summaryrefslogtreecommitdiff
path: root/src/providers/krb5
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2010-04-16 17:58:52 +0200
committerStephen Gallagher <sgallagh@redhat.com>2010-05-07 17:14:32 -0400
commit66da80489c0114878043b40592c5f47d41eb0ffd (patch)
treea69750b3275692fd6dd370da90cce74ad2615e2a /src/providers/krb5
parentdd025b4cbd501e2f34461f9d8359a829b81f5c2f (diff)
downloadsssd-66da80489c0114878043b40592c5f47d41eb0ffd.tar.gz
sssd-66da80489c0114878043b40592c5f47d41eb0ffd.tar.bz2
sssd-66da80489c0114878043b40592c5f47d41eb0ffd.zip
Use service discovery in backends
Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set.
Diffstat (limited to 'src/providers/krb5')
-rw-r--r--src/providers/krb5/krb5_common.c21
-rw-r--r--src/providers/krb5/krb5_common.h4
-rw-r--r--src/providers/krb5/krb5_init.c8
3 files changed, 27 insertions, 6 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index 1423b089..bc2d3fbc 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -334,6 +334,10 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
goto done;
}
+ if (!servers) {
+ servers = BE_SRV_IDENTIFIER;
+ }
+
ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL);
if (ret != EOK) {
DEBUG(1, ("Failed to parse server list!\n"));
@@ -344,6 +348,23 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
talloc_steal(service, list[i]);
server_spec = talloc_strdup(service, list[i]);
+ if (!server_spec) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ if (be_fo_is_srv_identifier(server_spec)) {
+ ret = be_fo_add_srv_server(ctx, service_name, service_name,
+ FO_PROTO_TCP, ctx->domain->name, NULL);
+ if (ret) {
+ DEBUG(0, ("Failed to add server\n"));
+ goto done;
+ }
+
+ DEBUG(6, ("Added service lookup\n"));
+ continue;
+ }
+
port_str = strrchr(server_spec, ':');
if (port_str == NULL) {
port = 0;
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index 0482ef02..12c487a9 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -40,8 +40,8 @@
#define KDCINFO_TMPL PUBCONF_PATH"/kdcinfo.%s"
#define KPASSWDINFO_TMPL PUBCONF_PATH"/kpasswdinfo.%s"
-#define SSS_KRB5KDC_FO_SRV "KRB5KDC"
-#define SSS_KRB5KPASSWD_FO_SRV "KRB5KPASSWD"
+#define SSS_KRB5KDC_FO_SRV "KERBEROS"
+#define SSS_KRB5KPASSWD_FO_SRV "KPASSWD"
enum krb5_opts {
KRB5_KDC = 0,
diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c
index 0bacb3f8..03d95260 100644
--- a/src/providers/krb5/krb5_init.c
+++ b/src/providers/krb5/krb5_init.c
@@ -90,8 +90,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC);
if (krb5_servers == NULL) {
- DEBUG(0, ("Missing krb5_kdcip option!\n"));
- return EINVAL;
+ DEBUG(1, ("Missing krb5_kdcip option, using service discovery!\n"));
}
krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM);
@@ -108,8 +107,9 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
}
krb5_kpasswd_servers = dp_opt_get_string(ctx->opts, KRB5_KPASSWD);
- if (krb5_kpasswd_servers == NULL) {
- DEBUG(0, ("Missing krb5_kpasswd option, using KDC!\n"));
+ if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) {
+ DEBUG(0, ("Missing krb5_kpasswd option and KDC set explicitly, "
+ "will use KDC for pasword change operations!\n"));
ctx->kpasswd_service = NULL;
} else {
ret = krb5_service_init(ctx, bectx, SSS_KRB5KPASSWD_FO_SRV,