diff options
Diffstat (limited to 'src/providers/ad/ad_init.c')
-rw-r--r-- | src/providers/ad/ad_init.c | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index da659da25..89101a5b1 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -31,6 +31,7 @@ #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_idmap.h" #include "providers/krb5/krb5_auth.h" +#include "providers/krb5/krb5_init_shared.h" #include "providers/ad/ad_id.h" struct ad_options *ad_options = NULL; @@ -176,6 +177,90 @@ done: return ret; } +int +sssm_ad_auth_init(struct be_ctx *bectx, + struct bet_ops **ops, + void **pvt_data) +{ + errno_t ret; + struct krb5_ctx *krb5_auth_ctx = NULL; + + if (!ad_options) { + ret = common_ad_init(bectx); + if (ret != EOK) { + return ret; + } + } + + if (ad_options->auth_ctx) { + /* Already initialized */ + *ops = &ad_auth_ops; + *pvt_data = ad_options->auth_ctx; + return EOK; + } + + krb5_auth_ctx = talloc_zero(NULL, struct krb5_ctx); + if (!krb5_auth_ctx) { + ret = ENOMEM; + goto done; + } + + krb5_auth_ctx->service = ad_options->service->krb5_service; + + ret = ad_get_auth_options(krb5_auth_ctx, ad_options, bectx, + &krb5_auth_ctx->opts); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Could not determine Kerberos options\n")); + goto done; + } + + ret = krb5_child_init(krb5_auth_ctx, bectx); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Could not initialize krb5_child settings: [%s]\n", + strerror(ret))); + goto done; + } + + ad_options->auth_ctx = talloc_steal(ad_options, krb5_auth_ctx); + *ops = &ad_auth_ops; + *pvt_data = ad_options->auth_ctx; + +done: + if (ret != EOK) { + talloc_free(krb5_auth_ctx); + } + return ret; +} + +int +sssm_ad_chpass_init(struct be_ctx *bectx, + struct bet_ops **ops, + void **pvt_data) +{ + errno_t ret; + + if (!ad_options) { + ret = common_ad_init(bectx); + if (ret != EOK) { + return ret; + } + } + + if (ad_options->auth_ctx) { + /* Already initialized */ + *ops = &ad_chpass_ops; + *pvt_data = ad_options->auth_ctx; + return EOK; + } + + ret = sssm_ad_auth_init(bectx, ops, pvt_data); + *ops = &ad_chpass_ops; + ad_options->auth_ctx = *pvt_data; + return ret; +} + static void ad_shutdown(struct be_req *req) { |