diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-19 10:50:44 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-28 22:22:20 +0200 |
commit | f8a4a5f6240156809e1b5ef03816f673281e3fa0 (patch) | |
tree | 4963a9bbe4f56c50093df9f826fa7a268b6fd335 | |
parent | 59415636c92c6e9764ddc65a85ad61002310519d (diff) | |
download | sssd-f8a4a5f6240156809e1b5ef03816f673281e3fa0.tar.gz sssd-f8a4a5f6240156809e1b5ef03816f673281e3fa0.tar.bz2 sssd-f8a4a5f6240156809e1b5ef03816f673281e3fa0.zip |
IPA: Initialize server mode ctx if server mode is on
This patch introduces a new structure that holds information about a
subdomain and its ad_id_ctx. This structure will be used only in server
mode to make it possible to search subdomains with a particular
ad_id_ctx.
Subtask of:
https://fedorahosted.org/sssd/ticket/1962
-rw-r--r-- | Makefile.am | 7 | ||||
-rw-r--r-- | src/providers/ipa/ipa_common.h | 5 | ||||
-rw-r--r-- | src/providers/ipa/ipa_init.c | 6 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 33 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains.h | 18 |
5 files changed, 69 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index da1d26c6..51584342 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1575,6 +1575,11 @@ libsss_ipa_la_SOURCES = \ src/providers/ipa/ipa_selinux_common.c \ src/providers/ipa/ipa_srv.c \ src/providers/ipa/ipa_idmap.c \ + src/providers/ad/ad_common.c \ + src/providers/ad/ad_common.h \ + src/providers/ad/ad_dyndns.c \ + src/providers/ad/ad_id.c \ + src/providers/ad/ad_srv.c \ src/util/user_info_msg.c \ src/util/find_uid.c \ src/util/sss_ldap.c \ @@ -1583,10 +1588,12 @@ libsss_ipa_la_CFLAGS = \ $(AM_CFLAGS) \ $(LDAP_CFLAGS) \ $(DHASH_CFLAGS) \ + $(NDR_NBT_CFLAGS) $(KRB5_CFLAGS) libsss_ipa_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ + $(NDR_NBT_LIBS) \ $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ libsss_ldap_common.la \ diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 43ccb8e0..2af20e1d 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -112,9 +112,14 @@ struct ipa_auth_ctx { struct dp_option *ipa_options; }; +/* In server mode, each subdomain corresponds to an AD context */ + struct ipa_id_ctx { struct sdap_id_ctx *sdap_id_ctx; struct ipa_options *ipa_options; + + /* Only used with server mode */ + struct ipa_server_mode_ctx *server_mode; }; struct ipa_options { diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 7297fc93..fe13b187 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -528,6 +528,12 @@ int sssm_ipa_subdomains_init(struct be_ctx *bectx, return ret; } + ret = ipa_ad_subdom_init(bectx, id_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("ipa_ad_subdom_init failed.\n")); + return ret; + } + return EOK; } diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index a67526c8..652726da 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -925,3 +925,36 @@ int ipa_subdom_init(struct be_ctx *be_ctx, return EOK; } + +int ipa_ad_subdom_init(struct be_ctx *be_ctx, + struct ipa_id_ctx *id_ctx) +{ + char *realm; + char *hostname; + + if (dp_opt_get_bool(id_ctx->ipa_options->basic, + IPA_SERVER_MODE) == false) { + return EOK; + } + + realm = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_KRB5_REALM); + if (realm == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm for IPA?\n")); + return EINVAL; + } + + hostname = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_HOSTNAME); + if (hostname == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No host name for IPA?\n")); + return EINVAL; + } + + id_ctx->server_mode = talloc(id_ctx, struct ipa_server_mode_ctx); + if (id_ctx->server_mode == NULL) { + return ENOMEM; + } + id_ctx->server_mode->realm = realm; + id_ctx->server_mode->hostname = hostname; + + return EOK; +} diff --git a/src/providers/ipa/ipa_subdomains.h b/src/providers/ipa/ipa_subdomains.h index c9ab82a2..315ce9e0 100644 --- a/src/providers/ipa/ipa_subdomains.h +++ b/src/providers/ipa/ipa_subdomains.h @@ -38,6 +38,24 @@ int ipa_subdom_init(struct be_ctx *be_ctx, struct bet_ops **ops, void **pvt_data); +/* The following are used in server mode only */ +struct ipa_ad_server_ctx { + struct sss_domain_info *dom; + struct ad_id_ctx *ad_id_ctx; + + struct ipa_ad_server_ctx *next, *prev; +}; + +struct ipa_server_mode_ctx { + const char *realm; + const char *hostname; + + struct ipa_ad_server_ctx *trusts; +}; + +int ipa_ad_subdom_init(struct be_ctx *be_ctx, + struct ipa_id_ctx *id_ctx); + enum req_input_type { REQ_INP_NAME, REQ_INP_ID, |