summaryrefslogtreecommitdiff
path: root/src/providers/krb5
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/krb5')
-rw-r--r--src/providers/krb5/krb5_common.c135
-rw-r--r--src/providers/krb5/krb5_common.h4
-rw-r--r--src/providers/krb5/krb5_init.c4
3 files changed, 94 insertions, 49 deletions
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index 19fbd76e..ad79db9d 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -465,15 +465,15 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
return;
}
-
-int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
- const char *service_name, const char *servers,
- const char *realm, struct krb5_service **_service)
+errno_t krb5_servers_init(struct be_ctx *ctx,
+ struct krb5_service *service,
+ const char *service_name,
+ const char *servers,
+ bool primary)
{
TALLOC_CTX *tmp_ctx;
- struct krb5_service *service;
char **list = NULL;
- int ret;
+ errno_t ret;
int i;
char *port_str;
long port;
@@ -481,42 +481,14 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
char *endptr;
struct servent *servent;
- tmp_ctx = talloc_new(memctx);
+ tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
- service = talloc_zero(tmp_ctx, struct krb5_service);
- if (!service) {
- ret = ENOMEM;
- goto done;
- }
-
- ret = be_fo_add_service(ctx, service_name);
- if (ret != EOK) {
- DEBUG(1, ("Failed to create failover service!\n"));
- goto done;
- }
-
- service->name = talloc_strdup(service, service_name);
- if (!service->name) {
- ret = ENOMEM;
- goto done;
- }
-
- service->realm = talloc_strdup(service, realm);
- if (!service->realm) {
- ret = ENOMEM;
- goto done;
- }
-
- if (!servers) {
- servers = BE_SRV_IDENTIFIER;
- }
-
ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL);
if (ret != EOK) {
- DEBUG(1, ("Failed to parse server list!\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n"));
goto done;
}
@@ -533,11 +505,11 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ret = be_fo_add_srv_server(ctx, service_name, service_name, NULL,
BE_FO_PROTO_UDP, true, NULL);
if (ret) {
- DEBUG(0, ("Failed to add server\n"));
+ DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
goto done;
}
- DEBUG(6, ("Added service lookup\n"));
+ DEBUG(SSSDBG_TRACE_FUNC, ("Added service lookup\n"));
continue;
}
@@ -552,26 +524,26 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
port = strtol(port_str, &endptr, 10);
if (errno != 0) {
ret = errno;
- DEBUG(1, ("strtol failed on [%s]: [%d][%s].\n", port_str,
+ DEBUG(SSSDBG_CRIT_FAILURE, ("strtol failed on [%s]: [%d][%s].\n", port_str,
ret, strerror(ret)));
goto done;
}
if (*endptr != '\0') {
- DEBUG(1, ("Found additional characters [%s] in port number "
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Found additional characters [%s] in port number "
"[%s].\n", endptr, port_str));
ret = EINVAL;
goto done;
}
if (port < 1 || port > 65535) {
- DEBUG(1, ("Illegal port number [%d].\n", port));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Illegal port number [%d].\n", port));
ret = EINVAL;
goto done;
}
} else if (isalpha(*port_str)) {
servent = getservbyname(port_str, NULL);
if (servent == NULL) {
- DEBUG(1, ("getservbyname cannot find service [%s].\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, ("getservbyname cannot find service [%s].\n",
port_str));
ret = EINVAL;
goto done;
@@ -579,20 +551,91 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
port = servent->s_port;
} else {
- DEBUG(1, ("Unsupported port specifier in [%s].\n", list[i]));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported port specifier in [%s].\n", list[i]));
ret = EINVAL;
goto done;
}
}
ret = be_fo_add_server(ctx, service_name, server_spec, (int) port,
- list[i], true);
+ list[i], primary);
if (ret && ret != EEXIST) {
- DEBUG(0, ("Failed to add server\n"));
+ DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
goto done;
}
- DEBUG(6, ("Added Server %s\n", list[i]));
+ DEBUG(SSSDBG_TRACE_FUNC, ("Added Server %s\n", list[i]));
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
+ const char *service_name,
+ const char *primary_servers,
+ const char *backup_servers,
+ const char *realm, struct krb5_service **_service)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct krb5_service *service;
+ int ret;
+
+ tmp_ctx = talloc_new(memctx);
+ if (!tmp_ctx) {
+ return ENOMEM;
+ }
+
+ service = talloc_zero(tmp_ctx, struct krb5_service);
+ if (!service) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = be_fo_add_service(ctx, service_name);
+ if (ret != EOK) {
+ DEBUG(1, ("Failed to create failover service!\n"));
+ goto done;
+ }
+
+ service->name = talloc_strdup(service, service_name);
+ if (!service->name) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ service->realm = talloc_strdup(service, realm);
+ if (!service->realm) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ if (!primary_servers) {
+ if (backup_servers) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ ("No primary servers defined but backup are present, "
+ "setting backup servers as primary\n"));
+ primary_servers = backup_servers;
+ backup_servers = NULL;
+ } else {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ ("No primary or backup servers defined, "
+ "using service discovery\n"));
+ primary_servers = BE_SRV_IDENTIFIER;
+ }
+ }
+
+ ret = krb5_servers_init(ctx, service, service_name, primary_servers, true);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ if (backup_servers) {
+ ret = krb5_servers_init(ctx, service, service_name, backup_servers, false);
+ if (ret != EOK) {
+ goto done;
+ }
}
ret = be_fo_service_add_callback(memctx, ctx, service_name,
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index 589b866b..337fcf55 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -147,7 +147,9 @@ errno_t write_krb5info_file(const char *realm, const char *kdc,
const char *service);
int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
- const char *service_name, const char *servers,
+ const char *service_name,
+ const char *primary_servers,
+ const char *backup_servers,
const char *realm, struct krb5_service **_service);
void remove_krb5_info_files_callback(void *pvt);
diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c
index 39635e4e..60c18a8f 100644
--- a/src/providers/krb5/krb5_init.c
+++ b/src/providers/krb5/krb5_init.c
@@ -109,7 +109,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
}
ret = krb5_service_init(ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers,
- krb5_realm, &ctx->service);
+ NULL, krb5_realm, &ctx->service);
if (ret != EOK) {
DEBUG(0, ("Failed to init KRB5 failover service!\n"));
return ret;
@@ -122,7 +122,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx,
ctx->kpasswd_service = NULL;
} else {
ret = krb5_service_init(ctx, bectx, SSS_KRB5KPASSWD_FO_SRV,
- krb5_kpasswd_servers, krb5_realm,
+ krb5_kpasswd_servers, NULL, krb5_realm,
&ctx->kpasswd_service);
if (ret != EOK) {
DEBUG(0, ("Failed to init KRB5KPASSWD failover service!\n"));