From 921b13a1c454aabc5dec6e7f33f7ae3ffa80febf Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 19 Nov 2009 17:53:38 +0100
Subject: Read KDC info from file instead from environment

Then name or IP adress of the KDC is written into the pubconf directory
into a file named kdcinfo.REALM. The locator plugin will then read this
file and pass the data to the kerberos libraries.
---
 server/providers/ipa/ipa_common.c | 30 +++++++++++++++++++++---------
 server/providers/ipa/ipa_common.h |  5 +++--
 server/providers/ipa/ipa_init.c   | 13 ++++++++++---
 3 files changed, 34 insertions(+), 14 deletions(-)

(limited to 'server/providers/ipa')

diff --git a/server/providers/ipa/ipa_common.c b/server/providers/ipa/ipa_common.c
index 2bd9c76d..98ac0772 100644
--- a/server/providers/ipa/ipa_common.c
+++ b/server/providers/ipa/ipa_common.c
@@ -478,19 +478,19 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
     /* free old one and replace with new one */
     talloc_zfree(service->sdap->uri);
     service->sdap->uri = new_uri;
-    talloc_zfree(service->krb_server->address);
-    service->krb_server->address = address;
+    talloc_zfree(service->krb5_service->address);
+    service->krb5_service->address = address;
 
-    /* set also env variable */
-    ret = setenv(SSSD_KRB5_KDC, address, 1);
+    ret = write_kdcinfo_file(service->krb5_service->realm, address);
     if (ret != EOK) {
-        DEBUG(2, ("setenv %s failed, authentication might fail.\n",
-                  SSSD_KRB5_KDC));
+        DEBUG(2, ("write_kdcinfo_file failed, authentication might fail.\n"));
     }
+
 }
 
 int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
-                     const char *servers, struct ipa_service **_service)
+                     const char *servers, const char *domain,
+                     struct ipa_service **_service)
 {
     TALLOC_CTX *tmp_ctx;
     struct ipa_service *service;
@@ -514,8 +514,8 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
         ret = ENOMEM;
         goto done;
     }
-    service->krb_server = talloc_zero(service, struct krb_server);
-    if (!service->krb_server) {
+    service->krb5_service = talloc_zero(service, struct krb5_service);
+    if (!service->krb5_service) {
         ret = ENOMEM;
         goto done;
     }
@@ -532,6 +532,18 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
         goto done;
     }
 
+    service->krb5_service->name = talloc_strdup(service, "IPA");
+    if (!service->krb5_service->name) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    service->krb5_service->realm = talloc_strdup(service, domain);
+    if (!service->krb5_service->realm) {
+        ret = ENOMEM;
+        goto done;
+    }
+
     /* split server parm into a list */
     ret = sss_split_list(tmp_ctx, servers, ", ", &list, &count);
     if (ret != EOK) {
diff --git a/server/providers/ipa/ipa_common.h b/server/providers/ipa/ipa_common.h
index 8d0840c5..8eaae715 100644
--- a/server/providers/ipa/ipa_common.h
+++ b/server/providers/ipa/ipa_common.h
@@ -29,7 +29,7 @@
 
 struct ipa_service {
     struct sdap_service *sdap;
-    struct krb_server *krb_server;
+    struct krb5_service *krb5_service;
 };
 
 enum ipa_basic_opt {
@@ -72,6 +72,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
                          struct dp_option **_opts);
 
 int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
-                     const char *servers, struct ipa_service **_service);
+                     const char *servers, const char *domain,
+                     struct ipa_service **_service);
 
 #endif /* _IPA_COMMON_H_ */
diff --git a/server/providers/ipa/ipa_init.c b/server/providers/ipa/ipa_init.c
index ea279978..a3f381e4 100644
--- a/server/providers/ipa/ipa_init.c
+++ b/server/providers/ipa/ipa_init.c
@@ -59,6 +59,7 @@ struct bet_ops ipa_access_ops = {
 int common_ipa_init(struct be_ctx *bectx)
 {
     const char *ipa_servers;
+    const char *ipa_domain;
     int ret;
 
     ret = ipa_get_options(bectx, bectx->cdb,
@@ -74,8 +75,14 @@ int common_ipa_init(struct be_ctx *bectx)
         return EINVAL;
     }
 
-    ret = ipa_service_init(ipa_options, bectx,
-                           ipa_servers, &ipa_options->service);
+    ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN);
+    if (!ipa_domain) {
+        DEBUG(0, ("Missing ipa_domain option!\n"));
+        return EINVAL;
+    }
+
+    ret = ipa_service_init(ipa_options, bectx, ipa_servers, ipa_domain,
+                           &ipa_options->service);
     if (ret != EOK) {
         DEBUG(0, ("Failed to init IPA failover service!\n"));
         return ret;
@@ -171,7 +178,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx,
     if (!ctx) {
         return ENOMEM;
     }
-    ctx->server = ipa_options->service->krb_server;
+    ctx->service = ipa_options->service->krb5_service;
     ipa_options->auth_ctx = ctx;
 
     ret = ipa_get_auth_options(ipa_options, bectx->cdb,
-- 
cgit