diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-14 21:12:07 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-28 16:19:51 +0200 |
commit | de307ab8e390deabc5df9884a3f762bfb1581936 (patch) | |
tree | 84acc05a5b2adfdd22a4a17f454691da087feae0 /src/providers/ipa | |
parent | ac54a88b4b510289a411f334e371282d00e1538d (diff) | |
download | sssd-de307ab8e390deabc5df9884a3f762bfb1581936.tar.gz sssd-de307ab8e390deabc5df9884a3f762bfb1581936.tar.xz sssd-de307ab8e390deabc5df9884a3f762bfb1581936.zip |
IPA: Enable AD sites when in server mode
https://fedorahosted.org/sssd/ticket/1964
Currently the AD sites are enabled unconditionally
Diffstat (limited to 'src/providers/ipa')
-rw-r--r-- | src/providers/ipa/ipa_common.h | 1 | ||||
-rw-r--r-- | src/providers/ipa/ipa_init.c | 52 | ||||
-rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 19 |
3 files changed, 70 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 1afe20dbb..02f0baf55 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -27,6 +27,7 @@ #include "providers/ldap/ldap_common.h" #include "providers/krb5/krb5_common.h" #include "providers/ad/ad_common.h" +#include "providers/ad/ad_srv.h" struct ipa_service { struct sdap_service *sdap; diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 407ab1669..cdcae5e6d 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -79,6 +79,39 @@ struct bet_ops ipa_hostid_ops = { }; #endif +static bool srv_in_server_list(const char *servers) +{ + TALLOC_CTX *tmp_ctx; + char **list = NULL; + int ret = 0; + bool has_srv = false; + + if (servers == NULL) return true; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return false; + } + + /* split server parm into a list */ + ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n")); + goto done; + } + + for (int i = 0; list[i]; i++) { + has_srv = be_fo_is_srv_identifier(list[i]); + if (has_srv == true) { + break; + } + } + +done: + talloc_free(tmp_ctx); + return has_srv; +} + int common_ipa_init(struct be_ctx *bectx) { const char *ipa_servers; @@ -114,7 +147,9 @@ int sssm_ipa_id_init(struct be_ctx *bectx, struct sdap_id_ctx *sdap_ctx; const char *hostname; const char *ipa_domain; + const char *ipa_servers; struct ipa_srv_plugin_ctx *srv_ctx; + bool server_mode; int ret; if (!ipa_options) { @@ -205,6 +240,8 @@ int sssm_ipa_id_init(struct be_ctx *bectx, /* setup SRV lookup plugin */ hostname = dp_opt_get_string(ipa_options->basic, IPA_HOSTNAME); + server_mode = dp_opt_get_bool(ipa_options->basic, IPA_SERVER_MODE); + if (dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES)) { /* use IPA plugin */ ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN); @@ -218,8 +255,21 @@ int sssm_ipa_id_init(struct be_ctx *bectx, be_fo_set_srv_lookup_plugin(bectx, ipa_srv_plugin_send, ipa_srv_plugin_recv, srv_ctx, "IPA"); + } else if (server_mode == true) { + ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER); + if (srv_in_server_list(ipa_servers) == true) { + DEBUG(SSSDBG_MINOR_FAILURE, ("SRV resolution enabled on the IPA server. " + "Site discovery of trusted AD servers might not work\n")); + + ret = be_fo_set_dns_srv_lookup_plugin(bectx, hostname); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set SRV lookup plugin " + "[%d]: %s\n", ret, strerror(ret))); + goto done; + } + } } else { - /* fall back to standard plugin */ + /* fall back to standard plugin on clients. */ ret = be_fo_set_dns_srv_lookup_plugin(bectx, hostname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set SRV lookup plugin " diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 9ded9954b..6e627c937 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -102,6 +102,8 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, struct ad_options *ad_options; struct ad_id_ctx *ad_id_ctx; const char *gc_service_name; + struct ad_srv_plugin_ctx *srv_ctx; + char *ad_domain; errno_t ret; ad_options = ad_create_default_options(id_ctx, id_ctx->server_mode->realm, @@ -112,7 +114,9 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, return ENOMEM; } - ret = dp_opt_set_string(ad_options->basic, AD_DOMAIN, subdom->name); + ad_domain = subdom->name; + + ret = dp_opt_set_string(ad_options->basic, AD_DOMAIN, ad_domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set AD domain\n")); talloc_free(ad_options); @@ -153,6 +157,19 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx, ad_id_ctx->sdap_id_ctx->opts = ad_options->id; ad_options->id_ctx = ad_id_ctx; + /* use AD plugin */ + srv_ctx = ad_srv_plugin_ctx_init(be_ctx, be_ctx->be_res, + default_host_dbs, + ad_id_ctx->ad_options->id, + id_ctx->server_mode->hostname, + ad_domain); + if (srv_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); + return ENOMEM; + } + be_fo_set_srv_lookup_plugin(be_ctx, ad_srv_plugin_send, + ad_srv_plugin_recv, srv_ctx, "AD"); + ret = sdap_domain_subdom_add(ad_id_ctx->sdap_id_ctx, ad_id_ctx->sdap_id_ctx->opts->sdom, subdom->parent); |