summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-06-19 10:49:05 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-28 22:22:20 +0200
commit59415636c92c6e9764ddc65a85ad61002310519d (patch)
tree176d77e04b0ab1bf986bfa343d38c5675115be32 /src
parentebc6ab564dc2a0a2b08c42d727fc403dde4a2dc9 (diff)
downloadsssd-59415636c92c6e9764ddc65a85ad61002310519d.tar.gz
sssd-59415636c92c6e9764ddc65a85ad61002310519d.tar.bz2
sssd-59415636c92c6e9764ddc65a85ad61002310519d.zip
AD: initialize failover with custom realm, domain and failover service
This is needed so we can initialize failover using IPA realm and on-the-fly discovered DNS domain. The subdomains discovered on-thefly will use the subdomain name for realm, domain and failover service to avoid conflicts. Subtaks of: https://fedorahosted.org/sssd/ticket/1962
Diffstat (limited to 'src')
-rw-r--r--src/providers/ad/ad_common.c58
-rw-r--r--src/providers/ad/ad_common.h5
-rw-r--r--src/providers/ad/ad_init.c6
3 files changed, 41 insertions, 28 deletions
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index 2f87bc63..700ac033 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -356,14 +356,15 @@ static errno_t
_ad_servers_init(TALLOC_CTX *mem_ctx,
struct ad_service *service,
struct be_ctx *bectx,
+ const char *fo_service,
+ const char *fo_gc_service,
const char *servers,
- struct ad_options *options,
+ const char *ad_domain,
bool primary)
{
size_t i;
errno_t ret = 0;
char **list;
- char *ad_domain;
struct ad_server_data *sdata;
TALLOC_CTX *tmp_ctx;
@@ -377,8 +378,6 @@ _ad_servers_init(TALLOC_CTX *mem_ctx,
goto done;
}
- ad_domain = dp_opt_get_string(options->basic, AD_DOMAIN);
-
/* Add each of these servers to the failover service */
for (i = 0; list[i]; i++) {
if (be_fo_is_srv_identifier(list[i])) {
@@ -397,7 +396,7 @@ _ad_servers_init(TALLOC_CTX *mem_ctx,
}
sdata->gc = true;
- ret = be_fo_add_srv_server(bectx, AD_GC_SERVICE_NAME, "gc",
+ ret = be_fo_add_srv_server(bectx, fo_gc_service, "gc",
ad_domain, BE_FO_PROTO_TCP,
false, sdata);
if (ret != EOK) {
@@ -414,7 +413,7 @@ _ad_servers_init(TALLOC_CTX *mem_ctx,
}
sdata->gc = false;
- ret = be_fo_add_srv_server(bectx, AD_SERVICE_NAME, "ldap",
+ ret = be_fo_add_srv_server(bectx, fo_service, "ldap",
ad_domain, BE_FO_PROTO_TCP,
false, sdata);
if (ret != EOK) {
@@ -442,7 +441,7 @@ _ad_servers_init(TALLOC_CTX *mem_ctx,
}
sdata->gc = true;
- ret = be_fo_add_server(bectx, AD_SERVICE_NAME, list[i], 0, sdata, primary);
+ ret = be_fo_add_server(bectx, fo_service, list[i], 0, sdata, primary);
if (ret && ret != EEXIST) {
DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
goto done;
@@ -455,7 +454,7 @@ _ad_servers_init(TALLOC_CTX *mem_ctx,
}
sdata->gc = false;
- ret = be_fo_add_server(bectx, AD_SERVICE_NAME, list[i], 0, sdata, primary);
+ ret = be_fo_add_server(bectx, fo_service, list[i], 0, sdata, primary);
if (ret && ret != EEXIST) {
DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
goto done;
@@ -471,17 +470,21 @@ done:
static inline errno_t
ad_primary_servers_init(TALLOC_CTX *mem_ctx, struct ad_service *service,
struct be_ctx *bectx, const char *servers,
- struct ad_options *options)
+ const char *fo_service, const char *fo_gc_service,
+ const char *ad_domain)
{
- return _ad_servers_init(mem_ctx, service, bectx, servers, options, true);
+ return _ad_servers_init(mem_ctx, service, bectx, fo_service,
+ fo_gc_service, servers, ad_domain, true);
}
static inline errno_t
ad_backup_servers_init(TALLOC_CTX *mem_ctx, struct ad_service *service,
struct be_ctx *bectx, const char *servers,
- struct ad_options *options)
+ const char *fo_service, const char *fo_gc_service,
+ const char *ad_domain)
{
- return _ad_servers_init(mem_ctx, service, bectx, servers, options, false);
+ return _ad_servers_init(mem_ctx, service, bectx, fo_service,
+ fo_gc_service, servers, ad_domain, false);
}
static int ad_user_data_cmp(void *ud1, void *ud2)
@@ -522,13 +525,15 @@ errno_t
ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
const char *primary_servers,
const char *backup_servers,
- struct ad_options *options,
+ const char *krb5_realm,
+ const char *ad_service,
+ const char *ad_gc_service,
+ const char *ad_domain,
struct ad_service **_service)
{
errno_t ret;
TALLOC_CTX *tmp_ctx;
struct ad_service *service;
- char *realm;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) return ENOMEM;
@@ -546,8 +551,8 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
goto done;
}
- service->sdap->name = talloc_strdup(service->sdap, AD_SERVICE_NAME);
- service->gc->name = talloc_strdup(service->gc, AD_GC_SERVICE_NAME);
+ service->sdap->name = talloc_strdup(service->sdap, ad_service);
+ service->gc->name = talloc_strdup(service->gc, ad_gc_service);
if (!service->sdap->name || !service->gc->name) {
ret = ENOMEM;
goto done;
@@ -559,20 +564,20 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
goto done;
}
- ret = be_fo_add_service(bectx, AD_SERVICE_NAME, ad_user_data_cmp);
+ ret = be_fo_add_service(bectx, ad_service, ad_user_data_cmp);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create failover service!\n"));
goto done;
}
- ret = be_fo_add_service(bectx, AD_GC_SERVICE_NAME, ad_user_data_cmp);
+ ret = be_fo_add_service(bectx, ad_gc_service, ad_user_data_cmp);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create GC failover service!\n"));
goto done;
}
service->krb5_service->name = talloc_strdup(service->krb5_service,
- AD_SERVICE_NAME);
+ ad_service);
if (!service->krb5_service->name) {
ret = ENOMEM;
goto done;
@@ -580,14 +585,13 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
service->sdap->kinit_service_name = service->krb5_service->name;
service->gc->kinit_service_name = service->krb5_service->name;
- realm = dp_opt_get_string(options->basic, AD_KRB5_REALM);
- if (!realm) {
+ if (!krb5_realm) {
DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm set\n"));
ret = EINVAL;
goto done;
}
service->krb5_service->realm =
- talloc_strdup(service->krb5_service, realm);
+ talloc_strdup(service->krb5_service, krb5_realm);
if (!service->krb5_service->realm) {
ret = ENOMEM;
goto done;
@@ -600,14 +604,16 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
}
ret = ad_primary_servers_init(mem_ctx, service, bectx,
- primary_servers, options);
+ primary_servers, ad_service,
+ ad_gc_service, ad_domain);
if (ret != EOK) {
goto done;
}
if (backup_servers) {
ret = ad_backup_servers_init(mem_ctx, service, bectx,
- backup_servers, options);
+ backup_servers, ad_service,
+ ad_gc_service, ad_domain);
if (ret != EOK) {
goto done;
}
@@ -619,7 +625,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
return ret;
}
- ret = be_fo_service_add_callback(mem_ctx, bectx, AD_SERVICE_NAME,
+ ret = be_fo_service_add_callback(mem_ctx, bectx, ad_service,
ad_resolve_callback, service);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
@@ -627,7 +633,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
goto done;
}
- ret = be_fo_service_add_callback(mem_ctx, bectx, AD_GC_SERVICE_NAME,
+ ret = be_fo_service_add_callback(mem_ctx, bectx, ad_gc_service,
ad_resolve_callback, service);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index 11075423..98aeb216 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -90,7 +90,10 @@ errno_t
ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx,
const char *primary_servers,
const char *backup_servers,
- struct ad_options *options,
+ const char *krb5_realm,
+ const char *ad_service,
+ const char *ad_gc_service,
+ const char *ad_domain,
struct ad_service **_service);
errno_t
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
index 5efe05e6..c5d3fac2 100644
--- a/src/providers/ad/ad_init.c
+++ b/src/providers/ad/ad_init.c
@@ -71,6 +71,7 @@ common_ad_init(struct be_ctx *bectx)
errno_t ret;
char *ad_servers = NULL;
char *ad_backup_servers = NULL;
+ char *ad_realm;
/* Get AD-specific options */
ret = ad_get_common_options(bectx, bectx->cdb,
@@ -86,9 +87,12 @@ common_ad_init(struct be_ctx *bectx)
ad_servers = dp_opt_get_string(ad_options->basic, AD_SERVER);
ad_backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER);
+ ad_realm = dp_opt_get_string(ad_options->basic, AD_KRB5_REALM);
/* Set up the failover service */
- ret = ad_failover_init(ad_options, bectx, ad_servers, ad_backup_servers, ad_options,
+ ret = ad_failover_init(ad_options, bectx, ad_servers, ad_backup_servers, ad_realm,
+ AD_SERVICE_NAME, AD_GC_SERVICE_NAME,
+ dp_opt_get_string(ad_options->basic, AD_DOMAIN),
&ad_options->service);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,