mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-12 01:01:55 -06:00
bb75f5a583
Add support for additional user name principal suffixes from trusted Active Directory forests. UPN suffixes are property of the forest and as such are associated with the forest root domain. FreeIPA stores UPN suffixes as ipaNTAdditionalSuffixes multi-valued attribute of ipaNTTrustedDomain object class. In order to look up UPN suffixes, netr_DsRGetForestTrustInformation LSA RPC call is used instead of netr_DsrEnumerateDomainTrusts. For more details on UPN and naming in Active Directory see https://technet.microsoft.com/en-us/library/cc739093%28v=ws.10%29.aspx https://fedorahosted.org/freeipa/ticket/5354 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
55 lines
1.6 KiB
C
55 lines
1.6 KiB
C
/*
|
|
* MIT Kerberos KDC database backend for FreeIPA
|
|
* This head file contains private declarations for ipa_kdb_mspac.c and should
|
|
* be used only there or in unit-test.
|
|
*
|
|
* Authors: Sumit Bose <sbose@redhat.com>
|
|
*
|
|
* see file 'COPYING' for use and warranty information
|
|
*
|
|
* This program is free software you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
struct ipadb_mspac {
|
|
char *flat_domain_name;
|
|
char *flat_server_name;
|
|
struct dom_sid domsid;
|
|
|
|
char *fallback_group;
|
|
uint32_t fallback_rid;
|
|
|
|
int num_trusts;
|
|
struct ipadb_adtrusts *trusts;
|
|
time_t last_update;
|
|
};
|
|
|
|
struct ipadb_adtrusts {
|
|
char *domain_name;
|
|
char *flat_name;
|
|
char *domain_sid;
|
|
struct dom_sid domsid;
|
|
struct dom_sid *sid_blacklist_incoming;
|
|
int len_sid_blacklist_incoming;
|
|
struct dom_sid *sid_blacklist_outgoing;
|
|
int len_sid_blacklist_outgoing;
|
|
struct ipadb_adtrusts *parent;
|
|
char *parent_name;
|
|
char **upn_suffixes;
|
|
};
|
|
|
|
int string_to_sid(const char *str, struct dom_sid *sid);
|
|
char *dom_sid_string(TALLOC_CTX *memctx, const struct dom_sid *dom_sid);
|