summaryrefslogtreecommitdiff
path: root/server/providers/ipa
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-11-19 17:53:38 +0100
committerStephen Gallagher <sgallagh@redhat.com>2009-11-23 12:46:30 -0500
commit921b13a1c454aabc5dec6e7f33f7ae3ffa80febf (patch)
treeb614f4f3c53ee8b4f6928a6da23d0b01247ae974 /server/providers/ipa
parent64e5787639836a49ddc589eda65be454c4bdff58 (diff)
downloadsssd-921b13a1c454aabc5dec6e7f33f7ae3ffa80febf.tar.gz
sssd-921b13a1c454aabc5dec6e7f33f7ae3ffa80febf.tar.bz2
sssd-921b13a1c454aabc5dec6e7f33f7ae3ffa80febf.zip
Read KDC info from file instead from environment
Then name or IP adress of the KDC is written into the pubconf directory into a file named kdcinfo.REALM. The locator plugin will then read this file and pass the data to the kerberos libraries.
Diffstat (limited to 'server/providers/ipa')
-rw-r--r--server/providers/ipa/ipa_common.c30
-rw-r--r--server/providers/ipa/ipa_common.h5
-rw-r--r--server/providers/ipa/ipa_init.c13
3 files changed, 34 insertions, 14 deletions
diff --git a/server/providers/ipa/ipa_common.c b/server/providers/ipa/ipa_common.c
index 2bd9c76d..98ac0772 100644
--- a/server/providers/ipa/ipa_common.c
+++ b/server/providers/ipa/ipa_common.c
@@ -478,19 +478,19 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
/* free old one and replace with new one */
talloc_zfree(service->sdap->uri);
service->sdap->uri = new_uri;
- talloc_zfree(service->krb_server->address);
- service->krb_server->address = address;
+ talloc_zfree(service->krb5_service->address);
+ service->krb5_service->address = address;
- /* set also env variable */
- ret = setenv(SSSD_KRB5_KDC, address, 1);
+ ret = write_kdcinfo_file(service->krb5_service->realm, address);
if (ret != EOK) {
- DEBUG(2, ("setenv %s failed, authentication might fail.\n",
- SSSD_KRB5_KDC));
+ DEBUG(2, ("write_kdcinfo_file failed, authentication might fail.\n"));
}
+
}
int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
- const char *servers, struct ipa_service **_service)
+ const char *servers, const char *domain,
+ struct ipa_service **_service)
{
TALLOC_CTX *tmp_ctx;
struct ipa_service *service;
@@ -514,8 +514,8 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ret = ENOMEM;
goto done;
}
- service->krb_server = talloc_zero(service, struct krb_server);
- if (!service->krb_server) {
+ service->krb5_service = talloc_zero(service, struct krb5_service);
+ if (!service->krb5_service) {
ret = ENOMEM;
goto done;
}
@@ -532,6 +532,18 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
goto done;
}
+ service->krb5_service->name = talloc_strdup(service, "IPA");
+ if (!service->krb5_service->name) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ service->krb5_service->realm = talloc_strdup(service, domain);
+ if (!service->krb5_service->realm) {
+ ret = ENOMEM;
+ goto done;
+ }
+
/* split server parm into a list */
ret = sss_split_list(tmp_ctx, servers, ", ", &list, &count);
if (ret != EOK) {
diff --git a/server/providers/ipa/ipa_common.h b/server/providers/ipa/ipa_common.h
index 8d0840c5..8eaae715 100644
--- a/server/providers/ipa/ipa_common.h
+++ b/server/providers/ipa/ipa_common.h
@@ -29,7 +29,7 @@
struct ipa_service {
struct sdap_service *sdap;
- struct krb_server *krb_server;
+ struct krb5_service *krb5_service;
};
enum ipa_basic_opt {
@@ -72,6 +72,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
struct dp_option **_opts);
int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
- const char *servers, struct ipa_service **_service);
+ const char *servers, const char *domain,
+ struct ipa_service **_service);
#endif /* _IPA_COMMON_H_ */
diff --git a/server/providers/ipa/ipa_init.c b/server/providers/ipa/ipa_init.c
index ea279978..a3f381e4 100644
--- a/server/providers/ipa/ipa_init.c
+++ b/server/providers/ipa/ipa_init.c
@@ -59,6 +59,7 @@ struct bet_ops ipa_access_ops = {
int common_ipa_init(struct be_ctx *bectx)
{
const char *ipa_servers;
+ const char *ipa_domain;
int ret;
ret = ipa_get_options(bectx, bectx->cdb,
@@ -74,8 +75,14 @@ int common_ipa_init(struct be_ctx *bectx)
return EINVAL;
}
- ret = ipa_service_init(ipa_options, bectx,
- ipa_servers, &ipa_options->service);
+ ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN);
+ if (!ipa_domain) {
+ DEBUG(0, ("Missing ipa_domain option!\n"));
+ return EINVAL;
+ }
+
+ ret = ipa_service_init(ipa_options, bectx, ipa_servers, ipa_domain,
+ &ipa_options->service);
if (ret != EOK) {
DEBUG(0, ("Failed to init IPA failover service!\n"));
return ret;
@@ -171,7 +178,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx,
if (!ctx) {
return ENOMEM;
}
- ctx->server = ipa_options->service->krb_server;
+ ctx->service = ipa_options->service->krb5_service;
ipa_options->auth_ctx = ctx;
ret = ipa_get_auth_options(ipa_options, bectx->cdb,