Skip to content

Commit

Permalink
Fix regression with user/group validation in AD environments
Browse files Browse the repository at this point in the history
  • Loading branch information
@anodos325
anodos325 committed Feb 22, 2019
1 parent 440aa59 commit 779a3cc
Showing 1 changed file with 28 additions and 4 deletions.
32 changes: 28 additions & 4 deletions gui/common/freenasldap.py
View file
Expand Up @@ -3109,10 +3109,32 @@ def __get_group(self, group, netbiosname):
self.basedn = self.get_baseDN()
self.attributes = ['sAMAccountName']

# Redmine 63414
# Redmine 63414 and 76000
"""
"use default domain = False":
Local Domain External Domain
GROUP DOMAIN\GROUP TRUSTED\GROUP
"use default domain = True":
GROUP GROUP TRUSTED\GROUP
@param(in) GROUP: <GROUP>
@param(in) netbiosname: <DOMAIN>
If the domain is a trusted domain, the sAMAccountName for
the group cannot be obtained through an LDAP query. Reconstruct
the groupname as originally received (<DOMAIN>\<GROUP>) prior to
grp.getgrnam(). Determine whether this is trusted domain
by comparing with the value of "workgroup" in cifs_srv_workgroup.
This value (workgroup) is automatically detected and set when the
server initially joins an AD domain.
"""

external_domain = False
if netbiosname:
joined_domain = self.basedn.split(',')[0].strip('DC=').upper()
with client as c:
smb = c.call('smb.config')
joined_domain = smb['workgroup'].upper()
group_domain = netbiosname.upper()
if joined_domain != group_domain:
external_domain = True
Expand Down Expand Up @@ -3326,10 +3348,12 @@ def __get_user(self, user, netbiosname):
self.basedn = self.get_baseDN()
self.attributes = ['sAMAccountName']

# Redmine 63414
# Redmine 63414 and 76000
external_domain = False
if netbiosname:
joined_domain = self.basedn.split(',')[0].strip('DC=').upper()
with client as c:
smb = c.call('smb.config')
joined_domain = smb['workgroup'].upper()
group_domain = netbiosname.upper()
if joined_domain != group_domain:
external_domain = True
Expand Down

0 comments on commit 779a3cc

Please sign in to comment.