summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-08-14 21:12:07 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-28 16:19:51 +0200
commitde307ab8e390deabc5df9884a3f762bfb1581936 (patch)
tree84acc05a5b2adfdd22a4a17f454691da087feae0 /src/providers/ipa
parentac54a88b4b510289a411f334e371282d00e1538d (diff)
downloadsssd-de307ab8e390deabc5df9884a3f762bfb1581936.tar.gz
sssd-de307ab8e390deabc5df9884a3f762bfb1581936.tar.xz
sssd-de307ab8e390deabc5df9884a3f762bfb1581936.zip
IPA: Enable AD sites when in server mode
https://fedorahosted.org/sssd/ticket/1964 Currently the AD sites are enabled unconditionally
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_common.h1
-rw-r--r--src/providers/ipa/ipa_init.c52
-rw-r--r--src/providers/ipa/ipa_subdomains.c19
3 files changed, 70 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 1afe20dbb..02f0baf55 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -27,6 +27,7 @@
#include "providers/ldap/ldap_common.h"
#include "providers/krb5/krb5_common.h"
#include "providers/ad/ad_common.h"
+#include "providers/ad/ad_srv.h"
struct ipa_service {
struct sdap_service *sdap;
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 407ab1669..cdcae5e6d 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -79,6 +79,39 @@ struct bet_ops ipa_hostid_ops = {
};
#endif
+static bool srv_in_server_list(const char *servers)
+{
+ TALLOC_CTX *tmp_ctx;
+ char **list = NULL;
+ int ret = 0;
+ bool has_srv = false;
+
+ if (servers == NULL) return true;
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) {
+ return false;
+ }
+
+ /* split server parm into a list */
+ ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n"));
+ goto done;
+ }
+
+ for (int i = 0; list[i]; i++) {
+ has_srv = be_fo_is_srv_identifier(list[i]);
+ if (has_srv == true) {
+ break;
+ }
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return has_srv;
+}
+
int common_ipa_init(struct be_ctx *bectx)
{
const char *ipa_servers;
@@ -114,7 +147,9 @@ int sssm_ipa_id_init(struct be_ctx *bectx,
struct sdap_id_ctx *sdap_ctx;
const char *hostname;
const char *ipa_domain;
+ const char *ipa_servers;
struct ipa_srv_plugin_ctx *srv_ctx;
+ bool server_mode;
int ret;
if (!ipa_options) {
@@ -205,6 +240,8 @@ int sssm_ipa_id_init(struct be_ctx *bectx,
/* setup SRV lookup plugin */
hostname = dp_opt_get_string(ipa_options->basic, IPA_HOSTNAME);
+ server_mode = dp_opt_get_bool(ipa_options->basic, IPA_SERVER_MODE);
+
if (dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES)) {
/* use IPA plugin */
ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN);
@@ -218,8 +255,21 @@ int sssm_ipa_id_init(struct be_ctx *bectx,
be_fo_set_srv_lookup_plugin(bectx, ipa_srv_plugin_send,
ipa_srv_plugin_recv, srv_ctx, "IPA");
+ } else if (server_mode == true) {
+ ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER);
+ if (srv_in_server_list(ipa_servers) == true) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("SRV resolution enabled on the IPA server. "
+ "Site discovery of trusted AD servers might not work\n"));
+
+ ret = be_fo_set_dns_srv_lookup_plugin(bectx, hostname);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set SRV lookup plugin "
+ "[%d]: %s\n", ret, strerror(ret)));
+ goto done;
+ }
+ }
} else {
- /* fall back to standard plugin */
+ /* fall back to standard plugin on clients. */
ret = be_fo_set_dns_srv_lookup_plugin(bectx, hostname);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set SRV lookup plugin "
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 9ded9954b..6e627c937 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -102,6 +102,8 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
struct ad_options *ad_options;
struct ad_id_ctx *ad_id_ctx;
const char *gc_service_name;
+ struct ad_srv_plugin_ctx *srv_ctx;
+ char *ad_domain;
errno_t ret;
ad_options = ad_create_default_options(id_ctx, id_ctx->server_mode->realm,
@@ -112,7 +114,9 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
return ENOMEM;
}
- ret = dp_opt_set_string(ad_options->basic, AD_DOMAIN, subdom->name);
+ ad_domain = subdom->name;
+
+ ret = dp_opt_set_string(ad_options->basic, AD_DOMAIN, ad_domain);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Cannot set AD domain\n"));
talloc_free(ad_options);
@@ -153,6 +157,19 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
ad_id_ctx->sdap_id_ctx->opts = ad_options->id;
ad_options->id_ctx = ad_id_ctx;
+ /* use AD plugin */
+ srv_ctx = ad_srv_plugin_ctx_init(be_ctx, be_ctx->be_res,
+ default_host_dbs,
+ ad_id_ctx->ad_options->id,
+ id_ctx->server_mode->hostname,
+ ad_domain);
+ if (srv_ctx == NULL) {
+ DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n"));
+ return ENOMEM;
+ }
+ be_fo_set_srv_lookup_plugin(be_ctx, ad_srv_plugin_send,
+ ad_srv_plugin_recv, srv_ctx, "AD");
+
ret = sdap_domain_subdom_add(ad_id_ctx->sdap_id_ctx,
ad_id_ctx->sdap_id_ctx->opts->sdom,
subdom->parent);