s3-ipasam: Add aliases for trusted domain user

Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 16 12:58:13 CET 2011 on sn-devel-104

diff --git a/source3/passdb/pdb_ipa.c b/source3/passdb/pdb_ipa.c
index 3daa06e2a85d72fecc6f0a3cafe2a99b17539ea7..3108c5e1f012e44c07d72ca2554d4cb9ade43429 100644 (file)
--- a/source3/passdb/pdb_ipa.c
+++ b/source3/passdb/pdb_ipa.c
@@ -812,6 +812,8 @@ static NTSTATUS ipasam_add_objectclasses(struct ldapsam_privates *ldap_state,
        NTSTATUS status;
        int ret;
        char *princ;
+       const char *domain;
+       char *domain_with_dot;
 
        dn = get_account_dn(pdb_get_username(sampass));
        if (dn == NULL) {
@@ -823,6 +825,16 @@ static NTSTATUS ipasam_add_objectclasses(struct ldapsam_privates *ldap_state,
                return NT_STATUS_NO_MEMORY;
        }
 
+       domain = pdb_get_domain(sampass);
+       if (domain == NULL) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       domain_with_dot = talloc_asprintf(talloc_tos(), "%s.", domain);
+       if (domain_with_dot == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
        smbldap_set_mod(&mods, LDAP_MOD_ADD,
                        "objectclass", LDAP_OBJ_KRB_PRINCIPAL);
        smbldap_set_mod(&mods, LDAP_MOD_ADD,
@@ -832,7 +844,7 @@ static NTSTATUS ipasam_add_objectclasses(struct ldapsam_privates *ldap_state,
        smbldap_set_mod(&mods, LDAP_MOD_ADD,
                        "objectclass", "ipaHost");
        smbldap_set_mod(&mods, LDAP_MOD_ADD,
-                       "fqdn", "dummy.dummy.dummy");
+                       "fqdn", domain);
        smbldap_set_mod(&mods, LDAP_MOD_ADD,
                        "objectclass", "posixAccount");
        smbldap_set_mod(&mods, LDAP_MOD_ADD,
@@ -841,6 +853,8 @@ static NTSTATUS ipasam_add_objectclasses(struct ldapsam_privates *ldap_state,
                        "gidNumber", "12345");
        smbldap_set_mod(&mods, LDAP_MOD_ADD,
                        "homeDirectory", "/dev/null");
+       smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", domain);
+       smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", domain_with_dot);
 
        ret = smbldap_modify(ldap_state->smbldap_state, dn, mods);
        ldap_mods_free(mods, true);

diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index dee679eb799ef6ca04ca7a596e10fe23b3bbb386..9f05433631a324be70307fc8064b61e80f44c9bc 100644 (file)
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -1601,6 +1601,7 @@ NTSTATUS _lsa_OpenTrustedDomainByName(struct pipes_struct *p,
 
 static NTSTATUS add_trusted_domain_user(TALLOC_CTX *mem_ctx,
                                        const char *netbios_name,
+                                       const char *domain_name,
                                        struct trustDomainPasswords auth_struct)
 {
        NTSTATUS status;
@@ -1625,7 +1626,7 @@ static NTSTATUS add_trusted_domain_user(TALLOC_CTX *mem_ctx,
                return NT_STATUS_UNSUCCESSFUL;
        }
 
-       if (!pdb_set_domain(sam_acct, get_global_sam_name(), PDB_SET)) {
+       if (!pdb_set_domain(sam_acct, domain_name, PDB_SET)) {
                return NT_STATUS_UNSUCCESSFUL;
        }
 
@@ -1787,6 +1788,7 @@ NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p,
        if (r->in.info->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
                status = add_trusted_domain_user(p->mem_ctx,
                                                 r->in.info->netbios_name.string,
+                                                r->in.info->domain_name.string,
                                                 auth_struct);
                if (!NT_STATUS_IS_OK(status)) {
                        return status;