diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/ldap_common.c | 171 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.h | 9 | ||||
-rw-r--r-- | src/providers/ldap/ldap_init.c | 7 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.c | 2 |
4 files changed, 1 insertions, 188 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 978e2327..14bdd285 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -349,173 +349,11 @@ void sdap_handler_done(struct be_req *req, int dp_err, return req->fn(req, dp_err, error, errstr); } -bool sdap_connected(struct sdap_id_ctx *ctx) -{ - if (ctx->gsh) { - return ctx->gsh->connected; - } - - return false; -} - void sdap_mark_offline(struct sdap_id_ctx *ctx) { - int ret; - - if (ctx->gsh) { - /* make sure we mark the connection as gone when we go offline so that - * we do not try to reuse a bad connection by mistale later */ - ctx->gsh->connected = false; - ret = remove_ldap_connection_callbacks(ctx->gsh); - if (ret != EOK) { - DEBUG(1, ("Could not clear ldap connection callbacks\n")); - /* Not really anything we can do about this, so proceed - * and hope for the best. - */ - } - } - be_mark_offline(ctx->be); } -bool sdap_check_gssapi_reconnect(struct sdap_id_ctx *ctx) -{ - int ret; - bool result = false; - const char *mech; - const char *realm; - char *ccname = NULL; - krb5_context context = NULL; - krb5_ccache ccache = NULL; - krb5_error_code krberr; - TALLOC_CTX *tmp_ctx = NULL; - krb5_creds mcred; - krb5_creds cred; - char *server_name = NULL; - char *client_princ_str = NULL; - char *full_princ = NULL; - krb5_principal client_principal = NULL; - krb5_principal server_principal = NULL; - char hostname[512]; - int l_errno; - - - mech = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_MECH); - if (mech == NULL || strcasecmp(mech, "GSSAPI") != 0) { - return false; - } - - realm = dp_opt_get_string(ctx->opts->basic, SDAP_KRB5_REALM); - if (realm == NULL) { - DEBUG(3, ("Kerberos realm not available.\n")); - return false; - } - - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - DEBUG(1, ("talloc_new failed.\n")); - return false; - } - - ccname = talloc_asprintf(tmp_ctx, "FILE:%s/ccache_%s", DB_PATH, realm); - if (ccname == NULL) { - DEBUG(1, ("talloc_asprintf failed.\n")); - goto done; - } - - krberr = krb5_init_context(&context); - if (krberr) { - DEBUG(1, ("Failed to init kerberos context\n")); - goto done; - } - - krberr = krb5_cc_resolve(context, ccname, &ccache); - if (krberr != 0) { - DEBUG(1, ("krb5_cc_resolve failed.\n")); - goto done; - } - - server_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm); - if (server_name == NULL) { - DEBUG(1, ("talloc_asprintf failed.\n")); - goto done; - } - - krberr = krb5_parse_name(context, server_name, &server_principal); - if (krberr != 0) { - DEBUG(1, ("krb5_parse_name failed.\n")); - goto done; - } - - client_princ_str = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_AUTHID); - if (client_princ_str) { - if (!strchr(client_princ_str, '@')) { - full_princ = talloc_asprintf(tmp_ctx, "%s@%s", client_princ_str, - realm); - } else { - full_princ = talloc_strdup(tmp_ctx, client_princ_str); - } - } else { - ret = gethostname(hostname, sizeof(hostname)-1); - if (ret == -1) { - l_errno = errno; - DEBUG(1, ("gethostname failed [%d][%s].\n", l_errno, - strerror(l_errno))); - goto done; - } - hostname[sizeof(hostname)-1] = '\0'; - - full_princ = talloc_asprintf(tmp_ctx, "host/%s@%s", hostname, realm); - } - if (!full_princ) { - DEBUG(1, ("Client principal not available.\n")); - goto done; - } - DEBUG(7, ("Client principal name is: [%s]\n", full_princ)); - krberr = krb5_parse_name(context, full_princ, &client_principal); - if (krberr != 0) { - DEBUG(1, ("krb5_parse_name failed.\n")); - goto done; - } - - memset(&mcred, 0, sizeof(mcred)); - memset(&cred, 0, sizeof(mcred)); - mcred.client = client_principal; - mcred.server = server_principal; - - krberr = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred); - if (krberr != 0) { - DEBUG(1, ("krb5_cc_retrieve_cred failed.\n")); - goto done; - } - - DEBUG(7, ("TGT end time [%d].\n", cred.times.endtime)); - - if (cred.times.endtime <= time(NULL)) { - DEBUG(3, ("TGT is expired.\n")); - result = true; - } - krb5_free_cred_contents(context, &cred); - -done: - if (client_principal != NULL) { - krb5_free_principal(context, client_principal); - } - if (server_principal != NULL) { - krb5_free_principal(context, server_principal); - } - if (ccache != NULL) { - if (result) { - krb5_cc_destroy(context, ccache); - } else { - krb5_cc_close(context, ccache); - } - } - if (context != NULL) krb5_free_context(context); - talloc_free(tmp_ctx); - return result; -} - int sdap_id_setup_tasks(struct sdap_id_ctx *ctx) { struct timeval tv; @@ -683,12 +521,3 @@ done: talloc_zfree(tmp_ctx); return ret; } - -void sdap_gsh_disconnect_callback(void *pvt) -{ - struct sdap_id_ctx *ctx = talloc_get_type(pvt, struct sdap_id_ctx); - - if (ctx->gsh) { - ctx->gsh->connected = false; - } -} diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index ebf578e9..5b7298bc 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -42,12 +42,6 @@ struct sdap_id_ctx { struct fo_service *fo_service; struct sdap_service *service; - /* what rootDSE returns */ - struct sysdb_attrs *rootDSE; - - /* global sdap handler */ - struct sdap_handle *gsh; - /* LDAP connection cache */ struct sdap_id_conn_cache *conn_cache; @@ -98,9 +92,7 @@ int ldap_get_options(TALLOC_CTX *memctx, int ldap_id_enumerate_set_timer(struct sdap_id_ctx *ctx, struct timeval tv); int ldap_id_cleanup_set_timer(struct sdap_id_ctx *ctx, struct timeval tv); -bool sdap_connected(struct sdap_id_ctx *ctx); void sdap_mark_offline(struct sdap_id_ctx *ctx); -bool sdap_check_gssapi_reconnect(struct sdap_id_ctx *ctx); struct tevent_req *users_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, @@ -121,5 +113,4 @@ int groups_get_recv(struct tevent_req *req, int *dp_error_out); /* setup child logging */ int setup_child(struct sdap_id_ctx *ctx); -void sdap_gsh_disconnect_callback(void *pvt); #endif /* _LDAP_COMMON_H_ */ diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index b7b04f4c..b0b967d0 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -105,13 +105,6 @@ int sssm_ldap_id_init(struct be_ctx *bectx, goto done; } - ret = be_add_offline_cb(ctx, bectx, sdap_gsh_disconnect_callback, ctx, - NULL); - if (ret != EOK) { - DEBUG(1, ("be_add_offline_cb failed.\n")); - goto done; - } - ret = sdap_id_conn_cache_create(ctx, ctx->be, ctx->opts, ctx->service, &ctx->conn_cache); diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 18f2bc0c..77b7b5e1 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -110,7 +110,7 @@ static void sdap_handle_release(struct sdap_handle *sh) /* make sure nobody tries to reuse this connection from now on */ sh->connected = false; - talloc_zfree(sh->sdap_fd_events); + remove_ldap_connection_callbacks(sh); while (sh->ops) { op = sh->ops; |