From e438fbf102c3d787902504bdae177e84230cbbc9 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Wed, 7 Jan 2015 11:02:44 +0000 Subject: AD: support for AD site override MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Override AD site found during DNS discovery. Resolves: https://fedorahosted.org/sssd/ticket/2486 Reviewed-by: Pavel Březina --- src/providers/ad/ad_init.c | 6 +++++- src/providers/ad/ad_srv.c | 24 +++++++++++++++++++++--- src/providers/ad/ad_srv.h | 3 ++- src/providers/ad/ad_subdomains.c | 5 ++++- 4 files changed, 32 insertions(+), 6 deletions(-) (limited to 'src/providers/ad') diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index cba792726..2de7e0a44 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -159,6 +159,7 @@ sssm_ad_id_init(struct be_ctx *bectx, struct ad_id_ctx *ad_ctx; const char *hostname; const char *ad_domain; + const char *ad_site_override; struct ad_srv_plugin_ctx *srv_ctx; if (!ad_options) { @@ -234,9 +235,12 @@ sssm_ad_id_init(struct be_ctx *bectx, if (dp_opt_get_bool(ad_options->basic, AD_ENABLE_DNS_SITES)) { /* use AD plugin */ ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN); + ad_site_override = dp_opt_get_string(ad_options->basic, AD_SITE); + srv_ctx = ad_srv_plugin_ctx_init(bectx, bectx->be_res, default_host_dbs, ad_options->id, - hostname, ad_domain); + hostname, ad_domain, + ad_site_override); if (srv_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n"); ret = ENOMEM; diff --git a/src/providers/ad/ad_srv.c b/src/providers/ad/ad_srv.c index 53d8a8770..ac9dfa187 100644 --- a/src/providers/ad/ad_srv.c +++ b/src/providers/ad/ad_srv.c @@ -540,7 +540,7 @@ done: int ad_get_client_site_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, - char **_site, + const char **_site, char **_forest) { struct ad_get_client_site_state *state = NULL; @@ -560,6 +560,7 @@ struct ad_srv_plugin_ctx { struct sdap_options *opts; const char *hostname; const char *ad_domain; + const char *ad_site_override; }; struct ad_srv_plugin_ctx * @@ -568,7 +569,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, enum host_database *host_dbs, struct sdap_options *opts, const char *hostname, - const char *ad_domain) + const char *ad_domain, + const char *ad_site_override) { struct ad_srv_plugin_ctx *ctx = NULL; @@ -591,6 +593,13 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, goto fail; } + if (ad_site_override != NULL) { + ctx->ad_site_override = talloc_strdup(ctx, ad_site_override); + if (ctx->ad_site_override == NULL) { + goto fail; + } + } + return ctx; fail: @@ -605,7 +614,7 @@ struct ad_srv_plugin_state { const char *protocol; const char *discovery_domain; - char *site; + const char *site; char *dns_domain; char *forest; struct fo_server_info *primary_servers; @@ -756,6 +765,15 @@ static void ad_srv_plugin_site_done(struct tevent_req *subreq) ret = ad_get_client_site_recv(state, subreq, &state->site, &state->forest); talloc_zfree(subreq); + /* Ignore AD site found by dns discovery if specific site is set in + * configuration file. */ + if (state->ctx->ad_site_override != NULL) { + DEBUG(SSSDBG_TRACE_INTERNAL, + "Ignoring AD site found by DNS discovery: '%s', " + "using configured value: '%s' instead.\n", + state->site, state->ctx->ad_site_override); + state->site = state->ctx->ad_site_override; + } if (ret == EOK) { if (strcmp(state->service, "gc") == 0) { primary_domain = talloc_asprintf(state, AD_SITE_DOMAIN_FMT, diff --git a/src/providers/ad/ad_srv.h b/src/providers/ad/ad_srv.h index 7522ecae4..be3ac2826 100644 --- a/src/providers/ad/ad_srv.h +++ b/src/providers/ad/ad_srv.h @@ -29,7 +29,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, enum host_database *host_dbs, struct sdap_options *opts, const char *hostname, - const char *ad_domain); + const char *ad_domain, + const char *ad_site_override); struct tevent_req *ad_srv_plugin_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index 3c61d1352..b3821f8d0 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -102,6 +102,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, const char *gc_service_name; struct ad_srv_plugin_ctx *srv_ctx; char *ad_domain; + char *ad_site_override; struct sdap_domain *sdom; errno_t ret; const char *realm; @@ -122,6 +123,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, } ad_domain = subdom->name; + ad_site_override = dp_opt_get_string(ad_options->basic, AD_SITE); ret = dp_opt_set_string(ad_options->basic, AD_DOMAIN, ad_domain); if (ret != EOK) { @@ -158,7 +160,8 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, default_host_dbs, ad_id_ctx->ad_options->id, hostname, - ad_domain); + ad_domain, + ad_site_override); if (srv_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n"); return ENOMEM; -- cgit