summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Bokovoy <abokovoy@redhat.com>2013-07-18 17:10:01 +0300
committerAlexander Bokovoy <abokovoy@redhat.com>2013-07-18 17:16:48 +0300
commit8e17f1e9579b9171639c109be51ada9032c52df7 (patch)
treeec32b4f0273e1e71817c10f1d52a84e86dfad7ad
parente375aca57cfea570e2b92d7f555bda6267d05d7a (diff)
downloadfreeipa-8e17f1e9579b9171639c109be51ada9032c52df7.zip
freeipa-8e17f1e9579b9171639c109be51ada9032c52df7.tar.gz
freeipa-8e17f1e9579b9171639c109be51ada9032c52df7.tar.xz
ipa-kdb: cache KDC hostname on startup
We need KDC hostname for several purposes: - short-circuit detection of principals on the same server as KDC - generating NetBIOS name Make sure we cache hostname information on startup and use it instead of detecting the hostname in run-time. This will miss the case that KDC hostname got changed but such cases are not supported anyway without restarting KDC and making changes to principals.
-rw-r--r--daemons/ipa-kdb/ipa_kdb.c15
-rw-r--r--daemons/ipa-kdb/ipa_kdb.h1
-rw-r--r--daemons/ipa-kdb/ipa_kdb_mspac.c9
3 files changed, 19 insertions, 6 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
index 8464264..51b879c 100644
--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
@@ -21,6 +21,7 @@
*/
#include <talloc.h>
+#include <sys/utsname.h>
#include "ipa_kdb.h"
@@ -46,6 +47,7 @@ static void ipadb_context_free(krb5_context kcontext,
free((*ctx)->uri);
free((*ctx)->base);
free((*ctx)->realm_base);
+ free((*ctx)->kdc_hostname);
/* ldap free lcontext */
if ((*ctx)->lcontext) {
ldap_unbind_ext_s((*ctx)->lcontext, NULL, NULL);
@@ -442,6 +444,7 @@ static krb5_error_code ipadb_init_module(krb5_context kcontext,
krb5_error_code kerr;
int ret;
int i;
+ struct utsname uname_data;
/* make sure the context is freed to avoid leaking it */
ipactx = ipadb_get_context(kcontext);
@@ -494,6 +497,18 @@ static krb5_error_code ipadb_init_module(krb5_context kcontext,
goto fail;
}
+ ret = uname(&uname_data);
+ if (ret) {
+ ret = EINVAL;
+ goto fail;
+ }
+
+ ipactx->kdc_hostname = strdup(uname_data.nodename);
+ if (!ipactx->kdc_hostname) {
+ ret = ENOMEM;
+ goto fail;
+ }
+
ret = ipadb_get_connection(ipactx);
if (ret != 0) {
/* not a fatal failure, as the LDAP server may be temporarily down */
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 54869d8..9e8e0c6 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -92,6 +92,7 @@ struct ipadb_context {
char *base;
char *realm;
char *realm_base;
+ char *kdc_hostname;
LDAP *lcontext;
krb5_context kcontext;
bool override_restrictions;
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 96eac6f..d6c4f9a 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -1905,16 +1905,13 @@ done:
return kerr;
}
-static char *get_server_netbios_name(void)
+static char *get_server_netbios_name(struct ipadb_context *ipactx)
{
char hostname[MAXHOSTNAMELEN + 1]; /* NOTE: this is 64, too little ? */
char *p;
int ret;
- ret = gethostname(hostname, MAXHOSTNAMELEN);
- if (ret) {
- return NULL;
- }
+ strncpy(hostname, ipactx->kdc_hostname, MAXHOSTNAMELEN);
/* May miss termination */
hostname[MAXHOSTNAMELEN] = '\0';
for (p = hostname; *p; p++) {
@@ -2245,7 +2242,7 @@ krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx)
free(resstr);
free(ipactx->mspac->flat_server_name);
- ipactx->mspac->flat_server_name = get_server_netbios_name();
+ ipactx->mspac->flat_server_name = get_server_netbios_name(ipactx);
if (!ipactx->mspac->flat_server_name) {
kerr = ENOMEM;
goto done;