diff options
-rw-r--r-- | src/man/sssd-ldap.5.xml | 8 | ||||
-rw-r--r-- | src/providers/ipa/ipa_common.c | 4 | ||||
-rw-r--r-- | src/providers/krb5/krb5_common.c | 14 | ||||
-rw-r--r-- | src/providers/krb5/krb5_common.h | 3 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.c | 14 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 2 |
6 files changed, 31 insertions, 14 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 786d5fda..3406dc46 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -909,7 +909,7 @@ </varlistentry> <varlistentry> - <term>krb5_kdcip (string)</term> + <term>krb5_server (string)</term> <listitem> <para> Specifies the list of IP addresses or hostnames @@ -928,6 +928,12 @@ SSSD first searches for DNS entries that specify _udp as the protocol and falls back to _tcp if none are found. </para> + <para> + This option was named <quote>krb5_kdcip</quote> in + earlier releases of SSSD. While the legacy name is recognized + for the time being, users are advised to migrate their config + files to use <quote>krb5_server</quote> instead. + </para> </listitem> </varlistentry> diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 346fcb38..2e7724a6 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -67,7 +67,7 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, /* use the same parm name as the krb5 module so we set it only once */ - { "krb5_kdcip", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING }, { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, @@ -460,7 +460,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, /* If there is no KDC, try the deprecated krb5_kdcip option, too */ /* FIXME - this can be removed in a future version */ - ret = krb5_try_kdcip(ipa_opts, cdb, conf_path, ipa_opts->auth); + ret = krb5_try_kdcip(ipa_opts, cdb, conf_path, ipa_opts->auth, KRB5_KDC); if (ret != EOK) { DEBUG(1, ("sss_krb5_try_kdcip failed.\n")); goto done; diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 25188c5f..9d114e34 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -184,12 +184,13 @@ errno_t check_and_export_options(struct dp_option *opts, } errno_t krb5_try_kdcip(TALLOC_CTX *memctx, struct confdb_ctx *cdb, - const char *conf_path, struct dp_option *opts) + const char *conf_path, struct dp_option *opts, + int opt_id) { char *krb5_servers = NULL; errno_t ret; - krb5_servers = dp_opt_get_string(opts, KRB5_KDC); + krb5_servers = dp_opt_get_string(opts, opt_id); if (krb5_servers == NULL) { DEBUG(4, ("No KDC found in configuration, trying legacy option\n")); ret = confdb_get_string(cdb, memctx, conf_path, @@ -201,17 +202,18 @@ errno_t krb5_try_kdcip(TALLOC_CTX *memctx, struct confdb_ctx *cdb, if (krb5_servers != NULL) { - ret = dp_opt_set_string(opts, KRB5_KDC, krb5_servers); + ret = dp_opt_set_string(opts, opt_id, krb5_servers); if (ret != EOK) { DEBUG(1, ("dp_opt_set_string failed.\n")); talloc_free(krb5_servers); return ret; } - DEBUG(9, ("Set krb5 server [%s] based on legacy krb5_kdcip option\n")); + DEBUG(9, ("Set krb5 server [%s] based on legacy krb5_kdcip option\n", + krb5_servers)); DEBUG(0, ("Your configuration uses the deprecated option 'krb5_kdcip' " "to specify the KDC. Please change the configuration to use " - "the 'krb5_server' option instead.")); + "the 'krb5_server' option instead.\n")); } } @@ -239,7 +241,7 @@ errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, /* If there is no KDC, try the deprecated krb5_kdcip option, too */ /* FIXME - this can be removed in a future version */ - ret = krb5_try_kdcip(memctx, cdb, conf_path, opts); + ret = krb5_try_kdcip(memctx, cdb, conf_path, opts, KRB5_KDC); if (ret != EOK) { DEBUG(1, ("sss_krb5_try_kdcip failed.\n")); goto done; diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index 9ca01467..a6fdd8b8 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -131,7 +131,8 @@ errno_t check_and_export_options(struct dp_option *opts, struct krb5_ctx *krb5_ctx); errno_t krb5_try_kdcip(TALLOC_CTX *memctx, struct confdb_ctx *cdb, - const char *conf_path, struct dp_option *opts); + const char *conf_path, struct dp_option *opts, + int opt_id); errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct dp_option **_opts); diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 4d9fabc4..302cfc6b 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -62,7 +62,7 @@ struct dp_option default_basic_opts[] = { { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, /* use the same parm name as the krb5 module so we set it only once */ - { "krb5_kdcip", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_pwd_policy", DP_OPT_STRING, { "none" }, NULL_STRING }, { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, @@ -381,6 +381,14 @@ int ldap_get_options(TALLOC_CTX *memctx, goto done; } + /* If there is no KDC, try the deprecated krb5_kdcip option, too */ + /* FIXME - this can be removed in a future version */ + ret = krb5_try_kdcip(memctx, cdb, conf_path, opts->basic, SDAP_KRB5_KDC); + if (ret != EOK) { + DEBUG(1, ("sss_krb5_try_kdcip failed.\n")); + goto done; + } + ret = EOK; *_opts = opts; @@ -601,9 +609,9 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, const char *krb5_realm; struct krb5_service *service = NULL; - krb5_servers = dp_opt_get_string(opts, SDAP_KRB5_KDCIP); + krb5_servers = dp_opt_get_string(opts, SDAP_KRB5_KDC); if (krb5_servers == NULL) { - DEBUG(1, ("Missing krb5_kdcip option, using service discovery!\n")); + DEBUG(1, ("Missing krb5_server option, using service discovery!\n")); } krb5_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM); diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 83bfd21b..8c629a3b 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -176,7 +176,7 @@ enum sdap_basic_opt { SDAP_SASL_AUTHID, SDAP_KRB5_KEYTAB, SDAP_KRB5_KINIT, - SDAP_KRB5_KDCIP, + SDAP_KRB5_KDC, SDAP_KRB5_REALM, SDAP_PWD_POLICY, SDAP_REFERRALS, |