From b418d3b65c95f02b82268188f17d27fc1b1b49f0 Mon Sep 17 00:00:00 2001 From: Jan Zeleny Date: Tue, 5 Jun 2012 08:43:40 -0400 Subject: Primary server support: krb5 adaptation This patch adds support for the primary server functionality into krb5 provider. No backup servers are added at the moment, just the basic support is in place. --- src/providers/krb5/krb5_common.c | 135 ++++++++++++++++++++++++++------------- src/providers/krb5/krb5_common.h | 4 +- src/providers/krb5/krb5_init.c | 4 +- 3 files changed, 94 insertions(+), 49 deletions(-) diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 19fbd76ed..ad79db9d6 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -465,15 +465,15 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) return; } - -int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, - const char *service_name, const char *servers, - const char *realm, struct krb5_service **_service) +errno_t krb5_servers_init(struct be_ctx *ctx, + struct krb5_service *service, + const char *service_name, + const char *servers, + bool primary) { TALLOC_CTX *tmp_ctx; - struct krb5_service *service; char **list = NULL; - int ret; + errno_t ret; int i; char *port_str; long port; @@ -481,42 +481,14 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, char *endptr; struct servent *servent; - tmp_ctx = talloc_new(memctx); + tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } - service = talloc_zero(tmp_ctx, struct krb5_service); - if (!service) { - ret = ENOMEM; - goto done; - } - - ret = be_fo_add_service(ctx, service_name); - if (ret != EOK) { - DEBUG(1, ("Failed to create failover service!\n")); - goto done; - } - - service->name = talloc_strdup(service, service_name); - if (!service->name) { - ret = ENOMEM; - goto done; - } - - service->realm = talloc_strdup(service, realm); - if (!service->realm) { - ret = ENOMEM; - goto done; - } - - if (!servers) { - servers = BE_SRV_IDENTIFIER; - } - ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL); if (ret != EOK) { - DEBUG(1, ("Failed to parse server list!\n")); + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n")); goto done; } @@ -533,11 +505,11 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, ret = be_fo_add_srv_server(ctx, service_name, service_name, NULL, BE_FO_PROTO_UDP, true, NULL); if (ret) { - DEBUG(0, ("Failed to add server\n")); + DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; } - DEBUG(6, ("Added service lookup\n")); + DEBUG(SSSDBG_TRACE_FUNC, ("Added service lookup\n")); continue; } @@ -552,26 +524,26 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, port = strtol(port_str, &endptr, 10); if (errno != 0) { ret = errno; - DEBUG(1, ("strtol failed on [%s]: [%d][%s].\n", port_str, + DEBUG(SSSDBG_CRIT_FAILURE, ("strtol failed on [%s]: [%d][%s].\n", port_str, ret, strerror(ret))); goto done; } if (*endptr != '\0') { - DEBUG(1, ("Found additional characters [%s] in port number " + DEBUG(SSSDBG_CRIT_FAILURE, ("Found additional characters [%s] in port number " "[%s].\n", endptr, port_str)); ret = EINVAL; goto done; } if (port < 1 || port > 65535) { - DEBUG(1, ("Illegal port number [%d].\n", port)); + DEBUG(SSSDBG_CRIT_FAILURE, ("Illegal port number [%d].\n", port)); ret = EINVAL; goto done; } } else if (isalpha(*port_str)) { servent = getservbyname(port_str, NULL); if (servent == NULL) { - DEBUG(1, ("getservbyname cannot find service [%s].\n", + DEBUG(SSSDBG_CRIT_FAILURE, ("getservbyname cannot find service [%s].\n", port_str)); ret = EINVAL; goto done; @@ -579,20 +551,91 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, port = servent->s_port; } else { - DEBUG(1, ("Unsupported port specifier in [%s].\n", list[i])); + DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported port specifier in [%s].\n", list[i])); ret = EINVAL; goto done; } } ret = be_fo_add_server(ctx, service_name, server_spec, (int) port, - list[i], true); + list[i], primary); if (ret && ret != EEXIST) { - DEBUG(0, ("Failed to add server\n")); + DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; } - DEBUG(6, ("Added Server %s\n", list[i])); + DEBUG(SSSDBG_TRACE_FUNC, ("Added Server %s\n", list[i])); + } + +done: + talloc_free(tmp_ctx); + return ret; +} + +int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, + const char *service_name, + const char *primary_servers, + const char *backup_servers, + const char *realm, struct krb5_service **_service) +{ + TALLOC_CTX *tmp_ctx; + struct krb5_service *service; + int ret; + + tmp_ctx = talloc_new(memctx); + if (!tmp_ctx) { + return ENOMEM; + } + + service = talloc_zero(tmp_ctx, struct krb5_service); + if (!service) { + ret = ENOMEM; + goto done; + } + + ret = be_fo_add_service(ctx, service_name); + if (ret != EOK) { + DEBUG(1, ("Failed to create failover service!\n")); + goto done; + } + + service->name = talloc_strdup(service, service_name); + if (!service->name) { + ret = ENOMEM; + goto done; + } + + service->realm = talloc_strdup(service, realm); + if (!service->realm) { + ret = ENOMEM; + goto done; + } + + if (!primary_servers) { + if (backup_servers) { + DEBUG(SSSDBG_TRACE_FUNC, + ("No primary servers defined but backup are present, " + "setting backup servers as primary\n")); + primary_servers = backup_servers; + backup_servers = NULL; + } else { + DEBUG(SSSDBG_TRACE_FUNC, + ("No primary or backup servers defined, " + "using service discovery\n")); + primary_servers = BE_SRV_IDENTIFIER; + } + } + + ret = krb5_servers_init(ctx, service, service_name, primary_servers, true); + if (ret != EOK) { + goto done; + } + + if (backup_servers) { + ret = krb5_servers_init(ctx, service, service_name, backup_servers, false); + if (ret != EOK) { + goto done; + } } ret = be_fo_service_add_callback(memctx, ctx, service_name, diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index 589b866b4..337fcf55f 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -147,7 +147,9 @@ errno_t write_krb5info_file(const char *realm, const char *kdc, const char *service); int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, - const char *service_name, const char *servers, + const char *service_name, + const char *primary_servers, + const char *backup_servers, const char *realm, struct krb5_service **_service); void remove_krb5_info_files_callback(void *pvt); diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c index 39635e4e1..60c18a8f0 100644 --- a/src/providers/krb5/krb5_init.c +++ b/src/providers/krb5/krb5_init.c @@ -109,7 +109,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, } ret = krb5_service_init(ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers, - krb5_realm, &ctx->service); + NULL, krb5_realm, &ctx->service); if (ret != EOK) { DEBUG(0, ("Failed to init KRB5 failover service!\n")); return ret; @@ -122,7 +122,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, ctx->kpasswd_service = NULL; } else { ret = krb5_service_init(ctx, bectx, SSS_KRB5KPASSWD_FO_SRV, - krb5_kpasswd_servers, krb5_realm, + krb5_kpasswd_servers, NULL, krb5_realm, &ctx->kpasswd_service); if (ret != EOK) { DEBUG(0, ("Failed to init KRB5KPASSWD failover service!\n")); -- cgit