Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-4823

Names of domains from a trusted forest should be compared case-insentive

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • ipa-4.13.1-3.el10
    • None
    • Low
    • rhel-idm-ipa
    • ssg_idm
    • 24
    • 26
    • 0
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Release Note Not Required
    • None
    • 57,005

      Description of problem:
      If the AD forest root has a mix case name the this is preserved for the trust object. It looks like netr_DsRGetForestTrustInformation returns this name in all lower case, which is ok since DNS names are case-insensitive.

      Unfortunately there is a case-sensitive comparison in fetch_domains():

      for t in domains.entries:
      if t.type == lsa.LSA_FOREST_TRUST_DOMAIN_INFO:
      tname = unicode(t.forest_trust_data.dns_domain_name.string)
      if tname == trustdomain: <<<<<<<<<<<<<<<<<<<<<<<<<<
      continue
      result['domains'][tname] =

      { 'cn': tname, 'ipantflatname': unicode( t.forest_trust_data.netbios_domain_name.string), 'ipanttrusteddomainsid': unicode( t.forest_trust_data.domain_sid) }

      elif t.type == lsa.LSA_FOREST_TRUST_TOP_LEVEL_NAME:
      tname = unicode(t.forest_trust_data.string)
      if tname == trustdomain:

      and as a result the forest root is added a second time as forest member which casuse all kind of unexpected behavior.

              frenaud@redhat.com Florence Renaud
              sbose@redhat.com Sumit Bose
              Florence Renaud Florence Renaud
              Anuja More Anuja More
              Filip Hanzelka Filip Hanzelka
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: