_trusted_domain(mem_ctx, ldap_state, entry, td)) { + return NT_STATUS_UNSUCCESSFUL; + } + + return NT_STATUS_OK; +} + static bool smbldap_make_mod_uint32_t(LDAP *ldap_struct, LDAPMessage *entry, LDAPMod ***mods, const char *attribute, const uint32_t val) @@ -347,7 +405,8 @@ static NTSTATUS ipasam_set_trusted_domain(struct pdb_methods *methods, DEBUG(10, ("ipasam_set_trusted_domain called for domain %s\n", domain)); - res = get_trusted_domain_int(ldap_state, talloc_tos(), domain, &entry); + res = get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain, + &entry); if (!res) { return NT_STATUS_UNSUCCESSFUL; } @@ -451,7 +510,8 @@ static NTSTATUS ipasam_del_trusted_domain(struct pdb_methods *methods, LDAPMessage *entry = NULL; const char *dn; - if (!get_trusted_domain_int(ldap_state, talloc_tos(), domain, &entry)) { + if (!get_trusted_domain_by_name_int(ldap_state, talloc_tos(), domain, + &entry)) { return NT_STATUS_UNSUCCESSFUL; } @@ -610,6 +670,7 @@ static NTSTATUS pdb_init_IPA_ldapsam(struct pdb_methods **pdb_method, const char (*pdb_method)->enum_trusteddoms = ipasam_enum_trusteddoms; (*pdb_method)->get_trusted_domain = ipasam_get_trusted_domain; + (*pdb_method)->get_trusted_domain_by_sid = ipasam_get_trusted_domain_by_sid; (*pdb_method)->set_trusted_domain = ipasam_set_trusted_domain; (*pdb_method)->del_trusted_domain = ipasam_del_trusted_domain; (*pdb_method)->enum_trusted_domains = ipasam_enum_trusted_domains; -- 2.34.1