diff options
author | Sumit Bose <sbose@redhat.com> | 2009-11-19 17:53:38 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-11-23 12:46:30 -0500 |
commit | 921b13a1c454aabc5dec6e7f33f7ae3ffa80febf (patch) | |
tree | b614f4f3c53ee8b4f6928a6da23d0b01247ae974 /server/providers/ipa | |
parent | 64e5787639836a49ddc589eda65be454c4bdff58 (diff) | |
download | sssd-921b13a1c454aabc5dec6e7f33f7ae3ffa80febf.tar.gz sssd-921b13a1c454aabc5dec6e7f33f7ae3ffa80febf.tar.bz2 sssd-921b13a1c454aabc5dec6e7f33f7ae3ffa80febf.zip |
Read KDC info from file instead from environment
Then name or IP adress of the KDC is written into the pubconf directory
into a file named kdcinfo.REALM. The locator plugin will then read this
file and pass the data to the kerberos libraries.
Diffstat (limited to 'server/providers/ipa')
-rw-r--r-- | server/providers/ipa/ipa_common.c | 30 | ||||
-rw-r--r-- | server/providers/ipa/ipa_common.h | 5 | ||||
-rw-r--r-- | server/providers/ipa/ipa_init.c | 13 |
3 files changed, 34 insertions, 14 deletions
diff --git a/server/providers/ipa/ipa_common.c b/server/providers/ipa/ipa_common.c index 2bd9c76d..98ac0772 100644 --- a/server/providers/ipa/ipa_common.c +++ b/server/providers/ipa/ipa_common.c @@ -478,19 +478,19 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) /* free old one and replace with new one */ talloc_zfree(service->sdap->uri); service->sdap->uri = new_uri; - talloc_zfree(service->krb_server->address); - service->krb_server->address = address; + talloc_zfree(service->krb5_service->address); + service->krb5_service->address = address; - /* set also env variable */ - ret = setenv(SSSD_KRB5_KDC, address, 1); + ret = write_kdcinfo_file(service->krb5_service->realm, address); if (ret != EOK) { - DEBUG(2, ("setenv %s failed, authentication might fail.\n", - SSSD_KRB5_KDC)); + DEBUG(2, ("write_kdcinfo_file failed, authentication might fail.\n")); } + } int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, - const char *servers, struct ipa_service **_service) + const char *servers, const char *domain, + struct ipa_service **_service) { TALLOC_CTX *tmp_ctx; struct ipa_service *service; @@ -514,8 +514,8 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = ENOMEM; goto done; } - service->krb_server = talloc_zero(service, struct krb_server); - if (!service->krb_server) { + service->krb5_service = talloc_zero(service, struct krb5_service); + if (!service->krb5_service) { ret = ENOMEM; goto done; } @@ -532,6 +532,18 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, goto done; } + service->krb5_service->name = talloc_strdup(service, "IPA"); + if (!service->krb5_service->name) { + ret = ENOMEM; + goto done; + } + + service->krb5_service->realm = talloc_strdup(service, domain); + if (!service->krb5_service->realm) { + ret = ENOMEM; + goto done; + } + /* split server parm into a list */ ret = sss_split_list(tmp_ctx, servers, ", ", &list, &count); if (ret != EOK) { diff --git a/server/providers/ipa/ipa_common.h b/server/providers/ipa/ipa_common.h index 8d0840c5..8eaae715 100644 --- a/server/providers/ipa/ipa_common.h +++ b/server/providers/ipa/ipa_common.h @@ -29,7 +29,7 @@ struct ipa_service { struct sdap_service *sdap; - struct krb_server *krb_server; + struct krb5_service *krb5_service; }; enum ipa_basic_opt { @@ -72,6 +72,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, struct dp_option **_opts); int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, - const char *servers, struct ipa_service **_service); + const char *servers, const char *domain, + struct ipa_service **_service); #endif /* _IPA_COMMON_H_ */ diff --git a/server/providers/ipa/ipa_init.c b/server/providers/ipa/ipa_init.c index ea279978..a3f381e4 100644 --- a/server/providers/ipa/ipa_init.c +++ b/server/providers/ipa/ipa_init.c @@ -59,6 +59,7 @@ struct bet_ops ipa_access_ops = { int common_ipa_init(struct be_ctx *bectx) { const char *ipa_servers; + const char *ipa_domain; int ret; ret = ipa_get_options(bectx, bectx->cdb, @@ -74,8 +75,14 @@ int common_ipa_init(struct be_ctx *bectx) return EINVAL; } - ret = ipa_service_init(ipa_options, bectx, - ipa_servers, &ipa_options->service); + ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN); + if (!ipa_domain) { + DEBUG(0, ("Missing ipa_domain option!\n")); + return EINVAL; + } + + ret = ipa_service_init(ipa_options, bectx, ipa_servers, ipa_domain, + &ipa_options->service); if (ret != EOK) { DEBUG(0, ("Failed to init IPA failover service!\n")); return ret; @@ -171,7 +178,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, if (!ctx) { return ENOMEM; } - ctx->server = ipa_options->service->krb_server; + ctx->service = ipa_options->service->krb5_service; ipa_options->auth_ctx = ctx; ret = ipa_get_auth_options(ipa_options, bectx->cdb, |