IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Support requests for DOMAIN$ account for trusted domains in ipasam module

Browse Source 
https://fedorahosted.org/freeipa/ticket/2870
This commit is contained in:
Alexander Bokovoy 2012-06-26 12:51:17 +03:00 committed by Martin Kosek
parent db4c946f47
commit 761cb71838
1 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
daemons/ipa-sam/ipa_sam.c
View File

@ -2545,22 +2545,18 @@ fn_exit:
static NTSTATUS getsam_interdom_trust_account(struct pdb_methods *methods, static NTSTATUS getsam_interdom_trust_account(struct pdb_methods *methods,
struct samu *user, struct samu *user,
const char *sname) const char *sname, int lastidx)
{ {
char *dom_name; char *dom_name;
struct ldapsam_privates *ldap_state = struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *) methods->private_data; (struct ldapsam_privates *) methods->private_data;
int slen;
TALLOC_CTX *tmp_ctx; TALLOC_CTX *tmp_ctx;
struct pdb_trusted_domain *td; struct pdb_trusted_domain *td;
NTSTATUS status; NTSTATUS status;
slen = strlen(sname); /* The caller must check that (sname[lastidx] == '.') || (sname[lastidx] == '$'))
if (sname[slen - 1] != '.') { * before calling this function.
DEBUG(5, ("Requested account [%s] is not a inter domain " */
"trust account.\n", sname));
return NT_STATUS_NO_SUCH_USER;
}
tmp_ctx = talloc_new(NULL); tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) { if (tmp_ctx == NULL) {
@ -2572,7 +2568,7 @@ static NTSTATUS getsam_interdom_trust_account(struct pdb_methods *methods,
status = NT_STATUS_NO_MEMORY; status = NT_STATUS_NO_MEMORY;
goto done; goto done;
} }
dom_name[slen - 1] = '\0'; dom_name[lastidx] = '\0';
status = ipasam_get_trusted_domain(methods, tmp_ctx, dom_name, &td); status = ipasam_get_trusted_domain(methods, tmp_ctx, dom_name, &td);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
@ -2598,7 +2594,7 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *methods,
{ {
struct ldapsam_privates *ldap_state = struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *) methods->private_data; (struct ldapsam_privates *) methods->private_data;
int slen; int lastidx;
TALLOC_CTX *tmp_ctx; TALLOC_CTX *tmp_ctx;
NTSTATUS status; NTSTATUS status;
char *filter; char *filter;
@ -2608,9 +2604,20 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *methods,
int ret; int ret;
int count; int count;
slen = strlen(sname); lastidx = strlen(sname);
if (sname[slen - 1] == '.') { if (lastidx > 0) {
return getsam_interdom_trust_account(methods, user, sname); lastidx--;
} else {
/* strlen() must return >= 0 so it means we've got an empty name */
return NT_STATUS_NO_SUCH_USER;
}
if ((sname[lastidx] == '.') || (sname[lastidx] == '$')) {
status = getsam_interdom_trust_account(methods, user, sname, lastidx);
/* If last character was '$', we should ignore failure and continue
* as this could still be a machine account */
if ((sname[lastidx] == '.') || NT_STATUS_IS_OK(status)) {
return status;
}
} }
tmp_ctx = talloc_new(NULL); tmp_ctx = talloc_new(NULL);