summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJan Zeleny <jzeleny@redhat.com>2012-06-05 08:43:40 -0400
committerJakub Hrozek <jhrozek@redhat.com>2012-08-01 16:19:41 +0200
commitb418d3b65c95f02b82268188f17d27fc1b1b49f0 (patch)
treed353b1dc9b930f3feaf847bfbcd5c201a9dbf017 /src
parent1ecdcf622920781a95e3d2040a2aad9ac2e31260 (diff)
downloadsssd-b418d3b65c95f02b82268188f17d27fc1b1b49f0.tar.gz
sssd-b418d3b65c95f02b82268188f17d27fc1b1b49f0.tar.bz2
sssd-b418d3b65c95f02b82268188f17d27fc1b1b49f0.zip
Primary server support: krb5 adaptation
This patch adds support for the primary server functionality into krb5 provider. No backup servers are added at the moment, just the basic support is in place.
Diffstat (limited to 'src')
-rw-r--r--src/providers/krb5/krb5_common.c135
-rw-r--r--src/providers/krb5/krb5_common.h4
-rw-r--r--src/providers/krb5/krb5_init.c4
3 files changed, 94 insertions, 49 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index 19fbd76e..ad79db9d 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -465,15 +465,15 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
return;
}
-
-int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
- const char *service_name, const char *servers,
- const char *realm, struct krb5_service **_service)
+errno_t krb5_servers_init(struct be_ctx *ctx,
+ struct krb5_service *service,
+ const char *service_name,
+ const char *servers,
+ bool primary)
{
TALLOC_CTX *tmp_ctx;
- struct krb5_service *service;
char **list = NULL;
- int ret;
+ errno_t ret;
int i;
char *port_str;
long port;
@@ -481,42 +481,14 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
char *endptr;
struct servent *servent;
- tmp_ctx = talloc_new(memctx);
+ tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
- service = talloc_zero(tmp_ctx, struct krb5_service);
- if (!service) {
- ret = ENOMEM;
- goto done;
- }
-
- ret = be_fo_add_service(ctx, service_name);
- if (ret != EOK) {
- DEBUG(1, ("Failed to create failover service!\n"));
- goto done;
- }
-
- service->name = talloc_strdup(service, service_name);
- if (!service->name) {
- ret = ENOMEM;
- goto done;
- }
-
- service->realm = talloc_strdup(service, realm);
- if (!service->realm) {
- ret = ENOMEM;
- goto done;
- }
-
- if (!servers) {
- servers = BE_SRV_IDENTIFIER;
- }
-
ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL);
if (ret != EOK) {
- DEBUG(1, ("Failed to parse server list!\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n"));
goto done;
}
@@ -533,11 +505,11 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ret = be_fo_add_srv_server(ctx, service_name, service_name, NULL,
BE_FO_PROTO_UDP, true, NULL);
if (ret) {
- DEBUG(0, ("Failed to add server\n"));
+ DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
goto done;
}
- DEBUG(6, ("Added service lookup\n"));
+ DEBUG(SSSDBG_TRACE_FUNC, ("Added service lookup\n"));
continue;
}
@@ -552,26 +524,26 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
port = strtol(port_str, &endptr, 10);
if (errno != 0) {
ret = errno;
- DEBUG(1, ("strtol failed on [%s]: [%d][%s].\n", port_str,
+ DEBUG(SSSDBG_CRIT_FAILURE, ("strtol failed on [%s]: [%d][%s].\n", port_str,
ret, strerror(ret)));
goto done;
}
if (*endptr != '\0') {
- DEBUG(1, ("Found additional characters [%s] in port number "
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Found additional characters [%s] in port number "
"[%s].\n", endptr, port_str));
ret = EINVAL;
goto done;
}
if (port < 1 || port > 65535) {
- DEBUG(1, ("Illegal port number [%d].\n", port));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Illegal port number [%d].\n", port));
ret = EINVAL;
goto done;
}
} else if (isalpha(*port_str)) {
servent = getservbyname(port_str, NULL);
if (servent == NULL) {
- DEBUG(1, ("getservbyname cannot find service [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, ("getservbyname cannot find service [%s].\n",
port_str));
ret = EINVAL;
goto done;
@@ -579,20 +551,91 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
port = servent->s_port;
} else {
- DEBUG(1, ("Unsupported port specifier in [%s].\n", list[i]));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported port specifier in [%s].\n", list[i]));
ret = EINVAL;
goto done;
}
}
ret = be_fo_add_server(ctx, service_name, server_spec, (int) port,
- list[i], true);
+ list[i], primary);
if (ret && ret != EEXIST) {
- DEBUG(0, ("Failed to add server\n"));
+ DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
goto done;
}
- DEBUG(6, ("Added Server %s\n", list[i]));
+ DEBUG(SSSDBG_TRACE_FUNC, ("Added Server %s\n", list[i]));
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
+ const char *service_name,
+ const char *primary_servers,
+ const char *backup_servers,
+ const char *realm, struct krb5_service **_service)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct krb5_service *service;
+ int ret;
+
+ tmp_ctx = talloc_new(memctx);
+ if (!tmp_ctx) {
+ return ENOMEM;
+ }
+
+ service = talloc_zero(tmp_ctx, struct krb5_service);
+ if (!service) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = be_fo_add_service(ctx, service_name);
+ if (ret != EOK) {
+ DEBUG(1, ("Failed to create failover service!\n"));
+ goto done;
+ }
+
+ service->name = talloc_strdup(service, service_name);
+ if (!service->name) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ service->realm = talloc_strdup(service, realm);
+ if (!service->realm) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ if (!primary_servers) {
+ if (backup_servers) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ ("No primary servers defined but backup are present, "
+ "setting backup servers as primary\n"));
+ primary_servers = backup_servers;
+ backup_servers = NULL;
+ } else {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ ("No primary or backup servers defined, "
+ "using service discovery\n"));
+ primary_servers = BE_SRV_IDENTIFIER;
+ }
+ }
+
+ ret = krb5_servers_init(ctx, service, service_name, primary_servers, true);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ if (backup_servers) {
+ ret = krb5_servers_init(ctx, service, service_name, backup_servers, false);
+ if (ret != EOK) {
+ goto done;
+ }
}
ret = be_fo_service_add_callback(memctx, ctx, service_name,
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index 589b866b..337fcf55 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -147,7 +147,9 @@ errno_t write_krb5info_file(const char *realm, const char *kdc,
const char *service);
int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
- const char *service_name, const char *servers,
+ const char *service_name,
+ const char *primary_servers,
+ const char *backup_servers,
const char *realm, struct krb5_service **_service);
void remove_krb5_info_files_callback(void *pvt);
diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c
index 39635e4e..60c18a8f 100644
--- a/src/providers/krb5/krb5_init.c
+++ b/src/providers/krb5/krb5_init.c
@@ -109,7 +109,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
}
ret = krb5_service_init(ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers,
- krb5_realm, &ctx->service);
+ NULL, krb5_realm, &ctx->service);
if (ret != EOK) {
DEBUG(0, ("Failed to init KRB5 failover service!\n"));
return ret;
@@ -122,7 +122,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx->kpasswd_service = NULL;
} else {
ret = krb5_service_init(ctx, bectx, SSS_KRB5KPASSWD_FO_SRV,
- krb5_kpasswd_servers, krb5_realm,
+ krb5_kpasswd_servers, NULL, krb5_realm,
&ctx->kpasswd_service);
if (ret != EOK) {
DEBUG(0, ("Failed to init KRB5KPASSWD failover service!\n"));