summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/providers/ldap/ldap_common.c171
-rw-r--r--src/providers/ldap/ldap_common.h9
-rw-r--r--src/providers/ldap/ldap_init.c7
-rw-r--r--src/providers/ldap/sdap_async.c2
4 files changed, 1 insertions, 188 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 978e2327..14bdd285 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -349,173 +349,11 @@ void sdap_handler_done(struct be_req *req, int dp_err,
return req->fn(req, dp_err, error, errstr);
}
-bool sdap_connected(struct sdap_id_ctx *ctx)
-{
- if (ctx->gsh) {
- return ctx->gsh->connected;
- }
-
- return false;
-}
-
void sdap_mark_offline(struct sdap_id_ctx *ctx)
{
- int ret;
-
- if (ctx->gsh) {
- /* make sure we mark the connection as gone when we go offline so that
- * we do not try to reuse a bad connection by mistale later */
- ctx->gsh->connected = false;
- ret = remove_ldap_connection_callbacks(ctx->gsh);
- if (ret != EOK) {
- DEBUG(1, ("Could not clear ldap connection callbacks\n"));
- /* Not really anything we can do about this, so proceed
- * and hope for the best.
- */
- }
- }
-
be_mark_offline(ctx->be);
}
-bool sdap_check_gssapi_reconnect(struct sdap_id_ctx *ctx)
-{
- int ret;
- bool result = false;
- const char *mech;
- const char *realm;
- char *ccname = NULL;
- krb5_context context = NULL;
- krb5_ccache ccache = NULL;
- krb5_error_code krberr;
- TALLOC_CTX *tmp_ctx = NULL;
- krb5_creds mcred;
- krb5_creds cred;
- char *server_name = NULL;
- char *client_princ_str = NULL;
- char *full_princ = NULL;
- krb5_principal client_principal = NULL;
- krb5_principal server_principal = NULL;
- char hostname[512];
- int l_errno;
-
-
- mech = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_MECH);
- if (mech == NULL || strcasecmp(mech, "GSSAPI") != 0) {
- return false;
- }
-
- realm = dp_opt_get_string(ctx->opts->basic, SDAP_KRB5_REALM);
- if (realm == NULL) {
- DEBUG(3, ("Kerberos realm not available.\n"));
- return false;
- }
-
- tmp_ctx = talloc_new(NULL);
- if (tmp_ctx == NULL) {
- DEBUG(1, ("talloc_new failed.\n"));
- return false;
- }
-
- ccname = talloc_asprintf(tmp_ctx, "FILE:%s/ccache_%s", DB_PATH, realm);
- if (ccname == NULL) {
- DEBUG(1, ("talloc_asprintf failed.\n"));
- goto done;
- }
-
- krberr = krb5_init_context(&context);
- if (krberr) {
- DEBUG(1, ("Failed to init kerberos context\n"));
- goto done;
- }
-
- krberr = krb5_cc_resolve(context, ccname, &ccache);
- if (krberr != 0) {
- DEBUG(1, ("krb5_cc_resolve failed.\n"));
- goto done;
- }
-
- server_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm);
- if (server_name == NULL) {
- DEBUG(1, ("talloc_asprintf failed.\n"));
- goto done;
- }
-
- krberr = krb5_parse_name(context, server_name, &server_principal);
- if (krberr != 0) {
- DEBUG(1, ("krb5_parse_name failed.\n"));
- goto done;
- }
-
- client_princ_str = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_AUTHID);
- if (client_princ_str) {
- if (!strchr(client_princ_str, '@')) {
- full_princ = talloc_asprintf(tmp_ctx, "%s@%s", client_princ_str,
- realm);
- } else {
- full_princ = talloc_strdup(tmp_ctx, client_princ_str);
- }
- } else {
- ret = gethostname(hostname, sizeof(hostname)-1);
- if (ret == -1) {
- l_errno = errno;
- DEBUG(1, ("gethostname failed [%d][%s].\n", l_errno,
- strerror(l_errno)));
- goto done;
- }
- hostname[sizeof(hostname)-1] = '\0';
-
- full_princ = talloc_asprintf(tmp_ctx, "host/%s@%s", hostname, realm);
- }
- if (!full_princ) {
- DEBUG(1, ("Client principal not available.\n"));
- goto done;
- }
- DEBUG(7, ("Client principal name is: [%s]\n", full_princ));
- krberr = krb5_parse_name(context, full_princ, &client_principal);
- if (krberr != 0) {
- DEBUG(1, ("krb5_parse_name failed.\n"));
- goto done;
- }
-
- memset(&mcred, 0, sizeof(mcred));
- memset(&cred, 0, sizeof(mcred));
- mcred.client = client_principal;
- mcred.server = server_principal;
-
- krberr = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
- if (krberr != 0) {
- DEBUG(1, ("krb5_cc_retrieve_cred failed.\n"));
- goto done;
- }
-
- DEBUG(7, ("TGT end time [%d].\n", cred.times.endtime));
-
- if (cred.times.endtime <= time(NULL)) {
- DEBUG(3, ("TGT is expired.\n"));
- result = true;
- }
- krb5_free_cred_contents(context, &cred);
-
-done:
- if (client_principal != NULL) {
- krb5_free_principal(context, client_principal);
- }
- if (server_principal != NULL) {
- krb5_free_principal(context, server_principal);
- }
- if (ccache != NULL) {
- if (result) {
- krb5_cc_destroy(context, ccache);
- } else {
- krb5_cc_close(context, ccache);
- }
- }
- if (context != NULL) krb5_free_context(context);
- talloc_free(tmp_ctx);
- return result;
-}
-
int sdap_id_setup_tasks(struct sdap_id_ctx *ctx)
{
struct timeval tv;
@@ -683,12 +521,3 @@ done:
talloc_zfree(tmp_ctx);
return ret;
}
-
-void sdap_gsh_disconnect_callback(void *pvt)
-{
- struct sdap_id_ctx *ctx = talloc_get_type(pvt, struct sdap_id_ctx);
-
- if (ctx->gsh) {
- ctx->gsh->connected = false;
- }
-}
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index ebf578e9..5b7298bc 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -42,12 +42,6 @@ struct sdap_id_ctx {
struct fo_service *fo_service;
struct sdap_service *service;
- /* what rootDSE returns */
- struct sysdb_attrs *rootDSE;
-
- /* global sdap handler */
- struct sdap_handle *gsh;
-
/* LDAP connection cache */
struct sdap_id_conn_cache *conn_cache;
@@ -98,9 +92,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
int ldap_id_enumerate_set_timer(struct sdap_id_ctx *ctx, struct timeval tv);
int ldap_id_cleanup_set_timer(struct sdap_id_ctx *ctx, struct timeval tv);
-bool sdap_connected(struct sdap_id_ctx *ctx);
void sdap_mark_offline(struct sdap_id_ctx *ctx);
-bool sdap_check_gssapi_reconnect(struct sdap_id_ctx *ctx);
struct tevent_req *users_get_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
@@ -121,5 +113,4 @@ int groups_get_recv(struct tevent_req *req, int *dp_error_out);
/* setup child logging */
int setup_child(struct sdap_id_ctx *ctx);
-void sdap_gsh_disconnect_callback(void *pvt);
#endif /* _LDAP_COMMON_H_ */
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index b7b04f4c..b0b967d0 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -105,13 +105,6 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
goto done;
}
- ret = be_add_offline_cb(ctx, bectx, sdap_gsh_disconnect_callback, ctx,
- NULL);
- if (ret != EOK) {
- DEBUG(1, ("be_add_offline_cb failed.\n"));
- goto done;
- }
-
ret = sdap_id_conn_cache_create(ctx, ctx->be,
ctx->opts, ctx->service,
&ctx->conn_cache);
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 18f2bc0c..77b7b5e1 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -110,7 +110,7 @@ static void sdap_handle_release(struct sdap_handle *sh)
/* make sure nobody tries to reuse this connection from now on */
sh->connected = false;
- talloc_zfree(sh->sdap_fd_events);
+ remove_ldap_connection_callbacks(sh);
while (sh->ops) {
op = sh->ops;