summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-06-19 10:50:44 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-28 22:22:20 +0200
commitf8a4a5f6240156809e1b5ef03816f673281e3fa0 (patch)
tree4963a9bbe4f56c50093df9f826fa7a268b6fd335
parent59415636c92c6e9764ddc65a85ad61002310519d (diff)
downloadsssd-f8a4a5f6240156809e1b5ef03816f673281e3fa0.tar.gz
sssd-f8a4a5f6240156809e1b5ef03816f673281e3fa0.tar.bz2
sssd-f8a4a5f6240156809e1b5ef03816f673281e3fa0.zip
IPA: Initialize server mode ctx if server mode is on
This patch introduces a new structure that holds information about a subdomain and its ad_id_ctx. This structure will be used only in server mode to make it possible to search subdomains with a particular ad_id_ctx. Subtask of: https://fedorahosted.org/sssd/ticket/1962
-rw-r--r--Makefile.am7
-rw-r--r--src/providers/ipa/ipa_common.h5
-rw-r--r--src/providers/ipa/ipa_init.c6
-rw-r--r--src/providers/ipa/ipa_subdomains.c33
-rw-r--r--src/providers/ipa/ipa_subdomains.h18
5 files changed, 69 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am
index da1d26c6..51584342 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1575,6 +1575,11 @@ libsss_ipa_la_SOURCES = \
src/providers/ipa/ipa_selinux_common.c \
src/providers/ipa/ipa_srv.c \
src/providers/ipa/ipa_idmap.c \
+ src/providers/ad/ad_common.c \
+ src/providers/ad/ad_common.h \
+ src/providers/ad/ad_dyndns.c \
+ src/providers/ad/ad_id.c \
+ src/providers/ad/ad_srv.c \
src/util/user_info_msg.c \
src/util/find_uid.c \
src/util/sss_ldap.c \
@@ -1583,10 +1588,12 @@ libsss_ipa_la_CFLAGS = \
$(AM_CFLAGS) \
$(LDAP_CFLAGS) \
$(DHASH_CFLAGS) \
+ $(NDR_NBT_CFLAGS)
$(KRB5_CFLAGS)
libsss_ipa_la_LIBADD = \
$(OPENLDAP_LIBS) \
$(DHASH_LIBS) \
+ $(NDR_NBT_LIBS) \
$(KEYUTILS_LIBS) \
$(KRB5_LIBS) \
libsss_ldap_common.la \
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 43ccb8e0..2af20e1d 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -112,9 +112,14 @@ struct ipa_auth_ctx {
struct dp_option *ipa_options;
};
+/* In server mode, each subdomain corresponds to an AD context */
+
struct ipa_id_ctx {
struct sdap_id_ctx *sdap_id_ctx;
struct ipa_options *ipa_options;
+
+ /* Only used with server mode */
+ struct ipa_server_mode_ctx *server_mode;
};
struct ipa_options {
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 7297fc93..fe13b187 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -528,6 +528,12 @@ int sssm_ipa_subdomains_init(struct be_ctx *bectx,
return ret;
}
+ ret = ipa_ad_subdom_init(bectx, id_ctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("ipa_ad_subdom_init failed.\n"));
+ return ret;
+ }
+
return EOK;
}
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index a67526c8..652726da 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -925,3 +925,36 @@ int ipa_subdom_init(struct be_ctx *be_ctx,
return EOK;
}
+
+int ipa_ad_subdom_init(struct be_ctx *be_ctx,
+ struct ipa_id_ctx *id_ctx)
+{
+ char *realm;
+ char *hostname;
+
+ if (dp_opt_get_bool(id_ctx->ipa_options->basic,
+ IPA_SERVER_MODE) == false) {
+ return EOK;
+ }
+
+ realm = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_KRB5_REALM);
+ if (realm == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm for IPA?\n"));
+ return EINVAL;
+ }
+
+ hostname = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_HOSTNAME);
+ if (hostname == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("No host name for IPA?\n"));
+ return EINVAL;
+ }
+
+ id_ctx->server_mode = talloc(id_ctx, struct ipa_server_mode_ctx);
+ if (id_ctx->server_mode == NULL) {
+ return ENOMEM;
+ }
+ id_ctx->server_mode->realm = realm;
+ id_ctx->server_mode->hostname = hostname;
+
+ return EOK;
+}
diff --git a/src/providers/ipa/ipa_subdomains.h b/src/providers/ipa/ipa_subdomains.h
index c9ab82a2..315ce9e0 100644
--- a/src/providers/ipa/ipa_subdomains.h
+++ b/src/providers/ipa/ipa_subdomains.h
@@ -38,6 +38,24 @@ int ipa_subdom_init(struct be_ctx *be_ctx,
struct bet_ops **ops,
void **pvt_data);
+/* The following are used in server mode only */
+struct ipa_ad_server_ctx {
+ struct sss_domain_info *dom;
+ struct ad_id_ctx *ad_id_ctx;
+
+ struct ipa_ad_server_ctx *next, *prev;
+};
+
+struct ipa_server_mode_ctx {
+ const char *realm;
+ const char *hostname;
+
+ struct ipa_ad_server_ctx *trusts;
+};
+
+int ipa_ad_subdom_init(struct be_ctx *be_ctx,
+ struct ipa_id_ctx *id_ctx);
+
enum req_input_type {
REQ_INP_NAME,
REQ_INP_ID,