ad_subdomains.c revision 58dd26b1c5b60ee992dd5d1214bb168aebb42d54
97018cf5fa25b494adffd7e9b4e87320dae6bf47Christian Maeder AD Subdomains Module
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski Sumit Bose <sbose@redhat.com>
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski Copyright (C) 2013 Red Hat
684ada8af5c3e6da5c1a69edb6f233c9f2db4ebdWiebke Herding This program is free software; you can redistribute it and/or modify
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski it under the terms of the GNU General Public License as published by
781d04c5e02635caed8b98f0adcf559f9426a39cTill Mossakowski the Free Software Foundation; either version 3 of the License, or
781d04c5e02635caed8b98f0adcf559f9426a39cTill Mossakowski (at your option) any later version.
781d04c5e02635caed8b98f0adcf559f9426a39cTill Mossakowski This program is distributed in the hope that it will be useful,
e4e1509ff358e739fddf1483ad39467e0e1becc2Christian Maeder but WITHOUT ANY WARRANTY; without even the implied warranty of
684ada8af5c3e6da5c1a69edb6f233c9f2db4ebdWiebke Herding MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
e4e1509ff358e739fddf1483ad39467e0e1becc2Christian Maeder GNU General Public License for more details.
e85b224577b78d08ba5c39fe9dcc2e53995454a2Christian Maeder You should have received a copy of the GNU General Public License
76647324ed70f33b95a881b536d883daccf9568dChristian Maeder along with this program. If not, see <http://www.gnu.org/licenses/>.
2f4ab3efb20e52aa207201ecc22ece1d4ccc655dHeng Jiang/* Attributes of AD trusted domains */
e85b224577b78d08ba5c39fe9dcc2e53995454a2Christian Maeder#define MASTER_DOMAIN_SID_FILTER "objectclass=domain"
e85b224577b78d08ba5c39fe9dcc2e53995454a2Christian Maeder/* trustType=2 denotes uplevel (NT5 and later) trusted domains. See
05ca76b03b6d16bcfb3e7654c31e41a220e85663Till Mossakowski * http://msdn.microsoft.com/en-us/library/windows/desktop/ms680342%28v=vs.85%29.aspx
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski * for example.
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski * The absence of msDS-TrustForestTrustInfo attribute denotes a domain from
3a761fd74f4f3c5587a199553c0ee7383e5d8ff3Christian Maeder * the same forest. See http://msdn.microsoft.com/en-us/library/cc223786.aspx
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski * for more information.
684ada8af5c3e6da5c1a69edb6f233c9f2db4ebdWiebke Herding#define SLAVE_DOMAIN_FILTER "(&(objectclass=trustedDomain)(trustType=2)(!(msDS-TrustForestTrustInfo=*)))"
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder/* do not refresh more often than every 5 seconds for now */
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski/* refresh automatically every 4 hours */
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder#define AD_SUBDOMAIN_REFRESH_PERIOD (3600 * 4)
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowskiads_store_sdap_subdom(struct ad_subdomains_ctx *ctx,
f7d2e793728bbb7fd185e027eb9dfd7b9dd11c21Christian Maeder dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
e85b224577b78d08ba5c39fe9dcc2e53995454a2Christian Maeder /* New sdap domain */
3a761fd74f4f3c5587a199553c0ee7383e5d8ff3Christian Maeder DEBUG(SSSDBG_TRACE_FUNC, ("subdomain %s is a new one, will "
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski "create a new sdap domain object\n", dom->name));
e85b224577b78d08ba5c39fe9dcc2e53995454a2Christian Maeder ret = sdap_domain_add(ctx->sdap_id_ctx->opts, dom, &sdom);
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski ("Cannot add new sdap domain for domain %s [%d]: %s\n",
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski /* Convert the domain name into search base */
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski ret = domain_to_basedn(sditer, sditer->dom->name, &basedn);
3a761fd74f4f3c5587a199553c0ee7383e5d8ff3Christian Maeder ("Cannot convert domain name [%s] to base DN [%d]: %s\n",
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder /* Update search bases */
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski sdom->search_bases = talloc_array(sdom, struct sdap_search_base *, 2);
3a761fd74f4f3c5587a199553c0ee7383e5d8ff3Christian Maeder ret = sdap_create_search_base(sdom, basedn, LDAP_SCOPE_SUBTREE, NULL,
2a693c01b154f1e25931ff6c754d2d02096e2662Till Mossakowski DEBUG(SSSDBG_OP_FAILURE, ("Cannot create new sdap search base\n"));
return EOK;
static errno_t
const char *name;
char *realm;
const char *flat;
char *sid_str;
goto done;
&trust_type);
goto done;
goto done;
if (!realm) {
goto done;
if (ret) {
name));
goto done;
goto done;
&sid_str);
goto done;
goto done;
done:
return ret;
bool *changes)
const char *value;
int ret;
for (c = 0; c < count; c++) {
if (handled[c]) {
goto done;
if (c >= count) {
goto done;
if (ret) {
handled[c] = true;
if (count == h) {
goto done;
*changes = true;
for (c = 0; c < count; c++) {
if (handled[c]) {
if (ret) {
done:
return ret;
int ret;
goto done;
goto done;
goto done;
done:
int ret;
if (ret) {
goto fail;
goto fail;
fail:
return EOK;
NULL, 0,
return ENOMEM;
return EAGAIN;
int ret;
char *sid_str;
char *filter;
char *ntver;
goto done;
if (reply_count == 0) {
goto done;
goto done;
&sid_str);
goto done;
goto done;
goto done;
goto done;
goto done;
done:
int ret;
goto done;
if (reply_count == 0) {
goto done;
goto done;
goto done;
goto done;
goto done;
goto done;
&response);
goto done;
goto done;
goto done;
goto done;
done:
return EOK;
NULL, 0,
return ENOMEM;
return EAGAIN;
int ret;
bool refresh_has_changes = false;
goto done;
if (reply_count) {
goto done;
goto done;
goto done;
if (refresh_has_changes) {
goto done;
goto done;
done:
void *pvt)
const char *errstr)
if (!ctx) {
if (ctx) {
struct ad_subdomains_ctx);
if (!ctx) {
const char *ad_domain,
void **pvt_data)
int ret;
return ENOMEM;
return ENOMEM;
return EFAULT;
return EOK;