>From cfc64322d0427f9d2ffc5681d016091ebf9dffd1 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sun, 5 May 2013 20:36:06 +0200 Subject: [PATCH] Use AD domain flat name to match domains https://fedorahosted.org/sssd/ticket/1468 This patch adds the possibility to autoconfigure the flat (NetBIOS) names for the AD provider using the existing ad_domain value. But because in AD it is possible to use a completely different flat name, there also is an option to specify the flat name independently of the AD domain name. --- src/confdb/confdb.c | 48 ++++++++++++++++++++++++++++++++++ src/confdb/confdb.h | 4 +++ src/config/SSSDConfig/__init__.py.in | 1 + src/config/etc/sssd.api.d/sssd-ad.conf | 1 + src/man/sssd-ad.5.xml | 14 ++++++++++ src/providers/ad/ad_opts.h | 1 + 6 files changed, 69 insertions(+) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index e1888678eaf45446a89c4a290d55356deae0afdf..6e6f73a98330926f9698581563a80a3758c3b42f 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -864,6 +864,54 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, domain->mpg = true; } + /* Load AD specific configuration for the responders */ + if (strcasecmp(domain->provider, "ad") == 0) { + const char *flat_name; + + /* Check if there is a flat name configured. If so, use it. */ + flat_name = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_AD_FLAT_NAME, + NULL); + if (flat_name == NULL) { + char *dotname; + + /* Otherwise get the domain name */ + tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_AD_DOM_NAME, + domain->name); + if (tmp == NULL) { + /* No domain name set? */ + ret = EINVAL; + goto done; + } + + flat_name = talloc_strdup(tmp_ctx, tmp); + if (flat_name == NULL) { + ret = ENOMEM; + goto done; + } + + /* Use the domain name up until the first dot. However, an AD + * domain w/o a dot is still a legal setting + */ + dotname = strchr(flat_name, '.'); + if (dotname) { + *dotname = '\0'; + } + } + + domain->flat_name = talloc_strdup(domain, flat_name); + if (domain->flat_name == NULL) { + ret = ENOMEM; + goto done; + } + + if (strlen(domain->flat_name) > 15) { + DEBUG(SSSDBG_MINOR_FAILURE, ("The flat name of AD domain" + "is longer than the 15 character limit\n")); + } + } + domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_TIMEOUT, 0); diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 1d9647394ce59f12f59d55f22c6d42e669c39a11..a8c034d6d95e860b7f4a0c50087ec569057f2084 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -183,6 +183,10 @@ #define CONFDB_PROXY_PAM_TARGET "proxy_pam_target" #define CONFDB_PROXY_FAST_ALIAS "proxy_fast_alias" +/* AD Provider */ +#define CONFDB_AD_DOM_NAME "ad_domain" +#define CONFDB_AD_FLAT_NAME "ad_flat_domain" + struct confdb_ctx; struct config_file_ctx; diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index bc7bb0a781a64b264d350a7766cf45de869273cf..3f3e2c64a3cd5096624990f6113bc66dce533ac1 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -153,6 +153,7 @@ option_strings = { # [provider/ad] 'ad_domain' : _('Active Directory domain'), + 'ad_flat_domain' : _('Active Directory flat domain name'), 'ad_server' : _('Active Directory server address'), 'ad_backup_server' : _('Active Directory backup server address'), 'ad_hostname' : _('Active Directory client hostname'), diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf index b4b1d0ba11d600a8b9a300f15cc8058be470f422..08d8f63a860995fbba545f7d3e441043bc6382f0 100644 --- a/src/config/etc/sssd.api.d/sssd-ad.conf +++ b/src/config/etc/sssd.api.d/sssd-ad.conf @@ -1,5 +1,6 @@ [provider/ad] ad_domain = str, None, false +ad_flat_domain = str, None, false ad_server = str, None, false ad_backup_server = str, None, false ad_hostname = str, None, false diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index c19607715dafd39f167c3066831ae7ad09ffe459..5b946e536125118416ada73e2b66f5331e1a9979 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -99,6 +99,20 @@ ldap_id_mapping = False + ad_flat_domain (string) + + + Specifies the flat (NetBIOS) name of the + Active Directory domain. This parameter is + optional. If not provided, the ad_domain value + up to the first dot is used. + + + + + + + ad_server, ad_backup_server (string) diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h index 32bbe3db2f4048056c7e96619eaf53ce22bf52f8..3be2f5882458079f64185067d0f35c8b962425cc 100644 --- a/src/providers/ad/ad_opts.h +++ b/src/providers/ad/ad_opts.h @@ -29,6 +29,7 @@ struct dp_option ad_basic_opts[] = { { "ad_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ad_flat_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING }, -- 1.8.2.1