|
|
ca1eb8 |
From 713bc782502163251ef22eb81b09eed61a8407f7 Mon Sep 17 00:00:00 2001
|
|
|
ca1eb8 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
ca1eb8 |
Date: Tue, 5 Jun 2018 17:44:59 +0200
|
|
|
ca1eb8 |
Subject: [PATCH] krb5: refactor removal of krb5info files
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
Currently a persistent offline callback removes the krb5info files for
|
|
|
ca1eb8 |
the configured main domain and those files were removed by a SIGTERM
|
|
|
ca1eb8 |
signal handlers as well.
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
This does not scale if krb5info files are created for sub-domains as
|
|
|
ca1eb8 |
well. To remove the files automatically the removal is moved into a
|
|
|
ca1eb8 |
talloc destructor of an offline callback which is added if the file is
|
|
|
ca1eb8 |
created and frees itself when the system goes offline. Due to the
|
|
|
ca1eb8 |
talloc memory hierarchy we get removal on shutdown for free.
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
Related to https://pagure.io/SSSD/sssd/issue/3652
|
|
|
ca1eb8 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
(cherry picked from commit d91661e295c8e878f1bbf34e6f65f61e8301bf0e)
|
|
|
ca1eb8 |
---
|
|
|
ca1eb8 |
src/providers/ad/ad_common.c | 7 +-
|
|
|
ca1eb8 |
src/providers/ipa/ipa_common.c | 5 +-
|
|
|
ca1eb8 |
src/providers/krb5/krb5_common.c | 176 +++++++++++++-------------
|
|
|
ca1eb8 |
src/providers/krb5/krb5_common.h | 7 +-
|
|
|
ca1eb8 |
src/providers/krb5/krb5_init_shared.c | 6 -
|
|
|
ca1eb8 |
src/providers/ldap/ldap_common.c | 87 -------------
|
|
|
ca1eb8 |
6 files changed, 102 insertions(+), 186 deletions(-)
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
|
|
|
ca1eb8 |
index 0aea985e00faa996643fd7e7630d4264fb6cf233..8caaba6c0d06cfe83d9741536192d662fc936273 100644
|
|
|
ca1eb8 |
--- a/src/providers/ad/ad_common.c
|
|
|
ca1eb8 |
+++ b/src/providers/ad/ad_common.c
|
|
|
ca1eb8 |
@@ -804,6 +804,8 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
|
|
|
ca1eb8 |
goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
+ service->krb5_service->be_ctx = bectx;
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
if (!primary_servers) {
|
|
|
ca1eb8 |
DEBUG(SSSDBG_CONF_SETTINGS,
|
|
|
ca1eb8 |
"No primary servers defined, using service discovery\n");
|
|
|
ca1eb8 |
@@ -984,8 +986,9 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
|
|
|
ca1eb8 |
goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
- ret = write_krb5info_file(service->krb5_service->realm, safe_address,
|
|
|
ca1eb8 |
- SSS_KRB5KDC_FO_SRV);
|
|
|
ca1eb8 |
+ ret = write_krb5info_file(service->krb5_service,
|
|
|
ca1eb8 |
+ safe_address,
|
|
|
ca1eb8 |
+ SSS_KRB5KDC_FO_SRV);
|
|
|
ca1eb8 |
if (ret != EOK) {
|
|
|
ca1eb8 |
DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
ca1eb8 |
"write_krb5info_file failed, authentication might fail.\n");
|
|
|
ca1eb8 |
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
|
|
|
ca1eb8 |
index 87ed967673358bf833dae13c29b1f6a17b0fc19c..dcbb54a744358718e444972b9827ee64887e5e33 100644
|
|
|
ca1eb8 |
--- a/src/providers/ipa/ipa_common.c
|
|
|
ca1eb8 |
+++ b/src/providers/ipa/ipa_common.c
|
|
|
ca1eb8 |
@@ -838,7 +838,8 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
|
|
|
ca1eb8 |
return;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
- ret = write_krb5info_file(service->krb5_service->realm, safe_address,
|
|
|
ca1eb8 |
+ ret = write_krb5info_file(service->krb5_service,
|
|
|
ca1eb8 |
+ safe_address,
|
|
|
ca1eb8 |
SSS_KRB5KDC_FO_SRV);
|
|
|
ca1eb8 |
if (ret != EOK) {
|
|
|
ca1eb8 |
DEBUG(SSSDBG_OP_FAILURE,
|
|
|
ca1eb8 |
@@ -1012,6 +1013,8 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
|
|
|
ca1eb8 |
goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
+ service->krb5_service->be_ctx = ctx;
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
if (!primary_servers) {
|
|
|
ca1eb8 |
DEBUG(SSSDBG_CONF_SETTINGS,
|
|
|
ca1eb8 |
"No primary servers defined, using service discovery\n");
|
|
|
ca1eb8 |
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
|
|
|
ca1eb8 |
index 520e7591ce1b37b4a8dea357b6dd0ec7afd76f58..c6896a6cd663da896075e72aa0a0602c198b45e8 100644
|
|
|
ca1eb8 |
--- a/src/providers/krb5/krb5_common.c
|
|
|
ca1eb8 |
+++ b/src/providers/krb5/krb5_common.c
|
|
|
ca1eb8 |
@@ -389,7 +389,76 @@ done:
|
|
|
ca1eb8 |
return ret;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
-errno_t write_krb5info_file(const char *realm, const char *server,
|
|
|
ca1eb8 |
+static int remove_info_files_destructor(void *p)
|
|
|
ca1eb8 |
+{
|
|
|
ca1eb8 |
+ int ret;
|
|
|
ca1eb8 |
+ struct remove_info_files_ctx *ctx = talloc_get_type(p,
|
|
|
ca1eb8 |
+ struct remove_info_files_ctx);
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ ret = remove_krb5_info_files(ctx, ctx->realm);
|
|
|
ca1eb8 |
+ if (ret != EOK) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ return 0;
|
|
|
ca1eb8 |
+}
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+static errno_t
|
|
|
ca1eb8 |
+krb5_add_krb5info_offline_callback(struct krb5_service *krb5_service)
|
|
|
ca1eb8 |
+{
|
|
|
ca1eb8 |
+ int ret;
|
|
|
ca1eb8 |
+ struct remove_info_files_ctx *ctx;
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ if (krb5_service == NULL || krb5_service->name == NULL
|
|
|
ca1eb8 |
+ || krb5_service->realm == NULL
|
|
|
ca1eb8 |
+ || krb5_service->be_ctx == NULL) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name or realm!\n");
|
|
|
ca1eb8 |
+ return EINVAL;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ ctx = talloc_zero(krb5_service->be_ctx, struct remove_info_files_ctx);
|
|
|
ca1eb8 |
+ if (ctx == NULL) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n");
|
|
|
ca1eb8 |
+ return ENOMEM;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ ctx->realm = talloc_strdup(ctx, krb5_service->realm);
|
|
|
ca1eb8 |
+ if (ctx->realm == NULL) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
|
|
|
ca1eb8 |
+ ret = ENOMEM;
|
|
|
ca1eb8 |
+ goto done;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ ctx->be_ctx = krb5_service->be_ctx;
|
|
|
ca1eb8 |
+ ctx->kdc_service_name = talloc_strdup(ctx, krb5_service->name);
|
|
|
ca1eb8 |
+ if (ctx->kdc_service_name == NULL) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
|
|
|
ca1eb8 |
+ ret = ENOMEM;
|
|
|
ca1eb8 |
+ goto done;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ ret = be_add_offline_cb(ctx, krb5_service->be_ctx,
|
|
|
ca1eb8 |
+ remove_krb5_info_files_callback, ctx, NULL);
|
|
|
ca1eb8 |
+ if (ret != EOK) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
|
|
|
ca1eb8 |
+ goto done;
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ talloc_set_destructor((TALLOC_CTX *) ctx, remove_info_files_destructor);
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ ret = EOK;
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+done:
|
|
|
ca1eb8 |
+ if (ret != EOK) {
|
|
|
ca1eb8 |
+ talloc_zfree(ctx);
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+ return ret;
|
|
|
ca1eb8 |
+}
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
+errno_t write_krb5info_file(struct krb5_service *krb5_service,
|
|
|
ca1eb8 |
+ const char *server,
|
|
|
ca1eb8 |
const char *service)
|
|
|
ca1eb8 |
{
|
|
|
ca1eb8 |
int ret;
|
|
|
ca1eb8 |
@@ -401,17 +470,19 @@ errno_t write_krb5info_file(const char *realm, const char *server,
|
|
|
ca1eb8 |
size_t server_len;
|
|
|
ca1eb8 |
ssize_t written;
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
- if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' ||
|
|
|
ca1eb8 |
- service == NULL || *service == '\0') {
|
|
|
ca1eb8 |
+ if (krb5_service == NULL || krb5_service->realm == NULL
|
|
|
ca1eb8 |
+ || *krb5_service->realm == '\0'
|
|
|
ca1eb8 |
+ || server == NULL || *server == '\0'
|
|
|
ca1eb8 |
+ || service == NULL || *service == '\0') {
|
|
|
ca1eb8 |
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
ca1eb8 |
"Missing or empty realm, server or service.\n");
|
|
|
ca1eb8 |
return EINVAL;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
- if (sss_krb5_realm_has_proxy(realm)) {
|
|
|
ca1eb8 |
+ if (sss_krb5_realm_has_proxy(krb5_service->realm)) {
|
|
|
ca1eb8 |
DEBUG(SSSDBG_CONF_SETTINGS,
|
|
|
ca1eb8 |
"KDC Proxy available for realm [%s], no kdcinfo file created.\n",
|
|
|
ca1eb8 |
- realm);
|
|
|
ca1eb8 |
+ krb5_service->realm);
|
|
|
ca1eb8 |
return EOK;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
@@ -439,7 +510,7 @@ errno_t write_krb5info_file(const char *realm, const char *server,
|
|
|
ca1eb8 |
goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
- krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, realm);
|
|
|
ca1eb8 |
+ krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, krb5_service->realm);
|
|
|
ca1eb8 |
if (krb5info_name == NULL) {
|
|
|
ca1eb8 |
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
|
|
|
ca1eb8 |
ret = ENOMEM;
|
|
|
ca1eb8 |
@@ -495,6 +566,12 @@ errno_t write_krb5info_file(const char *realm, const char *server,
|
|
|
ca1eb8 |
goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
+ ret = krb5_add_krb5info_offline_callback(krb5_service);
|
|
|
ca1eb8 |
+ if (ret != EOK) {
|
|
|
ca1eb8 |
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to add offline callback, krb5info "
|
|
|
ca1eb8 |
+ "file might not be removed properly.\n");
|
|
|
ca1eb8 |
+ }
|
|
|
ca1eb8 |
+
|
|
|
ca1eb8 |
ret = EOK;
|
|
|
ca1eb8 |
done:
|
|
|
ca1eb8 |
if (fd != -1) {
|
|
|
ca1eb8 |
@@ -561,7 +638,8 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
|
|
|
ca1eb8 |
return;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
- ret = write_krb5info_file(krb5_service->realm, safe_address,
|
|
|
ca1eb8 |
+ ret = write_krb5info_file(krb5_service,
|
|
|
ca1eb8 |
+ safe_address,
|
|
|
ca1eb8 |
krb5_service->name);
|
|
|
ca1eb8 |
if (ret != EOK) {
|
|
|
ca1eb8 |
DEBUG(SSSDBG_OP_FAILURE,
|
|
|
ca1eb8 |
@@ -761,6 +839,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
service->write_kdcinfo = use_kdcinfo;
|
|
|
ca1eb8 |
+ service->be_ctx = ctx;
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
if (!primary_servers) {
|
|
|
ca1eb8 |
DEBUG(SSSDBG_CONF_SETTINGS,
|
|
|
ca1eb8 |
@@ -839,7 +918,6 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
|
|
|
ca1eb8 |
void remove_krb5_info_files_callback(void *pvt)
|
|
|
ca1eb8 |
{
|
|
|
ca1eb8 |
int ret;
|
|
|
ca1eb8 |
- TALLOC_CTX *tmp_ctx = NULL;
|
|
|
ca1eb8 |
struct remove_info_files_ctx *ctx = talloc_get_type(pvt,
|
|
|
ca1eb8 |
struct remove_info_files_ctx);
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
@@ -864,19 +942,10 @@ void remove_krb5_info_files_callback(void *pvt)
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
- tmp_ctx = talloc_new(NULL);
|
|
|
ca1eb8 |
- if (tmp_ctx == NULL) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
ca1eb8 |
- "talloc_new failed, cannot remove krb5 info files.\n");
|
|
|
ca1eb8 |
- return;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ret = remove_krb5_info_files(tmp_ctx, ctx->realm);
|
|
|
ca1eb8 |
- if (ret != EOK) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- talloc_zfree(tmp_ctx);
|
|
|
ca1eb8 |
+ /* Freeing the remove_info_files_ctx will remove the related krb5info
|
|
|
ca1eb8 |
+ * file. Additionally the callback from the list of callbacks is removed,
|
|
|
ca1eb8 |
+ * it will be added again when a new krb5info file is created. */
|
|
|
ca1eb8 |
+ talloc_free(ctx);
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
void krb5_finalize(struct tevent_context *ev,
|
|
|
ca1eb8 |
@@ -886,74 +955,9 @@ void krb5_finalize(struct tevent_context *ev,
|
|
|
ca1eb8 |
void *siginfo,
|
|
|
ca1eb8 |
void *private_data)
|
|
|
ca1eb8 |
{
|
|
|
ca1eb8 |
- char *realm = (char *)private_data;
|
|
|
ca1eb8 |
- int ret;
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ret = remove_krb5_info_files(se, realm);
|
|
|
ca1eb8 |
- if (ret != EOK) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
orderly_shutdown(0);
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
-errno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
|
|
|
ca1eb8 |
- struct krb5_ctx *krb5_ctx)
|
|
|
ca1eb8 |
-{
|
|
|
ca1eb8 |
- int ret;
|
|
|
ca1eb8 |
- struct remove_info_files_ctx *ctx;
|
|
|
ca1eb8 |
- const char *krb5_realm;
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n");
|
|
|
ca1eb8 |
- return EINVAL;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ctx = talloc_zero(krb5_ctx, struct remove_info_files_ctx);
|
|
|
ca1eb8 |
- if (ctx == NULL) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n");
|
|
|
ca1eb8 |
- return ENOMEM;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
|
|
|
ca1eb8 |
- if (krb5_realm == NULL) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
|
|
|
ca1eb8 |
- ret = EINVAL;
|
|
|
ca1eb8 |
- goto done;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ctx->realm = talloc_strdup(ctx, krb5_realm);
|
|
|
ca1eb8 |
- if (ctx->realm == NULL) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
|
|
|
ca1eb8 |
- ret = ENOMEM;
|
|
|
ca1eb8 |
- goto done;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ctx->be_ctx = be_ctx;
|
|
|
ca1eb8 |
- ctx->kdc_service_name = krb5_ctx->service->name;
|
|
|
ca1eb8 |
- if (krb5_ctx->kpasswd_service == NULL) {
|
|
|
ca1eb8 |
- ctx->kpasswd_service_name =NULL;
|
|
|
ca1eb8 |
- } else {
|
|
|
ca1eb8 |
- ctx->kpasswd_service_name = krb5_ctx->kpasswd_service->name;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ret = be_add_offline_cb(ctx, be_ctx, remove_krb5_info_files_callback, ctx,
|
|
|
ca1eb8 |
- NULL);
|
|
|
ca1eb8 |
- if (ret != EOK) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
|
|
|
ca1eb8 |
- goto done;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ret = EOK;
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
-done:
|
|
|
ca1eb8 |
- if (ret != EOK) {
|
|
|
ca1eb8 |
- talloc_zfree(ctx);
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- return ret;
|
|
|
ca1eb8 |
-}
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
|
|
|
ca1eb8 |
struct krb5_ctx *krb5_ctx)
|
|
|
ca1eb8 |
{
|
|
|
ca1eb8 |
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
|
|
|
ca1eb8 |
index 48368a528e75947102c74cb75bf7a74ec0dd258f..a2e47b0605debdffa28305dab4f7674707f713ac 100644
|
|
|
ca1eb8 |
--- a/src/providers/krb5/krb5_common.h
|
|
|
ca1eb8 |
+++ b/src/providers/krb5/krb5_common.h
|
|
|
ca1eb8 |
@@ -67,6 +67,7 @@ enum krb5_opts {
|
|
|
ca1eb8 |
typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type;
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
struct krb5_service {
|
|
|
ca1eb8 |
+ struct be_ctx *be_ctx;
|
|
|
ca1eb8 |
char *name;
|
|
|
ca1eb8 |
char *realm;
|
|
|
ca1eb8 |
bool write_kdcinfo;
|
|
|
ca1eb8 |
@@ -157,7 +158,8 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
|
|
|
ca1eb8 |
errno_t sss_krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
|
|
|
ca1eb8 |
const char *conf_path, struct dp_option **_opts);
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
-errno_t write_krb5info_file(const char *realm, const char *kdc,
|
|
|
ca1eb8 |
+errno_t write_krb5info_file(struct krb5_service *krb5_service,
|
|
|
ca1eb8 |
+ const char *server,
|
|
|
ca1eb8 |
const char *service);
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
|
|
|
ca1eb8 |
@@ -177,9 +179,6 @@ void krb5_finalize(struct tevent_context *ev,
|
|
|
ca1eb8 |
void *siginfo,
|
|
|
ca1eb8 |
void *private_data);
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
-errno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
|
|
|
ca1eb8 |
- struct krb5_ctx *krb_ctx);
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
|
|
|
ca1eb8 |
struct krb5_ctx *krb5_ctx);
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c
|
|
|
ca1eb8 |
index 3901b7272119c32930c2b6b47279a2c685bf3cfb..368d6f7b0f2bc038e4cc4aa8f0970cd0e81d7b6b 100644
|
|
|
ca1eb8 |
--- a/src/providers/krb5/krb5_init_shared.c
|
|
|
ca1eb8 |
+++ b/src/providers/krb5/krb5_init_shared.c
|
|
|
ca1eb8 |
@@ -71,12 +71,6 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
|
|
|
ca1eb8 |
goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
- ret = krb5_install_offline_callback(bectx, krb5_auth_ctx);
|
|
|
ca1eb8 |
- if (ret != EOK) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_offline_callback failed.\n");
|
|
|
ca1eb8 |
- goto done;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
ret = krb5_install_sigterm_handler(bectx->ev, krb5_auth_ctx);
|
|
|
ca1eb8 |
if (ret != EOK) {
|
|
|
ca1eb8 |
DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_sigterm_handler failed.\n");
|
|
|
ca1eb8 |
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
|
|
|
ca1eb8 |
index 91e229243b9a1b43e7a57704824f5db0341f4ee9..15377ee1f062c0167aabee30ef0757ebe7271682 100644
|
|
|
ca1eb8 |
--- a/src/providers/ldap/ldap_common.c
|
|
|
ca1eb8 |
+++ b/src/providers/ldap/ldap_common.c
|
|
|
ca1eb8 |
@@ -158,14 +158,6 @@ static void sdap_finalize(struct tevent_context *ev,
|
|
|
ca1eb8 |
void *siginfo,
|
|
|
ca1eb8 |
void *private_data)
|
|
|
ca1eb8 |
{
|
|
|
ca1eb8 |
- char *realm = (char *) private_data;
|
|
|
ca1eb8 |
- int ret;
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ret = remove_krb5_info_files(se, realm);
|
|
|
ca1eb8 |
- if (ret != EOK) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
orderly_shutdown(0);
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
@@ -196,78 +188,6 @@ errno_t sdap_install_sigterm_handler(TALLOC_CTX *mem_ctx,
|
|
|
ca1eb8 |
return EOK;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
-void sdap_remove_kdcinfo_files_callback(void *pvt)
|
|
|
ca1eb8 |
-{
|
|
|
ca1eb8 |
- int ret;
|
|
|
ca1eb8 |
- TALLOC_CTX *tmp_ctx = NULL;
|
|
|
ca1eb8 |
- struct remove_info_files_ctx *ctx = talloc_get_type(pvt,
|
|
|
ca1eb8 |
- struct remove_info_files_ctx);
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
|
|
|
ca1eb8 |
- ctx->kdc_service_name);
|
|
|
ca1eb8 |
- if (ret != EOK) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
ca1eb8 |
- "be_fo_run_callbacks_at_next_request failed, "
|
|
|
ca1eb8 |
- "krb5 info files will not be removed, because "
|
|
|
ca1eb8 |
- "it is unclear if they will be recreated properly.\n");
|
|
|
ca1eb8 |
- return;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- tmp_ctx = talloc_new(NULL);
|
|
|
ca1eb8 |
- if (tmp_ctx == NULL) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
ca1eb8 |
- "talloc_new failed, cannot remove krb5 info files.\n");
|
|
|
ca1eb8 |
- return;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ret = remove_krb5_info_files(tmp_ctx, ctx->realm);
|
|
|
ca1eb8 |
- if (ret != EOK) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- talloc_zfree(tmp_ctx);
|
|
|
ca1eb8 |
-}
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
-errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx,
|
|
|
ca1eb8 |
- struct be_ctx *be_ctx,
|
|
|
ca1eb8 |
- const char *realm,
|
|
|
ca1eb8 |
- const char *service_name)
|
|
|
ca1eb8 |
-{
|
|
|
ca1eb8 |
- int ret;
|
|
|
ca1eb8 |
- struct remove_info_files_ctx *ctx;
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ctx = talloc_zero(mem_ctx, struct remove_info_files_ctx);
|
|
|
ca1eb8 |
- if (ctx == NULL) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n");
|
|
|
ca1eb8 |
- return ENOMEM;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ctx->be_ctx = be_ctx;
|
|
|
ca1eb8 |
- ctx->realm = talloc_strdup(ctx, realm);
|
|
|
ca1eb8 |
- ctx->kdc_service_name = talloc_strdup(ctx, service_name);
|
|
|
ca1eb8 |
- if (ctx->realm == NULL || ctx->kdc_service_name == NULL) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
|
|
|
ca1eb8 |
- ret = ENOMEM;
|
|
|
ca1eb8 |
- goto done;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ret = be_add_offline_cb(ctx, be_ctx,
|
|
|
ca1eb8 |
- sdap_remove_kdcinfo_files_callback,
|
|
|
ca1eb8 |
- ctx, NULL);
|
|
|
ca1eb8 |
- if (ret != EOK) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
|
|
|
ca1eb8 |
- goto done;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
- ret = EOK;
|
|
|
ca1eb8 |
-done:
|
|
|
ca1eb8 |
- if (ret != EOK) {
|
|
|
ca1eb8 |
- talloc_zfree(ctx);
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
- return ret;
|
|
|
ca1eb8 |
-}
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
errno_t
|
|
|
ca1eb8 |
sdap_set_sasl_options(struct sdap_options *id_opts,
|
|
|
ca1eb8 |
char *default_primary,
|
|
|
ca1eb8 |
@@ -458,13 +378,6 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
|
|
|
ca1eb8 |
goto done;
|
|
|
ca1eb8 |
}
|
|
|
ca1eb8 |
|
|
|
ca1eb8 |
- ret = sdap_install_offline_callback(mem_ctx, bectx,
|
|
|
ca1eb8 |
- krb5_realm, SSS_KRB5KDC_FO_SRV);
|
|
|
ca1eb8 |
- if (ret != EOK) {
|
|
|
ca1eb8 |
- DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
|
|
|
ca1eb8 |
- goto done;
|
|
|
ca1eb8 |
- }
|
|
|
ca1eb8 |
-
|
|
|
ca1eb8 |
sdap_service->kinit_service_name = talloc_strdup(sdap_service,
|
|
|
ca1eb8 |
service->name);
|
|
|
ca1eb8 |
if (sdap_service->kinit_service_name == NULL) {
|
|
|
ca1eb8 |
--
|
|
|
ca1eb8 |
2.17.1
|
|
|
ca1eb8 |
|