From 59415636c92c6e9764ddc65a85ad61002310519d Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 19 Jun 2013 10:49:05 +0200 Subject: AD: initialize failover with custom realm, domain and failover service This is needed so we can initialize failover using IPA realm and on-the-fly discovered DNS domain. The subdomains discovered on-thefly will use the subdomain name for realm, domain and failover service to avoid conflicts. Subtaks of: https://fedorahosted.org/sssd/ticket/1962 --- src/providers/ad/ad_common.c | 58 ++++++++++++++++++++++++-------------------- src/providers/ad/ad_common.h | 5 +++- src/providers/ad/ad_init.c | 6 ++++- 3 files changed, 41 insertions(+), 28 deletions(-) diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 2f87bc63e..700ac033f 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -356,14 +356,15 @@ static errno_t _ad_servers_init(TALLOC_CTX *mem_ctx, struct ad_service *service, struct be_ctx *bectx, + const char *fo_service, + const char *fo_gc_service, const char *servers, - struct ad_options *options, + const char *ad_domain, bool primary) { size_t i; errno_t ret = 0; char **list; - char *ad_domain; struct ad_server_data *sdata; TALLOC_CTX *tmp_ctx; @@ -377,8 +378,6 @@ _ad_servers_init(TALLOC_CTX *mem_ctx, goto done; } - ad_domain = dp_opt_get_string(options->basic, AD_DOMAIN); - /* Add each of these servers to the failover service */ for (i = 0; list[i]; i++) { if (be_fo_is_srv_identifier(list[i])) { @@ -397,7 +396,7 @@ _ad_servers_init(TALLOC_CTX *mem_ctx, } sdata->gc = true; - ret = be_fo_add_srv_server(bectx, AD_GC_SERVICE_NAME, "gc", + ret = be_fo_add_srv_server(bectx, fo_gc_service, "gc", ad_domain, BE_FO_PROTO_TCP, false, sdata); if (ret != EOK) { @@ -414,7 +413,7 @@ _ad_servers_init(TALLOC_CTX *mem_ctx, } sdata->gc = false; - ret = be_fo_add_srv_server(bectx, AD_SERVICE_NAME, "ldap", + ret = be_fo_add_srv_server(bectx, fo_service, "ldap", ad_domain, BE_FO_PROTO_TCP, false, sdata); if (ret != EOK) { @@ -442,7 +441,7 @@ _ad_servers_init(TALLOC_CTX *mem_ctx, } sdata->gc = true; - ret = be_fo_add_server(bectx, AD_SERVICE_NAME, list[i], 0, sdata, primary); + ret = be_fo_add_server(bectx, fo_service, list[i], 0, sdata, primary); if (ret && ret != EEXIST) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; @@ -455,7 +454,7 @@ _ad_servers_init(TALLOC_CTX *mem_ctx, } sdata->gc = false; - ret = be_fo_add_server(bectx, AD_SERVICE_NAME, list[i], 0, sdata, primary); + ret = be_fo_add_server(bectx, fo_service, list[i], 0, sdata, primary); if (ret && ret != EEXIST) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; @@ -471,17 +470,21 @@ done: static inline errno_t ad_primary_servers_init(TALLOC_CTX *mem_ctx, struct ad_service *service, struct be_ctx *bectx, const char *servers, - struct ad_options *options) + const char *fo_service, const char *fo_gc_service, + const char *ad_domain) { - return _ad_servers_init(mem_ctx, service, bectx, servers, options, true); + return _ad_servers_init(mem_ctx, service, bectx, fo_service, + fo_gc_service, servers, ad_domain, true); } static inline errno_t ad_backup_servers_init(TALLOC_CTX *mem_ctx, struct ad_service *service, struct be_ctx *bectx, const char *servers, - struct ad_options *options) + const char *fo_service, const char *fo_gc_service, + const char *ad_domain) { - return _ad_servers_init(mem_ctx, service, bectx, servers, options, false); + return _ad_servers_init(mem_ctx, service, bectx, fo_service, + fo_gc_service, servers, ad_domain, false); } static int ad_user_data_cmp(void *ud1, void *ud2) @@ -522,13 +525,15 @@ errno_t ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, const char *primary_servers, const char *backup_servers, - struct ad_options *options, + const char *krb5_realm, + const char *ad_service, + const char *ad_gc_service, + const char *ad_domain, struct ad_service **_service) { errno_t ret; TALLOC_CTX *tmp_ctx; struct ad_service *service; - char *realm; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; @@ -546,8 +551,8 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, goto done; } - service->sdap->name = talloc_strdup(service->sdap, AD_SERVICE_NAME); - service->gc->name = talloc_strdup(service->gc, AD_GC_SERVICE_NAME); + service->sdap->name = talloc_strdup(service->sdap, ad_service); + service->gc->name = talloc_strdup(service->gc, ad_gc_service); if (!service->sdap->name || !service->gc->name) { ret = ENOMEM; goto done; @@ -559,20 +564,20 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, goto done; } - ret = be_fo_add_service(bectx, AD_SERVICE_NAME, ad_user_data_cmp); + ret = be_fo_add_service(bectx, ad_service, ad_user_data_cmp); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create failover service!\n")); goto done; } - ret = be_fo_add_service(bectx, AD_GC_SERVICE_NAME, ad_user_data_cmp); + ret = be_fo_add_service(bectx, ad_gc_service, ad_user_data_cmp); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create GC failover service!\n")); goto done; } service->krb5_service->name = talloc_strdup(service->krb5_service, - AD_SERVICE_NAME); + ad_service); if (!service->krb5_service->name) { ret = ENOMEM; goto done; @@ -580,14 +585,13 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, service->sdap->kinit_service_name = service->krb5_service->name; service->gc->kinit_service_name = service->krb5_service->name; - realm = dp_opt_get_string(options->basic, AD_KRB5_REALM); - if (!realm) { + if (!krb5_realm) { DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm set\n")); ret = EINVAL; goto done; } service->krb5_service->realm = - talloc_strdup(service->krb5_service, realm); + talloc_strdup(service->krb5_service, krb5_realm); if (!service->krb5_service->realm) { ret = ENOMEM; goto done; @@ -600,14 +604,16 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, } ret = ad_primary_servers_init(mem_ctx, service, bectx, - primary_servers, options); + primary_servers, ad_service, + ad_gc_service, ad_domain); if (ret != EOK) { goto done; } if (backup_servers) { ret = ad_backup_servers_init(mem_ctx, service, bectx, - backup_servers, options); + backup_servers, ad_service, + ad_gc_service, ad_domain); if (ret != EOK) { goto done; } @@ -619,7 +625,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, return ret; } - ret = be_fo_service_add_callback(mem_ctx, bectx, AD_SERVICE_NAME, + ret = be_fo_service_add_callback(mem_ctx, bectx, ad_service, ad_resolve_callback, service); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, @@ -627,7 +633,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, goto done; } - ret = be_fo_service_add_callback(mem_ctx, bectx, AD_GC_SERVICE_NAME, + ret = be_fo_service_add_callback(mem_ctx, bectx, ad_gc_service, ad_resolve_callback, service); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index 11075423c..98aeb2165 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -90,7 +90,10 @@ errno_t ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, const char *primary_servers, const char *backup_servers, - struct ad_options *options, + const char *krb5_realm, + const char *ad_service, + const char *ad_gc_service, + const char *ad_domain, struct ad_service **_service); errno_t diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index 5efe05e64..c5d3fac23 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -71,6 +71,7 @@ common_ad_init(struct be_ctx *bectx) errno_t ret; char *ad_servers = NULL; char *ad_backup_servers = NULL; + char *ad_realm; /* Get AD-specific options */ ret = ad_get_common_options(bectx, bectx->cdb, @@ -86,9 +87,12 @@ common_ad_init(struct be_ctx *bectx) ad_servers = dp_opt_get_string(ad_options->basic, AD_SERVER); ad_backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER); + ad_realm = dp_opt_get_string(ad_options->basic, AD_KRB5_REALM); /* Set up the failover service */ - ret = ad_failover_init(ad_options, bectx, ad_servers, ad_backup_servers, ad_options, + ret = ad_failover_init(ad_options, bectx, ad_servers, ad_backup_servers, ad_realm, + AD_SERVICE_NAME, AD_GC_SERVICE_NAME, + dp_opt_get_string(ad_options->basic, AD_DOMAIN), &ad_options->service); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, -- cgit