diff options
| author | Simo Sorce <ssorce@redhat.com> | 2009-10-28 17:02:45 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-10-29 15:26:14 -0400 |
| commit | 81009a08d43a6b5e60afb681c4ed07b413967179 (patch) | |
| tree | fb6fd24578bf764569f1dfd72422b2c26583d0b7 /server/providers/ipa/ipa_init.c | |
| parent | 91200b67bcb2f2e8ff2006407a264f64f86c9223 (diff) | |
| download | sssd-81009a08d43a6b5e60afb681c4ed07b413967179.tar.gz sssd-81009a08d43a6b5e60afb681c4ed07b413967179.tar.xz sssd-81009a08d43a6b5e60afb681c4ed07b413967179.zip | |
Tidy up ipa options
Do not replicate every and each option we may want to set in ipa.
Just read out ldap and krb provider options (added reference in the manual too,
and removed mention of ipa specific timeout values, use ldap options for that)
Avoid calling auth module initialization twice, just pass the auth context to
the chpass module too.
Add a new ldap option SDAP_SEARCH_BASE, so that a single searching base can be
used for both users and groups. the user and group search bases can still be set
separately if necessary but they are now optional and set to be identical to
SDAP_SEARCH_BASE if not explicitly specified in the configuration.
Diffstat (limited to 'server/providers/ipa/ipa_init.c')
| -rw-r--r-- | server/providers/ipa/ipa_init.c | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/server/providers/ipa/ipa_init.c b/server/providers/ipa/ipa_init.c index 0c2eb2a79..d1439ded4 100644 --- a/server/providers/ipa/ipa_init.c +++ b/server/providers/ipa/ipa_init.c @@ -64,15 +64,16 @@ int sssm_ipa_init(struct be_ctx *bectx, return ENOMEM; } - ctx = talloc_zero(bectx, struct sdap_id_ctx); + ctx = talloc_zero(ipa_options, struct sdap_id_ctx); if (!ctx) { return ENOMEM; } ctx->be = bectx; + ipa_options->id_ctx = ctx; - ret = ipa_get_id_options(ctx, bectx->cdb, + ret = ipa_get_id_options(ipa_options, bectx->cdb, bectx->conf_path, - ipa_options, &ctx->opts); + &ctx->opts); if (ret != EOK) { goto done; } @@ -95,7 +96,7 @@ int sssm_ipa_init(struct be_ctx *bectx, done: if (ret != EOK) { - talloc_free(ctx); + talloc_zfree(ipa_options->id_ctx); } return ret; } @@ -104,11 +105,11 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { - struct krb5_ctx *ctx = NULL; - int ret; + struct krb5_ctx *ctx; struct tevent_signal *sige; - unsigned v; FILE *debug_filep; + unsigned v; + int ret; if (!ipa_options) { ipa_get_options(bectx, bectx->cdb, @@ -119,14 +120,22 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, return ENOMEM; } + if (ipa_options->auth_ctx) { + /* already initialized */ + *ops = &ipa_auth_ops; + *pvt_data = ipa_options->auth_ctx; + return EOK; + } + ctx = talloc_zero(bectx, struct krb5_ctx); if (!ctx) { return ENOMEM; } + ipa_options->auth_ctx = ctx; - ret = ipa_get_auth_options(ctx, bectx->cdb, + ret = ipa_get_auth_options(ipa_options, bectx->cdb, bectx->conf_path, - ipa_options, &ctx->opts); + &ctx->opts); if (ret != EOK) { goto done; } @@ -170,7 +179,7 @@ int sssm_ipa_auth_init(struct be_ctx *bectx, done: if (ret != EOK) { - talloc_free(ctx); + talloc_zfree(ipa_options->auth_ctx); } return ret; } |