diff options
Diffstat (limited to 'src/providers/ipa')
-rw-r--r-- | src/providers/ipa/ipa_common.h | 5 | ||||
-rw-r--r-- | src/providers/ipa/ipa_init.c | 6 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 33 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains.h | 18 |
4 files changed, 62 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 43ccb8e0..2af20e1d 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -112,9 +112,14 @@ struct ipa_auth_ctx { struct dp_option *ipa_options; }; +/* In server mode, each subdomain corresponds to an AD context */ + struct ipa_id_ctx { struct sdap_id_ctx *sdap_id_ctx; struct ipa_options *ipa_options; + + /* Only used with server mode */ + struct ipa_server_mode_ctx *server_mode; }; struct ipa_options { diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 7297fc93..fe13b187 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -528,6 +528,12 @@ int sssm_ipa_subdomains_init(struct be_ctx *bectx, return ret; } + ret = ipa_ad_subdom_init(bectx, id_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("ipa_ad_subdom_init failed.\n")); + return ret; + } + return EOK; } diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index a67526c8..652726da 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -925,3 +925,36 @@ int ipa_subdom_init(struct be_ctx *be_ctx, return EOK; } + +int ipa_ad_subdom_init(struct be_ctx *be_ctx, + struct ipa_id_ctx *id_ctx) +{ + char *realm; + char *hostname; + + if (dp_opt_get_bool(id_ctx->ipa_options->basic, + IPA_SERVER_MODE) == false) { + return EOK; + } + + realm = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_KRB5_REALM); + if (realm == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm for IPA?\n")); + return EINVAL; + } + + hostname = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_HOSTNAME); + if (hostname == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No host name for IPA?\n")); + return EINVAL; + } + + id_ctx->server_mode = talloc(id_ctx, struct ipa_server_mode_ctx); + if (id_ctx->server_mode == NULL) { + return ENOMEM; + } + id_ctx->server_mode->realm = realm; + id_ctx->server_mode->hostname = hostname; + + return EOK; +} diff --git a/src/providers/ipa/ipa_subdomains.h b/src/providers/ipa/ipa_subdomains.h index c9ab82a2..315ce9e0 100644 --- a/src/providers/ipa/ipa_subdomains.h +++ b/src/providers/ipa/ipa_subdomains.h @@ -38,6 +38,24 @@ int ipa_subdom_init(struct be_ctx *be_ctx, struct bet_ops **ops, void **pvt_data); +/* The following are used in server mode only */ +struct ipa_ad_server_ctx { + struct sss_domain_info *dom; + struct ad_id_ctx *ad_id_ctx; + + struct ipa_ad_server_ctx *next, *prev; +}; + +struct ipa_server_mode_ctx { + const char *realm; + const char *hostname; + + struct ipa_ad_server_ctx *trusts; +}; + +int ipa_ad_subdom_init(struct be_ctx *be_ctx, + struct ipa_id_ctx *id_ctx); + enum req_input_type { REQ_INP_NAME, REQ_INP_ID, |