summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-06-15 15:06:40 +0200
committerStephen Gallagher <sgallagh@redhat.com>2009-07-02 08:59:46 -0400
commit43133b835fe97592eba30344805177faab9fb644 (patch)
treeebabeb05e213744d5f1e8a170214cd9e53d6fe9e
parent9a28c36d323c14e31a3895ffe7dc905b815291f8 (diff)
downloadsssd-43133b835fe97592eba30344805177faab9fb644.tar.gz
sssd-43133b835fe97592eba30344805177faab9fb644.tar.bz2
sssd-43133b835fe97592eba30344805177faab9fb644.zip
added kerberos locator plugin
-rw-r--r--server/Makefile.am14
-rw-r--r--server/conf_macros.m414
-rw-r--r--server/configure.ac2
-rw-r--r--server/external/krb5.m411
-rw-r--r--server/krb5_plugin/sssd_krb5_locator_plugin.c131
-rw-r--r--server/krb5_plugin/sssd_krb5_locator_plugin.h8
-rw-r--r--sssd.spec.in5
7 files changed, 183 insertions, 2 deletions
diff --git a/server/Makefile.am b/server/Makefile.am
index bed9060b..b15c2306 100644
--- a/server/Makefile.am
+++ b/server/Makefile.am
@@ -3,6 +3,7 @@ topdir=.
sssdlibexecdir = $(libexecdir)/sssd
sssdlibdir = $(libdir)/sssd
ldblibdir = $(libdir)/ldb
+krb5plugindir = @krb5pluginpath@
sssdconfdir = $(sysconfdir)/sssd
dbusintrospectdir = $(datarootdir)/sssd/introspect
dbuspolicydir = $(sysconfdir)/dbus-1/system.d
@@ -80,6 +81,9 @@ sssdlib_LTLIBRARIES = \
ldblib_LTLIBRARIES = \
memberof.la
+krb5plugin_LTLIBRARIES = \
+ sssd_krb5_locator_plugin.la
+
noinst_LTLIBRARIES = \
libsss_crypt.la
libsss_crypt_la_SOURCES = \
@@ -208,6 +212,7 @@ dist_noinst_HEADERS = \
providers/dp_backend.h \
providers/providers.h \
tools/tools_util.h \
+ krb5_plugin/sssd_krb5_locator_plugin.h \
$(infopipe_headers) \
$(polkit_headers)
@@ -403,6 +408,15 @@ memberof_la_LDFLAGS = \
-avoid-version \
-module
+sssd_krb5_locator_plugin_la_SOURCES = \
+ krb5_plugin/sssd_krb5_locator_plugin.c
+sssd_krb5_locator_plugin_la_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(KRB5_CFLAGS)
+sssd_krb5_locator_plugin_la_LDFLAGS = \
+ -avoid-version \
+ -module
+
############
# MANPAGES #
############
diff --git a/server/conf_macros.m4 b/server/conf_macros.m4
index 7e230bbf..c67b47b0 100644
--- a/server/conf_macros.m4
+++ b/server/conf_macros.m4
@@ -132,7 +132,6 @@ AC_DEFUN([WITH_INIT_DIR],
AC_SUBST(initdir)
])
-
AC_DEFUN([WITH_SHADOW_UTILS_PATH],
[ AC_ARG_WITH([shadow-utils-path],
[AC_HELP_STRING([--with-shadow-utils-path=PATH],
@@ -177,3 +176,16 @@ AC_DEFUN([WITH_XML_CATALOG],
AC_SUBST([SGML_CATALOG_FILES])
])
+AC_DEFUN([WITH_KRB5_PLUGIN_PATH],
+ [ AC_ARG_WITH([krb5-plugin-path],
+ [AC_HELP_STRING([--with-krb5-plugin-path=PATH],
+ [Path to kerberos plugin store [/usr/lib/krb5/plugins/libkrb5]]
+ )
+ ]
+ )
+ krb5pluginpath="${libdir}/krb5/plugins/libkrb5"
+ if test x"$with_krb5_plugin_path" != x; then
+ krb5pluginpath=$with_krb5_plugin_path
+ fi
+ AC_SUBST(krb5pluginpath)
+ ])
diff --git a/server/configure.ac b/server/configure.ac
index 88032766..facefe27 100644
--- a/server/configure.ac
+++ b/server/configure.ac
@@ -49,6 +49,7 @@ WITH_INIT_DIR
WITH_SHADOW_UTILS_PATH
WITH_MANPAGES
WITH_XML_CATALOG
+WITH_KRB5_PLUGIN_PATH
m4_include([external/pkg.m4])
m4_include([external/libpopt.m4])
@@ -59,6 +60,7 @@ m4_include([external/libldb.m4])
m4_include([external/pam.m4])
m4_include([external/ldap.m4])
m4_include([external/libpcre.m4])
+m4_include([external/krb5.m4])
m4_include([util/signal.m4])
PKG_CHECK_MODULES([DBUS],[dbus-1])
diff --git a/server/external/krb5.m4 b/server/external/krb5.m4
new file mode 100644
index 00000000..1ed5064a
--- /dev/null
+++ b/server/external/krb5.m4
@@ -0,0 +1,11 @@
+AC_SUBST(KRB5_CFLAGS)
+AC_SUBST(KRB5_LIBS)
+AC_PATH_PROG(KRB5_CONFIG, krb5-config)
+AC_MSG_CHECKING(for working krb5-config)
+if test -x "$KRB5_CONFIG"; then
+ KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"
+ KRB5_LIBS="`$KRB5_CONFIG --libs`"
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_ERROR(no. Please install MIT kerberos devel package)
+fi
diff --git a/server/krb5_plugin/sssd_krb5_locator_plugin.c b/server/krb5_plugin/sssd_krb5_locator_plugin.c
new file mode 100644
index 00000000..699cad40
--- /dev/null
+++ b/server/krb5_plugin/sssd_krb5_locator_plugin.c
@@ -0,0 +1,131 @@
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <krb5/locate_plugin.h>
+
+#include "krb5_plugin/sssd_krb5_locator_plugin.h"
+
+struct sssd_ctx {
+ char *sssd_realm;
+ char *sssd_kdc;
+};
+
+krb5_error_code sssd_krb5_locator_init(krb5_context context,
+ void **private_data)
+{
+ struct sssd_ctx *ctx;
+ char *dummy;
+
+ ctx = calloc(1,sizeof(struct sssd_ctx));
+ if (ctx == NULL) return ENOMEM;
+
+ dummy = getenv(SSSD_REALM);
+ if (dummy == NULL) goto failed;
+ ctx->sssd_realm = strdup(dummy);
+ if (ctx->sssd_realm == NULL) goto failed;
+
+ dummy = getenv(SSSD_KDC);
+ if (dummy == NULL) goto failed;
+ ctx->sssd_kdc = strdup(dummy);
+ if (ctx->sssd_kdc == NULL) goto failed;
+
+ *private_data = ctx;
+
+ return 0;
+failed:
+ free(ctx->sssd_realm);
+ free(ctx->sssd_kdc);
+ free(ctx);
+
+ private_data = NULL;
+
+ return EINVAL;
+}
+
+void sssd_krb5_locator_close(void *private_data)
+{
+ struct sssd_ctx *ctx;
+
+ if (private_data == NULL) return;
+
+ ctx = (struct sssd_ctx *) private_data;
+ free(ctx->sssd_realm);
+ free(ctx->sssd_kdc);
+ free(ctx);
+
+ return;
+}
+
+krb5_error_code sssd_krb5_locator_lookup(void *private_data,
+ enum locate_service_type svc,
+ const char *realm,
+ int socktype,
+ int family,
+ int (*cbfunc)(void *, int, struct sockaddr *),
+ void *cbdata)
+{
+ int ret;
+ struct sockaddr_in addr;
+ struct sssd_ctx *ctx;
+
+ if (private_data == NULL) return KRB5_PLUGIN_NO_HANDLE;
+ ctx = (struct sssd_ctx *) private_data;
+
+#ifdef KRB5_PLUGIN_DEBUG
+ fprintf(stderr,"[%s][%s][%s][%d][%d][%d]\n", realm, ctx->sssd_realm,
+ ctx->sssd_kdc, socktype,
+ family, svc);
+#endif
+
+ switch (svc) {
+ case locate_service_kdc:
+ case locate_service_master_kdc:
+ case locate_service_kadmin:
+ break;
+ case locate_service_krb524:
+ case locate_service_kpasswd:
+ return KRB5_PLUGIN_NO_HANDLE;
+ default:
+ return EINVAL;
+ }
+
+ switch (family) {
+ case AF_UNSPEC:
+ case AF_INET:
+ break;
+ default:
+ return KRB5_PLUGIN_NO_HANDLE;
+ }
+
+ switch (socktype) {
+ case SOCK_STREAM:
+ case SOCK_DGRAM:
+ break;
+ default:
+ return EINVAL;
+ }
+
+ if (strcmp(realm, ctx->sssd_realm) != 0)
+ return KRB5_PLUGIN_NO_HANDLE;
+
+ addr.sin_family = AF_INET;
+ ret = inet_aton(ctx->sssd_kdc, &addr.sin_addr);
+ if (ret == 0) return EINVAL;
+ addr.sin_port = htons(88);
+
+ ret = cbfunc(cbdata, socktype, (struct sockaddr *) &addr);
+
+ return 0;
+}
+
+const krb5plugin_service_locate_ftable service_locator = {
+ 0, /* version */
+ sssd_krb5_locator_init,
+ sssd_krb5_locator_close,
+ sssd_krb5_locator_lookup,
+};
diff --git a/server/krb5_plugin/sssd_krb5_locator_plugin.h b/server/krb5_plugin/sssd_krb5_locator_plugin.h
new file mode 100644
index 00000000..ab41689b
--- /dev/null
+++ b/server/krb5_plugin/sssd_krb5_locator_plugin.h
@@ -0,0 +1,8 @@
+#ifndef __SSSD_KRB5_LOCATOR_PLUGIN_H__
+#define __SSSD_KRB5_LOCATOR_PLUGIN_H__
+
+#define SSSD_KDC "SSSD_KDC"
+#define SSSD_REALM "SSSD_REALM"
+
+#endif /* __SSSD_KRB5_LOCATOR_PLUGIN_H__ */
+
diff --git a/sssd.spec.in b/sssd.spec.in
index 20535764..719e6b7c 100644
--- a/sssd.spec.in
+++ b/sssd.spec.in
@@ -42,6 +42,7 @@ BuildRequires: pcre-devel
BuildRequires: libxslt
BuildRequires: libxml2
BuildRequires: docbook-style-xsl
+BuildRequires: krb5-devel
%description
Provides a set of daemons to manage access to remote directories and
@@ -78,7 +79,8 @@ rm -f \
$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
$RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
- $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la
+ $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
+ $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la
%clean
rm -rf $RPM_BUILD_ROOT
@@ -97,6 +99,7 @@ rm -rf $RPM_BUILD_ROOT
%{_libexecdir}/%{servicename}/
%{_libdir}/%{name}/
%{_libdir}/ldb/memberof.so
+%{_libdir}/krb5/plugins/libkrb5/*
%dir %{_sharedstatedir}/sss/
%attr(700,root,root) %dir %{_sharedstatedir}/sss/db
%dir %{_sharedstatedir}/sss/pipes