From 07b7b76d7cd494cbd26263503ba2732c21819941 Mon Sep 17 00:00:00 2001
From: Jan Zeleny <jzeleny@redhat.com>
Date: Tue, 5 Jun 2012 15:07:10 -0400
Subject: Primary server support: new options in krb5 provider

This patch adds support for new config options krb5_backup_server and
krb5_backup_kpasswd. The description of this option's functionality
is included in man page in one of previous patches.
---
 src/providers/ldap/ldap_common.c | 7 +++----
 src/providers/ldap/ldap_opts.h   | 1 +
 src/providers/ldap/sdap.h        | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)

(limited to 'src/providers/ldap')

diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 76236743..b9fef086 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -1041,6 +1041,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
 {
     int ret;
     const char *krb5_servers;
+    const char *krb5_backup_servers;
     const char *krb5_realm;
     const char *krb5_opt_realm;
     struct krb5_service *service = NULL;
@@ -1050,9 +1051,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
     if (tmp_ctx == NULL) return ENOMEM;
 
     krb5_servers = dp_opt_get_string(opts, SDAP_KRB5_KDC);
-    if (krb5_servers == NULL) {
-        DEBUG(SSSDBG_CONF_SETTINGS, ("Missing krb5_server option, using service discovery!\n"));
-    }
+    krb5_backup_servers = dp_opt_get_string(opts, SDAP_KRB5_BACKUP_KDC);
 
     krb5_opt_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM);
     if (krb5_opt_realm == NULL) {
@@ -1072,7 +1071,7 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
     }
 
     ret = krb5_service_init(mem_ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers,
-                            NULL, krb5_realm, &service);
+                            krb5_backup_servers, krb5_realm, &service);
     if (ret != EOK) {
         DEBUG(0, ("Failed to init KRB5 failover service!\n"));
         goto done;
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
index 9be6a0f6..4e876bdc 100644
--- a/src/providers/ldap/ldap_opts.h
+++ b/src/providers/ldap/ldap_opts.h
@@ -76,6 +76,7 @@ struct dp_option default_basic_opts[] = {
     { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
     /* use the same parm name as the krb5 module so we set it only once */
     { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+    { "krb5_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
     { "ldap_pwd_policy", DP_OPT_STRING, { "none" }, NULL_STRING },
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 70b4e6ad..01c33e42 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -194,6 +194,7 @@ enum sdap_basic_opt {
     SDAP_KRB5_KEYTAB,
     SDAP_KRB5_KINIT,
     SDAP_KRB5_KDC,
+    SDAP_KRB5_BACKUP_KDC,
     SDAP_KRB5_REALM,
     SDAP_KRB5_CANONICALIZE,
     SDAP_PWD_POLICY,
-- 
cgit