From c7119467d0a0d9e24a887d43865bbbbe1d0ca680 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 19 Nov 2012 10:26:18 +0100 Subject: LDAP: Provide a common sdap_set_sasl_options init function The AD and IPA initialization functions shared the same code. This patch moves the code into a common initialization function. --- src/providers/ad/ad_common.c | 52 +++++------------------------ src/providers/ipa/ipa_common.c | 55 +++++------------------------- src/providers/ldap/ldap_common.c | 72 ++++++++++++++++++++++++++++++++++++++++ src/providers/ldap/ldap_common.h | 7 ++++ 4 files changed, 95 insertions(+), 91 deletions(-) diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 21a7b5346..8600dab22 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -422,13 +422,7 @@ ad_get_id_options(struct ad_options *ad_opts, TALLOC_CTX *tmp_ctx; struct sdap_options *id_opts; char *krb5_realm; - char *sasl_primary; - char *desired_primary; - char *sasl_realm; - char *desired_realm; char *keytab_path; - bool primary_requested = true; - bool realm_requested = true; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; @@ -478,19 +472,6 @@ ad_get_id_options(struct ad_options *ad_opts, id_opts->basic[SDAP_KRB5_REALM].opt_name, krb5_realm)); - /* Configuration of SASL auth ID and realm */ - desired_primary = dp_opt_get_string(id_opts->basic, SDAP_SASL_AUTHID); - if (!desired_primary) { - primary_requested = false; - desired_primary = dp_opt_get_string(ad_opts->basic, AD_HOSTNAME); - } - - desired_realm = dp_opt_get_string(id_opts->basic, SDAP_SASL_REALM); - if (!desired_realm) { - realm_requested = false; - desired_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); - } - keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB); if (keytab_path) { ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_KEYTAB, @@ -502,34 +483,17 @@ ad_get_id_options(struct ad_options *ad_opts, keytab_path)); } - ret = select_principal_from_keytab(tmp_ctx, - desired_primary, desired_realm, - keytab_path, NULL, - &sasl_primary, &sasl_realm); - if (ret != EOK) goto done; - - if ((primary_requested && strcmp(desired_primary, sasl_primary) != 0) || - (realm_requested && strcmp(desired_realm, sasl_realm) != 0)) { - DEBUG(SSSDBG_FATAL_FAILURE, - ("Configured SASL auth ID/realm not found in keytab.\n")); - ret = ENOENT; + ret = sdap_set_sasl_options(id_opts, + dp_opt_get_string(ad_opts->basic, + AD_HOSTNAME), + dp_opt_get_string(ad_opts->basic, + AD_KRB5_REALM), + keytab_path); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the SASL-related options\n")); goto done; } - ret = dp_opt_set_string(id_opts->basic, SDAP_SASL_AUTHID, sasl_primary); - if (ret != EOK) goto done; - DEBUG(SSSDBG_CONF_SETTINGS, - ("Option %s set to %s\n", - id_opts->basic[SDAP_SASL_AUTHID].opt_name, - sasl_primary)); - - ret = dp_opt_set_string(id_opts->basic, SDAP_SASL_REALM, sasl_realm); - if (ret != EOK) goto done; - DEBUG(SSSDBG_CONF_SETTINGS, - ("Option %s set to %s\n", - id_opts->basic[SDAP_SASL_REALM].opt_name, - sasl_realm)); - /* fix schema to AD */ id_opts->schema_type = SDAP_SCHEMA_AD; diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index db736921e..4c68f61d5 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -168,14 +168,9 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, struct sdap_options **_opts) { TALLOC_CTX *tmpctx; - char *primary; char *basedn; char *realm; char *value; - char *desired_realm; - char *desired_primary; - bool primary_requested = true; - bool realm_requested = true; int ret; int i; @@ -248,51 +243,17 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM))); } - /* Configuration of SASL auth ID and realm */ - desired_primary = dp_opt_get_string(ipa_opts->id->basic, SDAP_SASL_AUTHID); - if (!desired_primary) { - primary_requested = false; - desired_primary = dp_opt_get_string(ipa_opts->id->basic, IPA_HOSTNAME); - } - desired_realm = dp_opt_get_string(ipa_opts->id->basic, SDAP_SASL_REALM); - if (!desired_realm) { - realm_requested = false; - desired_realm = dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM); - } - - ret = select_principal_from_keytab(tmpctx, - desired_primary, desired_realm, - dp_opt_get_string(ipa_opts->id->basic, - SDAP_KRB5_KEYTAB), - NULL, &primary, &realm); - if (ret != EOK) { - goto done; - } - - if ((primary_requested && strcmp(desired_primary, primary) != 0) || - (realm_requested && strcmp(desired_realm, realm) != 0)) { - DEBUG(1, ("Configured SASL auth ID/realm not found in keytab.\n")); - ret = ENOENT; - goto done; - } - - ret = dp_opt_set_string(ipa_opts->id->basic, - SDAP_SASL_AUTHID, primary); - if (ret != EOK) { - goto done; - } - DEBUG(6, ("Option %s set to %s\n", - ipa_opts->id->basic[SDAP_SASL_AUTHID].opt_name, - dp_opt_get_string(ipa_opts->id->basic, SDAP_SASL_AUTHID))); - - ret = dp_opt_set_string(ipa_opts->id->basic, - SDAP_SASL_REALM, realm); + ret = sdap_set_sasl_options(ipa_opts->id, + dp_opt_get_string(ipa_opts->id->basic, + IPA_HOSTNAME), + dp_opt_get_string(ipa_opts->id->basic, + SDAP_KRB5_REALM), + dp_opt_get_string(ipa_opts->id->basic, + SDAP_KRB5_KEYTAB)); if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the SASL-related options\n")); goto done; } - DEBUG(6, ("Option %s set to %s\n", - ipa_opts->id->basic[SDAP_SASL_REALM].opt_name, - dp_opt_get_string(ipa_opts->id->basic, SDAP_SASL_REALM))); /* fix schema to IPAv1 for now */ ipa_opts->id->schema_type = SDAP_SCHEMA_IPA_V1; diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index da5786fbf..07e9c5d4f 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -999,6 +999,78 @@ done: return ret; } +errno_t +sdap_set_sasl_options(struct sdap_options *id_opts, + char *default_primary, + char *default_realm, + const char *keytab_path) +{ + errno_t ret; + TALLOC_CTX *tmp_ctx; + char *sasl_primary; + char *desired_primary; + char *sasl_realm; + char *desired_realm; + bool primary_requested = true; + bool realm_requested = true; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) return ENOMEM; + + /* Configuration of SASL auth ID and realm */ + desired_primary = dp_opt_get_string(id_opts->basic, SDAP_SASL_AUTHID); + if (!desired_primary) { + primary_requested = false; + desired_primary = default_primary; + } + + desired_realm = dp_opt_get_string(id_opts->basic, SDAP_SASL_REALM); + if (!desired_realm) { + realm_requested = false; + desired_realm = default_realm; + } + + ret = select_principal_from_keytab(tmp_ctx, + desired_primary, desired_realm, + keytab_path, + NULL, &sasl_primary, &sasl_realm); + if (ret != EOK) { + goto done; + } + + if ((primary_requested && strcmp(desired_primary, sasl_primary) != 0) || + (realm_requested && strcmp(desired_realm, sasl_realm) != 0)) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Configured SASL auth ID/realm not found in keytab.\n")); + ret = ENOENT; + goto done; + } + + ret = dp_opt_set_string(id_opts->basic, + SDAP_SASL_AUTHID, sasl_primary); + if (ret != EOK) { + goto done; + } + DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", + id_opts->basic[SDAP_SASL_AUTHID].opt_name, + dp_opt_get_string(id_opts->basic, SDAP_SASL_AUTHID))); + + ret = dp_opt_set_string(id_opts->basic, + SDAP_SASL_REALM, sasl_realm); + if (ret != EOK) { + goto done; + } + + DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", + id_opts->basic[SDAP_SASL_REALM].opt_name, + dp_opt_get_string(id_opts->basic, SDAP_SASL_REALM))); + + ret = EOK; +done: + talloc_free(tmp_ctx); + return ret; +} + static const char * sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) { diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 034dc995b..86079fa6a 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -228,4 +228,11 @@ sdap_attrs_get_sid_str(TALLOC_CTX *mem_ctx, struct sysdb_attrs *sysdb_attrs, const char *sid_attr, char **_sid_str); + +errno_t +sdap_set_sasl_options(struct sdap_options *id_opts, + char *default_primary, + char *default_realm, + const char *keytab_path); + #endif /* _LDAP_COMMON_H_ */ -- cgit