summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPavel Reichl <preichl@redhat.com>2015-01-07 11:02:44 +0000
committerJakub Hrozek <jhrozek@redhat.com>2015-01-26 23:29:33 +0100
commite438fbf102c3d787902504bdae177e84230cbbc9 (patch)
treea6e71eae73f498f5bd9fd5cffdeb9a6e3c5443fb
parentb22e0da9e644f5eb84ee0c8986979fec3fe7eb56 (diff)
downloadsssd-e438fbf102c3d787902504bdae177e84230cbbc9.tar.gz
sssd-e438fbf102c3d787902504bdae177e84230cbbc9.tar.xz
sssd-e438fbf102c3d787902504bdae177e84230cbbc9.zip
AD: support for AD site override
Override AD site found during DNS discovery. Resolves: https://fedorahosted.org/sssd/ticket/2486 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r--src/providers/ad/ad_init.c6
-rw-r--r--src/providers/ad/ad_srv.c24
-rw-r--r--src/providers/ad/ad_srv.h3
-rw-r--r--src/providers/ad/ad_subdomains.c5
-rw-r--r--src/providers/ipa/ipa_subdomains.c6
5 files changed, 37 insertions, 7 deletions
diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
index cba792726..2de7e0a44 100644
--- a/src/providers/ad/ad_init.c
+++ b/src/providers/ad/ad_init.c
@@ -159,6 +159,7 @@ sssm_ad_id_init(struct be_ctx *bectx,
struct ad_id_ctx *ad_ctx;
const char *hostname;
const char *ad_domain;
+ const char *ad_site_override;
struct ad_srv_plugin_ctx *srv_ctx;
if (!ad_options) {
@@ -234,9 +235,12 @@ sssm_ad_id_init(struct be_ctx *bectx,
if (dp_opt_get_bool(ad_options->basic, AD_ENABLE_DNS_SITES)) {
/* use AD plugin */
ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN);
+ ad_site_override = dp_opt_get_string(ad_options->basic, AD_SITE);
+
srv_ctx = ad_srv_plugin_ctx_init(bectx, bectx->be_res,
default_host_dbs, ad_options->id,
- hostname, ad_domain);
+ hostname, ad_domain,
+ ad_site_override);
if (srv_ctx == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n");
ret = ENOMEM;
diff --git a/src/providers/ad/ad_srv.c b/src/providers/ad/ad_srv.c
index 53d8a8770..ac9dfa187 100644
--- a/src/providers/ad/ad_srv.c
+++ b/src/providers/ad/ad_srv.c
@@ -540,7 +540,7 @@ done:
int ad_get_client_site_recv(TALLOC_CTX *mem_ctx,
struct tevent_req *req,
- char **_site,
+ const char **_site,
char **_forest)
{
struct ad_get_client_site_state *state = NULL;
@@ -560,6 +560,7 @@ struct ad_srv_plugin_ctx {
struct sdap_options *opts;
const char *hostname;
const char *ad_domain;
+ const char *ad_site_override;
};
struct ad_srv_plugin_ctx *
@@ -568,7 +569,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
enum host_database *host_dbs,
struct sdap_options *opts,
const char *hostname,
- const char *ad_domain)
+ const char *ad_domain,
+ const char *ad_site_override)
{
struct ad_srv_plugin_ctx *ctx = NULL;
@@ -591,6 +593,13 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
goto fail;
}
+ if (ad_site_override != NULL) {
+ ctx->ad_site_override = talloc_strdup(ctx, ad_site_override);
+ if (ctx->ad_site_override == NULL) {
+ goto fail;
+ }
+ }
+
return ctx;
fail:
@@ -605,7 +614,7 @@ struct ad_srv_plugin_state {
const char *protocol;
const char *discovery_domain;
- char *site;
+ const char *site;
char *dns_domain;
char *forest;
struct fo_server_info *primary_servers;
@@ -756,6 +765,15 @@ static void ad_srv_plugin_site_done(struct tevent_req *subreq)
ret = ad_get_client_site_recv(state, subreq, &state->site, &state->forest);
talloc_zfree(subreq);
+ /* Ignore AD site found by dns discovery if specific site is set in
+ * configuration file. */
+ if (state->ctx->ad_site_override != NULL) {
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Ignoring AD site found by DNS discovery: '%s', "
+ "using configured value: '%s' instead.\n",
+ state->site, state->ctx->ad_site_override);
+ state->site = state->ctx->ad_site_override;
+ }
if (ret == EOK) {
if (strcmp(state->service, "gc") == 0) {
primary_domain = talloc_asprintf(state, AD_SITE_DOMAIN_FMT,
diff --git a/src/providers/ad/ad_srv.h b/src/providers/ad/ad_srv.h
index 7522ecae4..be3ac2826 100644
--- a/src/providers/ad/ad_srv.h
+++ b/src/providers/ad/ad_srv.h
@@ -29,7 +29,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
enum host_database *host_dbs,
struct sdap_options *opts,
const char *hostname,
- const char *ad_domain);
+ const char *ad_domain,
+ const char *ad_site_override);
struct tevent_req *ad_srv_plugin_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 3c61d1352..b3821f8d0 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -102,6 +102,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
const char *gc_service_name;
struct ad_srv_plugin_ctx *srv_ctx;
char *ad_domain;
+ char *ad_site_override;
struct sdap_domain *sdom;
errno_t ret;
const char *realm;
@@ -122,6 +123,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
}
ad_domain = subdom->name;
+ ad_site_override = dp_opt_get_string(ad_options->basic, AD_SITE);
ret = dp_opt_set_string(ad_options->basic, AD_DOMAIN, ad_domain);
if (ret != EOK) {
@@ -158,7 +160,8 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
default_host_dbs,
ad_id_ctx->ad_options->id,
hostname,
- ad_domain);
+ ad_domain,
+ ad_site_override);
if (srv_ctx == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n");
return ENOMEM;
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 3148389f7..d0f02bade 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -116,6 +116,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
const char *gc_service_name;
struct ad_srv_plugin_ctx *srv_ctx;
char *ad_domain;
+ const char *ad_site_override;
struct sdap_domain *sdom;
errno_t ret;
const char *extra_attrs;
@@ -201,12 +202,15 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
ad_id_ctx->sdap_id_ctx->opts = ad_options->id;
ad_options->id_ctx = ad_id_ctx;
+ ad_site_override = dp_opt_get_string(ad_options->basic, AD_SITE);
+
/* use AD plugin */
srv_ctx = ad_srv_plugin_ctx_init(be_ctx, be_ctx->be_res,
default_host_dbs,
ad_id_ctx->ad_options->id,
id_ctx->server_mode->hostname,
- ad_domain);
+ ad_domain,
+ ad_site_override);
if (srv_ctx == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n");
return ENOMEM;