From 43133b835fe97592eba30344805177faab9fb644 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 15 Jun 2009 15:06:40 +0200 Subject: added kerberos locator plugin --- server/Makefile.am | 14 +++ server/conf_macros.m4 | 14 ++- server/configure.ac | 2 + server/external/krb5.m4 | 11 +++ server/krb5_plugin/sssd_krb5_locator_plugin.c | 131 ++++++++++++++++++++++++++ server/krb5_plugin/sssd_krb5_locator_plugin.h | 8 ++ sssd.spec.in | 5 +- 7 files changed, 183 insertions(+), 2 deletions(-) create mode 100644 server/external/krb5.m4 create mode 100644 server/krb5_plugin/sssd_krb5_locator_plugin.c create mode 100644 server/krb5_plugin/sssd_krb5_locator_plugin.h diff --git a/server/Makefile.am b/server/Makefile.am index bed9060b..b15c2306 100644 --- a/server/Makefile.am +++ b/server/Makefile.am @@ -3,6 +3,7 @@ topdir=. sssdlibexecdir = $(libexecdir)/sssd sssdlibdir = $(libdir)/sssd ldblibdir = $(libdir)/ldb +krb5plugindir = @krb5pluginpath@ sssdconfdir = $(sysconfdir)/sssd dbusintrospectdir = $(datarootdir)/sssd/introspect dbuspolicydir = $(sysconfdir)/dbus-1/system.d @@ -80,6 +81,9 @@ sssdlib_LTLIBRARIES = \ ldblib_LTLIBRARIES = \ memberof.la +krb5plugin_LTLIBRARIES = \ + sssd_krb5_locator_plugin.la + noinst_LTLIBRARIES = \ libsss_crypt.la libsss_crypt_la_SOURCES = \ @@ -208,6 +212,7 @@ dist_noinst_HEADERS = \ providers/dp_backend.h \ providers/providers.h \ tools/tools_util.h \ + krb5_plugin/sssd_krb5_locator_plugin.h \ $(infopipe_headers) \ $(polkit_headers) @@ -403,6 +408,15 @@ memberof_la_LDFLAGS = \ -avoid-version \ -module +sssd_krb5_locator_plugin_la_SOURCES = \ + krb5_plugin/sssd_krb5_locator_plugin.c +sssd_krb5_locator_plugin_la_CFLAGS = \ + $(AM_CFLAGS) \ + $(KRB5_CFLAGS) +sssd_krb5_locator_plugin_la_LDFLAGS = \ + -avoid-version \ + -module + ############ # MANPAGES # ############ diff --git a/server/conf_macros.m4 b/server/conf_macros.m4 index 7e230bbf..c67b47b0 100644 --- a/server/conf_macros.m4 +++ b/server/conf_macros.m4 @@ -132,7 +132,6 @@ AC_DEFUN([WITH_INIT_DIR], AC_SUBST(initdir) ]) - AC_DEFUN([WITH_SHADOW_UTILS_PATH], [ AC_ARG_WITH([shadow-utils-path], [AC_HELP_STRING([--with-shadow-utils-path=PATH], @@ -177,3 +176,16 @@ AC_DEFUN([WITH_XML_CATALOG], AC_SUBST([SGML_CATALOG_FILES]) ]) +AC_DEFUN([WITH_KRB5_PLUGIN_PATH], + [ AC_ARG_WITH([krb5-plugin-path], + [AC_HELP_STRING([--with-krb5-plugin-path=PATH], + [Path to kerberos plugin store [/usr/lib/krb5/plugins/libkrb5]] + ) + ] + ) + krb5pluginpath="${libdir}/krb5/plugins/libkrb5" + if test x"$with_krb5_plugin_path" != x; then + krb5pluginpath=$with_krb5_plugin_path + fi + AC_SUBST(krb5pluginpath) + ]) diff --git a/server/configure.ac b/server/configure.ac index 88032766..facefe27 100644 --- a/server/configure.ac +++ b/server/configure.ac @@ -49,6 +49,7 @@ WITH_INIT_DIR WITH_SHADOW_UTILS_PATH WITH_MANPAGES WITH_XML_CATALOG +WITH_KRB5_PLUGIN_PATH m4_include([external/pkg.m4]) m4_include([external/libpopt.m4]) @@ -59,6 +60,7 @@ m4_include([external/libldb.m4]) m4_include([external/pam.m4]) m4_include([external/ldap.m4]) m4_include([external/libpcre.m4]) +m4_include([external/krb5.m4]) m4_include([util/signal.m4]) PKG_CHECK_MODULES([DBUS],[dbus-1]) diff --git a/server/external/krb5.m4 b/server/external/krb5.m4 new file mode 100644 index 00000000..1ed5064a --- /dev/null +++ b/server/external/krb5.m4 @@ -0,0 +1,11 @@ +AC_SUBST(KRB5_CFLAGS) +AC_SUBST(KRB5_LIBS) +AC_PATH_PROG(KRB5_CONFIG, krb5-config) +AC_MSG_CHECKING(for working krb5-config) +if test -x "$KRB5_CONFIG"; then + KRB5_CFLAGS="`$KRB5_CONFIG --cflags`" + KRB5_LIBS="`$KRB5_CONFIG --libs`" + AC_MSG_RESULT(yes) +else + AC_MSG_ERROR(no. Please install MIT kerberos devel package) +fi diff --git a/server/krb5_plugin/sssd_krb5_locator_plugin.c b/server/krb5_plugin/sssd_krb5_locator_plugin.c new file mode 100644 index 00000000..699cad40 --- /dev/null +++ b/server/krb5_plugin/sssd_krb5_locator_plugin.c @@ -0,0 +1,131 @@ +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "krb5_plugin/sssd_krb5_locator_plugin.h" + +struct sssd_ctx { + char *sssd_realm; + char *sssd_kdc; +}; + +krb5_error_code sssd_krb5_locator_init(krb5_context context, + void **private_data) +{ + struct sssd_ctx *ctx; + char *dummy; + + ctx = calloc(1,sizeof(struct sssd_ctx)); + if (ctx == NULL) return ENOMEM; + + dummy = getenv(SSSD_REALM); + if (dummy == NULL) goto failed; + ctx->sssd_realm = strdup(dummy); + if (ctx->sssd_realm == NULL) goto failed; + + dummy = getenv(SSSD_KDC); + if (dummy == NULL) goto failed; + ctx->sssd_kdc = strdup(dummy); + if (ctx->sssd_kdc == NULL) goto failed; + + *private_data = ctx; + + return 0; +failed: + free(ctx->sssd_realm); + free(ctx->sssd_kdc); + free(ctx); + + private_data = NULL; + + return EINVAL; +} + +void sssd_krb5_locator_close(void *private_data) +{ + struct sssd_ctx *ctx; + + if (private_data == NULL) return; + + ctx = (struct sssd_ctx *) private_data; + free(ctx->sssd_realm); + free(ctx->sssd_kdc); + free(ctx); + + return; +} + +krb5_error_code sssd_krb5_locator_lookup(void *private_data, + enum locate_service_type svc, + const char *realm, + int socktype, + int family, + int (*cbfunc)(void *, int, struct sockaddr *), + void *cbdata) +{ + int ret; + struct sockaddr_in addr; + struct sssd_ctx *ctx; + + if (private_data == NULL) return KRB5_PLUGIN_NO_HANDLE; + ctx = (struct sssd_ctx *) private_data; + +#ifdef KRB5_PLUGIN_DEBUG + fprintf(stderr,"[%s][%s][%s][%d][%d][%d]\n", realm, ctx->sssd_realm, + ctx->sssd_kdc, socktype, + family, svc); +#endif + + switch (svc) { + case locate_service_kdc: + case locate_service_master_kdc: + case locate_service_kadmin: + break; + case locate_service_krb524: + case locate_service_kpasswd: + return KRB5_PLUGIN_NO_HANDLE; + default: + return EINVAL; + } + + switch (family) { + case AF_UNSPEC: + case AF_INET: + break; + default: + return KRB5_PLUGIN_NO_HANDLE; + } + + switch (socktype) { + case SOCK_STREAM: + case SOCK_DGRAM: + break; + default: + return EINVAL; + } + + if (strcmp(realm, ctx->sssd_realm) != 0) + return KRB5_PLUGIN_NO_HANDLE; + + addr.sin_family = AF_INET; + ret = inet_aton(ctx->sssd_kdc, &addr.sin_addr); + if (ret == 0) return EINVAL; + addr.sin_port = htons(88); + + ret = cbfunc(cbdata, socktype, (struct sockaddr *) &addr); + + return 0; +} + +const krb5plugin_service_locate_ftable service_locator = { + 0, /* version */ + sssd_krb5_locator_init, + sssd_krb5_locator_close, + sssd_krb5_locator_lookup, +}; diff --git a/server/krb5_plugin/sssd_krb5_locator_plugin.h b/server/krb5_plugin/sssd_krb5_locator_plugin.h new file mode 100644 index 00000000..ab41689b --- /dev/null +++ b/server/krb5_plugin/sssd_krb5_locator_plugin.h @@ -0,0 +1,8 @@ +#ifndef __SSSD_KRB5_LOCATOR_PLUGIN_H__ +#define __SSSD_KRB5_LOCATOR_PLUGIN_H__ + +#define SSSD_KDC "SSSD_KDC" +#define SSSD_REALM "SSSD_REALM" + +#endif /* __SSSD_KRB5_LOCATOR_PLUGIN_H__ */ + diff --git a/sssd.spec.in b/sssd.spec.in index 20535764..719e6b7c 100644 --- a/sssd.spec.in +++ b/sssd.spec.in @@ -42,6 +42,7 @@ BuildRequires: pcre-devel BuildRequires: libxslt BuildRequires: libxml2 BuildRequires: docbook-style-xsl +BuildRequires: krb5-devel %description Provides a set of daemons to manage access to remote directories and @@ -78,7 +79,8 @@ rm -f \ $RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \ $RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \ $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \ - $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la + $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \ + $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la %clean rm -rf $RPM_BUILD_ROOT @@ -97,6 +99,7 @@ rm -rf $RPM_BUILD_ROOT %{_libexecdir}/%{servicename}/ %{_libdir}/%{name}/ %{_libdir}/ldb/memberof.so +%{_libdir}/krb5/plugins/libkrb5/* %dir %{_sharedstatedir}/sss/ %attr(700,root,root) %dir %{_sharedstatedir}/sss/db %dir %{_sharedstatedir}/sss/pipes -- cgit