diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2012-06-27 21:38:13 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-07-06 11:44:45 -0400 |
| commit | d92c50f6d75ae980b0d130134112a33e1584724c (patch) | |
| tree | 324350844b27c46a9e6fe27d0f3f3a70679c36c8 /src/providers/ad/ad_common.c | |
| parent | effcbdb12c7ef892f1fd92a745cb33a08ca4ba30 (diff) | |
| download | sssd-d92c50f6d75ae980b0d130134112a33e1584724c.tar.gz sssd-d92c50f6d75ae980b0d130134112a33e1584724c.tar.xz sssd-d92c50f6d75ae980b0d130134112a33e1584724c.zip | |
AD: Add AD auth and chpass providers
These new providers take advantage of existing code for the KRB5
provider, providing sensible defaults for operating against an
Active Directory 2008 R2 or later server.
Diffstat (limited to 'src/providers/ad/ad_common.c')
| -rw-r--r-- | src/providers/ad/ad_common.c | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 92cd40eca..d8f8aff6f 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -598,3 +598,67 @@ ad_set_search_bases(struct sdap_options *id_opts) done: return ret; } + +errno_t +ad_get_auth_options(TALLOC_CTX *mem_ctx, + struct ad_options *ad_opts, + struct be_ctx *bectx, + struct dp_option **_opts) +{ + errno_t ret; + struct dp_option *krb5_options; + const char *ad_servers; + const char *krb5_realm; + + TALLOC_CTX *tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) return ENOMEM; + + /* Get krb5 options */ + ret = dp_get_options(tmp_ctx, bectx->cdb, bectx->conf_path, + ad_def_krb5_opts, KRB5_OPTS, + &krb5_options); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Could not read Kerberos options from the configuration\n")); + goto done; + } + + ad_servers = dp_opt_get_string(ad_opts->basic, AD_SERVER); + + /* Force the krb5_servers to match the ad_servers */ + ret = dp_opt_set_string(krb5_options, KRB5_KDC, ad_servers); + if (ret != EOK) goto done; + DEBUG(SSSDBG_CONF_SETTINGS, + ("Option %s set to %s\n", + krb5_options[KRB5_KDC].opt_name, + ad_servers)); + + /* Set krb5 realm */ + /* Set the Kerberos Realm for GSSAPI */ + krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); + if (!krb5_realm) { + /* Should be impossible, this is set in ad_get_common_options() */ + DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n")); + ret = EINVAL; + goto done; + } + + /* Force the kerberos realm to match the AD_KRB5_REALM (which may have + * been upper-cased in ad_common_options() + */ + ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm); + if (ret != EOK) goto done; + DEBUG(SSSDBG_CONF_SETTINGS, + ("Option %s set to %s\n", + krb5_options[KRB5_REALM].opt_name, + krb5_realm)); + + + *_opts = talloc_steal(mem_ctx, krb5_options); + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} |