Add ldap_chpass_uri config option

author: Sumit Bose <sbose@redhat.com> 2010-11-29 14:29:19 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-12-06 09:30:14 -0500
commit: 33b8fa8693df109fb33b6051bb29cb0cf5bc4d19 (patch)
tree: 63a40c0c94631ce767e5a71dd6ba84da9586ab3b /src/providers/ldap
parent: 32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a (diff)
download: sssd-33b8fa8693df109fb33b6051bb29cb0cf5bc4d19.tar.gz
sssd-33b8fa8693df109fb33b6051bb29cb0cf5bc4d19.tar.xz
sssd-33b8fa8693df109fb33b6051bb29cb0cf5bc4d19.zip
5 files changed, 47 insertions, 6 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 5a85fe910..2d66b1d66 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -450,6 +450,7 @@ struct auth_state {
     struct sdap_auth_ctx *ctx;
     const char *username;
     struct dp_opt_blob password;
+    struct sdap_service *sdap_service;
 
     struct sdap_handle *sh;
 
@@ -470,7 +471,8 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx,
                                     struct tevent_context *ev,
                                     struct sdap_auth_ctx *ctx,
                                     const char *username,
-                                    struct dp_opt_blob password)
+                                    struct dp_opt_blob password,
+                                    bool try_chpass_service)
 {
     struct tevent_req *req;
     struct auth_state *state;
@@ -490,6 +492,12 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx,
     state->username = username;
     state->password = password;
     state->srv = NULL;
+    if (try_chpass_service && ctx->chpass_service != NULL &&
+        ctx->chpass_service->name != NULL) {
+        state->sdap_service = ctx->chpass_service;
+    } else {
+        state->sdap_service = ctx->service;
+    }
 
     if (!auth_get_server(req)) goto fail;
 
@@ -511,7 +519,7 @@ static struct tevent_req *auth_get_server(struct tevent_req *req)
     next_req = be_resolve_server_send(state,
                                       state->ev,
                                       state->ctx->be,
-                                      state->ctx->service->name);
+                                      state->sdap_service->name);
     if (!next_req) {
         DEBUG(1, ("be_resolve_server_send failed.\n"));
         return NULL;
@@ -539,7 +547,7 @@ static void auth_resolve_done(struct tevent_req *subreq)
     }
 
     subreq = sdap_connect_send(state, state->ev, state->ctx->opts,
-                               state->ctx->service->uri, true);
+                               state->sdap_service->uri, true);
     if (!subreq) {
         tevent_req_error(req, ENOMEM);
         return;
@@ -743,7 +751,7 @@ void sdap_pam_chpass_handler(struct be_req *breq)
     authtok.data = (uint8_t *)state->password;
     authtok.length = strlen(state->password);
     subreq = auth_send(breq, breq->be_ctx->ev,
-                       ctx, state->username, authtok);
+                       ctx, state->username, authtok, true);
     if (!subreq) goto done;
 
     tevent_req_set_callback(subreq, sdap_auth4chpass_done, state);
@@ -950,7 +958,8 @@ void sdap_pam_auth_handler(struct be_req *breq)
         state->password.length = pd->authtok_size;
 
         subreq = auth_send(breq, breq->be_ctx->ev, ctx,
-                           state->username, state->password);
+                           state->username, state->password,
+                           pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM ? true : false);
         if (!subreq) goto done;
 
         tevent_req_set_callback(subreq, sdap_pam_auth_done, state);
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index dc012262d..4242a7e45 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -74,7 +74,9 @@ struct dp_option default_basic_opts[] = {
     { "ldap_group_nesting_level", DP_OPT_NUMBER, { .number = 2 }, NULL_NUMBER },
     { "ldap_deref", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_account_expire_policy", DP_OPT_STRING, NULL_STRING, NULL_STRING },
-    { "ldap_access_order", DP_OPT_STRING, { "filter" }, NULL_STRING }
+    { "ldap_access_order", DP_OPT_STRING, { "filter" }, NULL_STRING },
+    { "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+    { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }
 };
 
 struct sdap_attr_map generic_attr_map[] = {
@@ -688,6 +690,12 @@ int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
     /* now for each URI add a new server to the failover service */
     for (i = 0; list[i]; i++) {
         if (be_fo_is_srv_identifier(list[i])) {
+            if (!dns_service_name) {
+                DEBUG(0, ("Missing DNS service name for service [%s].\n",
+                          service_name));
+                ret = EINVAL;
+                goto done;
+            }
             srv_user_data = talloc_strdup(service, dns_service_name);
             if (!srv_user_data) {
                 ret = ENOMEM;
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index d24a9839e..f1af8fc7e 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -65,6 +65,7 @@ struct sdap_auth_ctx {
     struct sdap_options *opts;
     struct fo_service *fo_service;
     struct sdap_service *service;
+    struct sdap_service *chpass_service;
 };
 
 void sdap_check_online(struct be_req *breq);
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index d6407c419..58c12d081 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -212,6 +212,27 @@ int sssm_ldap_auth_init(struct be_ctx *bectx,
         goto done;
     }
 
+    dns_service_name = dp_opt_get_string(ctx->opts->basic,
+                                         SDAP_CHPASS_DNS_SERVICE_NAME);
+    if (dns_service_name) {
+        DEBUG(7, ("Service name for chpass discovery set to %s\n",
+                  dns_service_name));
+    }
+
+    urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_URI);
+    if (!urls && !dns_service_name) {
+        DEBUG(9, ("ldap_chpass_uri and ldap_chpass_dns_service_name not set, "
+                  "using ldap_uri.\n"));
+        ctx->chpass_service = NULL;
+    } else {
+        ret = sdap_service_init(ctx, ctx->be, "LDAP_CHPASS", dns_service_name,
+                                urls, &ctx->chpass_service);
+        if (ret != EOK) {
+            DEBUG(1, ("Failed to initialize failover service!\n"));
+            goto done;
+        }
+    }
+
     ret = setup_tls_config(ctx->opts->basic);
     if (ret != EOK) {
         DEBUG(1, ("setup_tls_config failed [%d][%s].\n",
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 4d52d5b3a..5c4f4a548 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -184,6 +184,8 @@ enum sdap_basic_opt {
     SDAP_DEREF,
     SDAP_ACCOUNT_EXPIRE_POLICY,
     SDAP_ACCESS_ORDER,
+    SDAP_CHPASS_URI,
+    SDAP_CHPASS_DNS_SERVICE_NAME,
 
     SDAP_OPTS_BASIC /* opts counter */
 };
author	Sumit Bose <sbose@redhat.com>	2010-11-29 14:29:19 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-12-06 09:30:14 -0500
commit	33b8fa8693df109fb33b6051bb29cb0cf5bc4d19 (patch)
tree	63a40c0c94631ce767e5a71dd6ba84da9586ab3b /src/providers/ldap
parent	32266b2c1c6b8bf95f3ba8fd7f3ff2ef63d8fb9a (diff)
download	sssd-33b8fa8693df109fb33b6051bb29cb0cf5bc4d19.tar.gz sssd-33b8fa8693df109fb33b6051bb29cb0cf5bc4d19.tar.xz sssd-33b8fa8693df109fb33b6051bb29cb0cf5bc4d19.zip