Line data Source code
1 : /*
2 : SSSD
3 :
4 : IPA Subdomains Module - utilities
5 :
6 : Authors:
7 : Sumit Bose <sbose@redhat.com>
8 :
9 : Copyright (C) 2015 Red Hat
10 :
11 : This program is free software; you can redistribute it and/or modify
12 : it under the terms of the GNU General Public License as published by
13 : the Free Software Foundation; either version 3 of the License, or
14 : (at your option) any later version.
15 :
16 : This program is distributed in the hope that it will be useful,
17 : but WITHOUT ANY WARRANTY; without even the implied warranty of
18 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 : GNU General Public License for more details.
20 :
21 : You should have received a copy of the GNU General Public License
22 : along with this program. If not, see <http://www.gnu.org/licenses/>.
23 : */
24 :
25 : #include "providers/ipa/ipa_subdomains.h"
26 : #include "providers/ipa/ipa_common.h"
27 : #include "providers/ipa/ipa_id.h"
28 :
29 10 : struct ldb_dn *ipa_subdom_ldb_dn(TALLOC_CTX *mem_ctx,
30 : struct ldb_context *ldb_ctx,
31 : struct sysdb_attrs *attrs)
32 : {
33 : int ret;
34 : const char *orig_dn;
35 10 : struct ldb_dn *dn = NULL;
36 :
37 10 : if (attrs == NULL || ldb_ctx == NULL) {
38 1 : return NULL;
39 : }
40 :
41 9 : ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn);
42 9 : if (ret) {
43 1 : DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed: %d\n", ret);
44 1 : return NULL;
45 : }
46 :
47 8 : dn = ldb_dn_new(mem_ctx, ldb_ctx, orig_dn);
48 8 : if (dn == NULL) {
49 0 : DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
50 0 : return NULL;
51 : }
52 :
53 8 : if (!ldb_dn_validate(dn)) {
54 1 : DEBUG(SSSDBG_OP_FAILURE, "Original DN [%s] is not a valid DN.\n",
55 : orig_dn);
56 1 : talloc_free(dn);
57 1 : return NULL;
58 : }
59 :
60 7 : return dn;
61 : }
62 :
63 6 : bool ipa_subdom_is_member_dom(struct ldb_dn *dn)
64 : {
65 : const struct ldb_val *val;
66 :
67 6 : if (dn == NULL) {
68 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Wrong input!\n");
69 0 : return false;
70 : }
71 :
72 6 : if (ldb_dn_get_comp_num(dn) < 5) {
73 : /* We are only interested in the member domain objects. In IPA the
74 : * forest root object is stored as e.g.
75 : * cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Member domains in the
76 : * forest are children of the forest root object e.g.
77 : * cn=SUB.AD.DOM,cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Since
78 : * the forest name is not stored in the member objects we derive it
79 : * from the RDN of the forest root object. */
80 0 : DEBUG(SSSDBG_TRACE_FUNC,
81 : "DN too short, not a member domain\n");
82 0 : return false;
83 : }
84 :
85 6 : val = ldb_dn_get_component_val(dn, 3);
86 6 : if (strncasecmp("trusts", (const char *) val->data, val->length) != 0) {
87 3 : DEBUG(SSSDBG_TRACE_FUNC,
88 : "4th component is not 'trust', not a member domain\n");
89 3 : return false;
90 : }
91 :
92 3 : val = ldb_dn_get_component_val(dn, 2);
93 3 : if (strncasecmp("ad", (const char *) val->data, val->length) != 0) {
94 1 : DEBUG(SSSDBG_TRACE_FUNC,
95 : "3rd component is not 'ad', not a member domain\n");
96 1 : return false;
97 : }
98 :
99 2 : return true;
100 : }
|
