From 09d71c750ed3061c9f802b0c3c6e53de40b7c241 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 16 Apr 2010 17:58:52 +0200 Subject: Use service discovery in backends Integrate the failover improvements with our back ends. The DNS domain used in the SRV query is always the SSSD domain name. Please note that this patch changes the default value of ldap_uri from "ldap://localhost" to "NULL" in order to use service discovery with no server set. --- src/providers/krb5/krb5_common.c | 21 +++++++++++++++++++++ src/providers/krb5/krb5_common.h | 4 ++-- src/providers/krb5/krb5_init.c | 8 ++++---- 3 files changed, 27 insertions(+), 6 deletions(-) (limited to 'src/providers/krb5') diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index 786b62c3d..da7627ce3 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -335,6 +335,10 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, goto done; } + if (!servers) { + servers = BE_SRV_IDENTIFIER; + } + ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL); if (ret != EOK) { DEBUG(1, ("Failed to parse server list!\n")); @@ -345,6 +349,23 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, talloc_steal(service, list[i]); server_spec = talloc_strdup(service, list[i]); + if (!server_spec) { + ret = ENOMEM; + goto done; + } + + if (be_fo_is_srv_identifier(server_spec)) { + ret = be_fo_add_srv_server(ctx, service_name, service_name, + FO_PROTO_TCP, ctx->domain->name, NULL); + if (ret) { + DEBUG(0, ("Failed to add server\n")); + goto done; + } + + DEBUG(6, ("Added service lookup\n")); + continue; + } + port_str = strrchr(server_spec, ':'); if (port_str == NULL) { port = 0; diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index d85364584..dd7fdf2da 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -40,8 +40,8 @@ #define KDCINFO_TMPL PUBCONF_PATH"/kdcinfo.%s" #define KPASSWDINFO_TMPL PUBCONF_PATH"/kpasswdinfo.%s" -#define SSS_KRB5KDC_FO_SRV "KRB5KDC" -#define SSS_KRB5KPASSWD_FO_SRV "KRB5KPASSWD" +#define SSS_KRB5KDC_FO_SRV "KERBEROS" +#define SSS_KRB5KPASSWD_FO_SRV "KPASSWD" enum krb5_opts { KRB5_KDC = 0, diff --git a/src/providers/krb5/krb5_init.c b/src/providers/krb5/krb5_init.c index aa963dda5..4a02b0514 100644 --- a/src/providers/krb5/krb5_init.c +++ b/src/providers/krb5/krb5_init.c @@ -90,8 +90,7 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC); if (krb5_servers == NULL) { - DEBUG(0, ("Missing krb5_kdcip option!\n")); - return EINVAL; + DEBUG(1, ("Missing krb5_kdcip option, using service discovery!\n")); } krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM); @@ -108,8 +107,9 @@ int sssm_krb5_auth_init(struct be_ctx *bectx, } krb5_kpasswd_servers = dp_opt_get_string(ctx->opts, KRB5_KPASSWD); - if (krb5_kpasswd_servers == NULL) { - DEBUG(0, ("Missing krb5_kpasswd option, using KDC!\n")); + if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) { + DEBUG(0, ("Missing krb5_kpasswd option and KDC set explicitly, " + "will use KDC for pasword change operations!\n")); ctx->kpasswd_service = NULL; } else { ret = krb5_service_init(ctx, bectx, SSS_KRB5KPASSWD_FO_SRV, -- cgit