dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0006-krb5-refactor-removal-of-krb5info-files.patch

ca1eb8
From 713bc782502163251ef22eb81b09eed61a8407f7 Mon Sep 17 00:00:00 2001
ca1eb8
From: Sumit Bose <sbose@redhat.com>
ca1eb8
Date: Tue, 5 Jun 2018 17:44:59 +0200
ca1eb8
Subject: [PATCH] krb5: refactor removal of krb5info files
ca1eb8
ca1eb8
Currently a persistent offline callback removes the krb5info files for
ca1eb8
the configured main domain and those files were removed by a SIGTERM
ca1eb8
signal handlers as well.
ca1eb8
ca1eb8
This does not scale if krb5info files are created for sub-domains as
ca1eb8
well. To remove the files automatically the removal is moved into a
ca1eb8
talloc destructor of an offline callback which is added if the file is
ca1eb8
created and frees itself when the system goes offline. Due to the
ca1eb8
talloc memory hierarchy we get removal on shutdown for free.
ca1eb8
ca1eb8
Related to https://pagure.io/SSSD/sssd/issue/3652
ca1eb8
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ca1eb8
ca1eb8
(cherry picked from commit d91661e295c8e878f1bbf34e6f65f61e8301bf0e)
ca1eb8
---
ca1eb8
 src/providers/ad/ad_common.c          |   7 +-
ca1eb8
 src/providers/ipa/ipa_common.c        |   5 +-
ca1eb8
 src/providers/krb5/krb5_common.c      | 176 +++++++++++++-------------
ca1eb8
 src/providers/krb5/krb5_common.h      |   7 +-
ca1eb8
 src/providers/krb5/krb5_init_shared.c |   6 -
ca1eb8
 src/providers/ldap/ldap_common.c      |  87 -------------
ca1eb8
 6 files changed, 102 insertions(+), 186 deletions(-)
ca1eb8
ca1eb8
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
ca1eb8
index 0aea985e00faa996643fd7e7630d4264fb6cf233..8caaba6c0d06cfe83d9741536192d662fc936273 100644
ca1eb8
--- a/src/providers/ad/ad_common.c
ca1eb8
+++ b/src/providers/ad/ad_common.c
ca1eb8
@@ -804,6 +804,8 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
ca1eb8
         goto done;
ca1eb8
     }
ca1eb8
 
ca1eb8
+    service->krb5_service->be_ctx = bectx;
ca1eb8
+
ca1eb8
     if (!primary_servers) {
ca1eb8
         DEBUG(SSSDBG_CONF_SETTINGS,
ca1eb8
               "No primary servers defined, using service discovery\n");
ca1eb8
@@ -984,8 +986,9 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
ca1eb8
             goto done;
ca1eb8
         }
ca1eb8
 
ca1eb8
-        ret = write_krb5info_file(service->krb5_service->realm, safe_address,
ca1eb8
-                                SSS_KRB5KDC_FO_SRV);
ca1eb8
+        ret = write_krb5info_file(service->krb5_service,
ca1eb8
+                                  safe_address,
ca1eb8
+                                  SSS_KRB5KDC_FO_SRV);
ca1eb8
         if (ret != EOK) {
ca1eb8
             DEBUG(SSSDBG_MINOR_FAILURE,
ca1eb8
                 "write_krb5info_file failed, authentication might fail.\n");
ca1eb8
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
ca1eb8
index 87ed967673358bf833dae13c29b1f6a17b0fc19c..dcbb54a744358718e444972b9827ee64887e5e33 100644
ca1eb8
--- a/src/providers/ipa/ipa_common.c
ca1eb8
+++ b/src/providers/ipa/ipa_common.c
ca1eb8
@@ -838,7 +838,8 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
ca1eb8
             return;
ca1eb8
         }
ca1eb8
 
ca1eb8
-        ret = write_krb5info_file(service->krb5_service->realm, safe_address,
ca1eb8
+        ret = write_krb5info_file(service->krb5_service,
ca1eb8
+                                  safe_address,
ca1eb8
                                   SSS_KRB5KDC_FO_SRV);
ca1eb8
         if (ret != EOK) {
ca1eb8
             DEBUG(SSSDBG_OP_FAILURE,
ca1eb8
@@ -1012,6 +1013,8 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ca1eb8
         goto done;
ca1eb8
     }
ca1eb8
 
ca1eb8
+    service->krb5_service->be_ctx = ctx;
ca1eb8
+
ca1eb8
     if (!primary_servers) {
ca1eb8
         DEBUG(SSSDBG_CONF_SETTINGS,
ca1eb8
               "No primary servers defined, using service discovery\n");
ca1eb8
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
ca1eb8
index 520e7591ce1b37b4a8dea357b6dd0ec7afd76f58..c6896a6cd663da896075e72aa0a0602c198b45e8 100644
ca1eb8
--- a/src/providers/krb5/krb5_common.c
ca1eb8
+++ b/src/providers/krb5/krb5_common.c
ca1eb8
@@ -389,7 +389,76 @@ done:
ca1eb8
     return ret;
ca1eb8
 }
ca1eb8
 
ca1eb8
-errno_t write_krb5info_file(const char *realm, const char *server,
ca1eb8
+static int remove_info_files_destructor(void *p)
ca1eb8
+{
ca1eb8
+    int ret;
ca1eb8
+    struct remove_info_files_ctx *ctx = talloc_get_type(p,
ca1eb8
+                                                  struct remove_info_files_ctx);
ca1eb8
+
ca1eb8
+    ret = remove_krb5_info_files(ctx, ctx->realm);
ca1eb8
+    if (ret != EOK) {
ca1eb8
+        DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
ca1eb8
+    }
ca1eb8
+
ca1eb8
+    return 0;
ca1eb8
+}
ca1eb8
+
ca1eb8
+static errno_t
ca1eb8
+krb5_add_krb5info_offline_callback(struct krb5_service *krb5_service)
ca1eb8
+{
ca1eb8
+    int ret;
ca1eb8
+    struct remove_info_files_ctx *ctx;
ca1eb8
+
ca1eb8
+    if (krb5_service == NULL || krb5_service->name == NULL
ca1eb8
+                             || krb5_service->realm == NULL
ca1eb8
+                             || krb5_service->be_ctx == NULL) {
ca1eb8
+        DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name or realm!\n");
ca1eb8
+        return EINVAL;
ca1eb8
+    }
ca1eb8
+
ca1eb8
+    ctx = talloc_zero(krb5_service->be_ctx, struct remove_info_files_ctx);
ca1eb8
+    if (ctx == NULL) {
ca1eb8
+        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n");
ca1eb8
+        return ENOMEM;
ca1eb8
+    }
ca1eb8
+
ca1eb8
+    ctx->realm = talloc_strdup(ctx, krb5_service->realm);
ca1eb8
+    if (ctx->realm == NULL) {
ca1eb8
+        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
ca1eb8
+        ret = ENOMEM;
ca1eb8
+        goto done;
ca1eb8
+    }
ca1eb8
+
ca1eb8
+    ctx->be_ctx = krb5_service->be_ctx;
ca1eb8
+    ctx->kdc_service_name = talloc_strdup(ctx, krb5_service->name);
ca1eb8
+    if (ctx->kdc_service_name == NULL) {
ca1eb8
+        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
ca1eb8
+        ret = ENOMEM;
ca1eb8
+        goto done;
ca1eb8
+    }
ca1eb8
+
ca1eb8
+    ret = be_add_offline_cb(ctx, krb5_service->be_ctx,
ca1eb8
+                            remove_krb5_info_files_callback, ctx, NULL);
ca1eb8
+    if (ret != EOK) {
ca1eb8
+        DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
ca1eb8
+        goto done;
ca1eb8
+    }
ca1eb8
+
ca1eb8
+    talloc_set_destructor((TALLOC_CTX *) ctx, remove_info_files_destructor);
ca1eb8
+
ca1eb8
+    ret = EOK;
ca1eb8
+
ca1eb8
+done:
ca1eb8
+    if (ret != EOK) {
ca1eb8
+        talloc_zfree(ctx);
ca1eb8
+    }
ca1eb8
+
ca1eb8
+    return ret;
ca1eb8
+}
ca1eb8
+
ca1eb8
+
ca1eb8
+errno_t write_krb5info_file(struct krb5_service *krb5_service,
ca1eb8
+                            const char *server,
ca1eb8
                             const char *service)
ca1eb8
 {
ca1eb8
     int ret;
ca1eb8
@@ -401,17 +470,19 @@ errno_t write_krb5info_file(const char *realm, const char *server,
ca1eb8
     size_t server_len;
ca1eb8
     ssize_t written;
ca1eb8
 
ca1eb8
-    if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' ||
ca1eb8
-        service == NULL || *service == '\0') {
ca1eb8
+    if (krb5_service == NULL || krb5_service->realm == NULL
ca1eb8
+                             || *krb5_service->realm == '\0'
ca1eb8
+                             || server == NULL || *server == '\0'
ca1eb8
+                             || service == NULL || *service == '\0') {
ca1eb8
         DEBUG(SSSDBG_CRIT_FAILURE,
ca1eb8
               "Missing or empty realm, server or service.\n");
ca1eb8
         return EINVAL;
ca1eb8
     }
ca1eb8
 
ca1eb8
-    if (sss_krb5_realm_has_proxy(realm)) {
ca1eb8
+    if (sss_krb5_realm_has_proxy(krb5_service->realm)) {
ca1eb8
         DEBUG(SSSDBG_CONF_SETTINGS,
ca1eb8
               "KDC Proxy available for realm [%s], no kdcinfo file created.\n",
ca1eb8
-              realm);
ca1eb8
+              krb5_service->realm);
ca1eb8
         return EOK;
ca1eb8
     }
ca1eb8
 
ca1eb8
@@ -439,7 +510,7 @@ errno_t write_krb5info_file(const char *realm, const char *server,
ca1eb8
         goto done;
ca1eb8
     }
ca1eb8
 
ca1eb8
-    krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, realm);
ca1eb8
+    krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, krb5_service->realm);
ca1eb8
     if (krb5info_name == NULL) {
ca1eb8
         DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
ca1eb8
         ret = ENOMEM;
ca1eb8
@@ -495,6 +566,12 @@ errno_t write_krb5info_file(const char *realm, const char *server,
ca1eb8
         goto done;
ca1eb8
     }
ca1eb8
 
ca1eb8
+    ret = krb5_add_krb5info_offline_callback(krb5_service);
ca1eb8
+    if (ret != EOK) {
ca1eb8
+        DEBUG(SSSDBG_OP_FAILURE, "Failed to add offline callback, krb5info "
ca1eb8
+                                 "file might not be removed properly.\n");
ca1eb8
+    }
ca1eb8
+
ca1eb8
     ret = EOK;
ca1eb8
 done:
ca1eb8
     if (fd != -1) {
ca1eb8
@@ -561,7 +638,8 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
ca1eb8
             return;
ca1eb8
         }
ca1eb8
 
ca1eb8
-        ret = write_krb5info_file(krb5_service->realm, safe_address,
ca1eb8
+        ret = write_krb5info_file(krb5_service,
ca1eb8
+                                  safe_address,
ca1eb8
                                   krb5_service->name);
ca1eb8
         if (ret != EOK) {
ca1eb8
             DEBUG(SSSDBG_OP_FAILURE,
ca1eb8
@@ -761,6 +839,7 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ca1eb8
     }
ca1eb8
 
ca1eb8
     service->write_kdcinfo = use_kdcinfo;
ca1eb8
+    service->be_ctx = ctx;
ca1eb8
 
ca1eb8
     if (!primary_servers) {
ca1eb8
         DEBUG(SSSDBG_CONF_SETTINGS,
ca1eb8
@@ -839,7 +918,6 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm)
ca1eb8
 void remove_krb5_info_files_callback(void *pvt)
ca1eb8
 {
ca1eb8
     int ret;
ca1eb8
-    TALLOC_CTX *tmp_ctx = NULL;
ca1eb8
     struct remove_info_files_ctx *ctx = talloc_get_type(pvt,
ca1eb8
                                                   struct remove_info_files_ctx);
ca1eb8
 
ca1eb8
@@ -864,19 +942,10 @@ void remove_krb5_info_files_callback(void *pvt)
ca1eb8
         }
ca1eb8
     }
ca1eb8
 
ca1eb8
-    tmp_ctx = talloc_new(NULL);
ca1eb8
-    if (tmp_ctx == NULL) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE,
ca1eb8
-              "talloc_new failed, cannot remove krb5 info files.\n");
ca1eb8
-        return;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    ret = remove_krb5_info_files(tmp_ctx, ctx->realm);
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    talloc_zfree(tmp_ctx);
ca1eb8
+    /* Freeing the remove_info_files_ctx will remove the related krb5info
ca1eb8
+     * file. Additionally the callback from the list of callbacks is removed,
ca1eb8
+     * it will be added again when a new krb5info file is created. */
ca1eb8
+    talloc_free(ctx);
ca1eb8
 }
ca1eb8
 
ca1eb8
 void krb5_finalize(struct tevent_context *ev,
ca1eb8
@@ -886,74 +955,9 @@ void krb5_finalize(struct tevent_context *ev,
ca1eb8
                    void *siginfo,
ca1eb8
                    void *private_data)
ca1eb8
 {
ca1eb8
-    char *realm = (char *)private_data;
ca1eb8
-    int ret;
ca1eb8
-
ca1eb8
-    ret = remove_krb5_info_files(se, realm);
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
ca1eb8
-    }
ca1eb8
-
ca1eb8
     orderly_shutdown(0);
ca1eb8
 }
ca1eb8
 
ca1eb8
-errno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
ca1eb8
-                                      struct krb5_ctx *krb5_ctx)
ca1eb8
-{
ca1eb8
-    int ret;
ca1eb8
-    struct remove_info_files_ctx *ctx;
ca1eb8
-    const char *krb5_realm;
ca1eb8
-
ca1eb8
-    if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "Missing KDC service name!\n");
ca1eb8
-        return EINVAL;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    ctx = talloc_zero(krb5_ctx, struct remove_info_files_ctx);
ca1eb8
-    if (ctx == NULL) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n");
ca1eb8
-        return ENOMEM;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM);
ca1eb8
-    if (krb5_realm == NULL) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "Missing krb5_realm option!\n");
ca1eb8
-        ret = EINVAL;
ca1eb8
-        goto done;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    ctx->realm = talloc_strdup(ctx, krb5_realm);
ca1eb8
-    if (ctx->realm == NULL) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
ca1eb8
-        ret = ENOMEM;
ca1eb8
-        goto done;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    ctx->be_ctx = be_ctx;
ca1eb8
-    ctx->kdc_service_name = krb5_ctx->service->name;
ca1eb8
-    if (krb5_ctx->kpasswd_service == NULL) {
ca1eb8
-        ctx->kpasswd_service_name =NULL;
ca1eb8
-    } else {
ca1eb8
-        ctx->kpasswd_service_name = krb5_ctx->kpasswd_service->name;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    ret = be_add_offline_cb(ctx, be_ctx, remove_krb5_info_files_callback, ctx,
ca1eb8
-                            NULL);
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
ca1eb8
-        goto done;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    ret = EOK;
ca1eb8
-
ca1eb8
-done:
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        talloc_zfree(ctx);
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    return ret;
ca1eb8
-}
ca1eb8
-
ca1eb8
 errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
ca1eb8
                                      struct krb5_ctx *krb5_ctx)
ca1eb8
 {
ca1eb8
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
ca1eb8
index 48368a528e75947102c74cb75bf7a74ec0dd258f..a2e47b0605debdffa28305dab4f7674707f713ac 100644
ca1eb8
--- a/src/providers/krb5/krb5_common.h
ca1eb8
+++ b/src/providers/krb5/krb5_common.h
ca1eb8
@@ -67,6 +67,7 @@ enum krb5_opts {
ca1eb8
 typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type;
ca1eb8
 
ca1eb8
 struct krb5_service {
ca1eb8
+    struct be_ctx *be_ctx;
ca1eb8
     char *name;
ca1eb8
     char *realm;
ca1eb8
     bool write_kdcinfo;
ca1eb8
@@ -157,7 +158,8 @@ errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
ca1eb8
 errno_t sss_krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
ca1eb8
                              const char *conf_path, struct dp_option **_opts);
ca1eb8
 
ca1eb8
-errno_t write_krb5info_file(const char *realm, const char *kdc,
ca1eb8
+errno_t write_krb5info_file(struct krb5_service *krb5_service,
ca1eb8
+                            const char *server,
ca1eb8
                             const char *service);
ca1eb8
 
ca1eb8
 int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
ca1eb8
@@ -177,9 +179,6 @@ void krb5_finalize(struct tevent_context *ev,
ca1eb8
                    void *siginfo,
ca1eb8
                    void *private_data);
ca1eb8
 
ca1eb8
-errno_t krb5_install_offline_callback(struct be_ctx *be_ctx,
ca1eb8
-                                      struct krb5_ctx *krb_ctx);
ca1eb8
-
ca1eb8
 errno_t krb5_install_sigterm_handler(struct tevent_context *ev,
ca1eb8
                                      struct krb5_ctx *krb5_ctx);
ca1eb8
 
ca1eb8
diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c
ca1eb8
index 3901b7272119c32930c2b6b47279a2c685bf3cfb..368d6f7b0f2bc038e4cc4aa8f0970cd0e81d7b6b 100644
ca1eb8
--- a/src/providers/krb5/krb5_init_shared.c
ca1eb8
+++ b/src/providers/krb5/krb5_init_shared.c
ca1eb8
@@ -71,12 +71,6 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
ca1eb8
         goto done;
ca1eb8
     }
ca1eb8
 
ca1eb8
-    ret = krb5_install_offline_callback(bectx, krb5_auth_ctx);
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_offline_callback failed.\n");
ca1eb8
-        goto done;
ca1eb8
-    }
ca1eb8
-
ca1eb8
     ret = krb5_install_sigterm_handler(bectx->ev, krb5_auth_ctx);
ca1eb8
     if (ret != EOK) {
ca1eb8
         DEBUG(SSSDBG_CRIT_FAILURE, "krb5_install_sigterm_handler failed.\n");
ca1eb8
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
ca1eb8
index 91e229243b9a1b43e7a57704824f5db0341f4ee9..15377ee1f062c0167aabee30ef0757ebe7271682 100644
ca1eb8
--- a/src/providers/ldap/ldap_common.c
ca1eb8
+++ b/src/providers/ldap/ldap_common.c
ca1eb8
@@ -158,14 +158,6 @@ static void sdap_finalize(struct tevent_context *ev,
ca1eb8
                           void *siginfo,
ca1eb8
                           void *private_data)
ca1eb8
 {
ca1eb8
-    char *realm = (char *) private_data;
ca1eb8
-    int ret;
ca1eb8
-
ca1eb8
-    ret = remove_krb5_info_files(se, realm);
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
ca1eb8
-    }
ca1eb8
-
ca1eb8
     orderly_shutdown(0);
ca1eb8
 }
ca1eb8
 
ca1eb8
@@ -196,78 +188,6 @@ errno_t sdap_install_sigterm_handler(TALLOC_CTX *mem_ctx,
ca1eb8
     return EOK;
ca1eb8
 }
ca1eb8
 
ca1eb8
-void sdap_remove_kdcinfo_files_callback(void *pvt)
ca1eb8
-{
ca1eb8
-    int ret;
ca1eb8
-    TALLOC_CTX *tmp_ctx = NULL;
ca1eb8
-    struct remove_info_files_ctx *ctx = talloc_get_type(pvt,
ca1eb8
-                                                  struct remove_info_files_ctx);
ca1eb8
-
ca1eb8
-    ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx,
ca1eb8
-                                              ctx->kdc_service_name);
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE,
ca1eb8
-              "be_fo_run_callbacks_at_next_request failed, "
ca1eb8
-                  "krb5 info files will not be removed, because "
ca1eb8
-                  "it is unclear if they will be recreated properly.\n");
ca1eb8
-        return;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    tmp_ctx = talloc_new(NULL);
ca1eb8
-    if (tmp_ctx == NULL) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE,
ca1eb8
-              "talloc_new failed, cannot remove krb5 info files.\n");
ca1eb8
-        return;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    ret = remove_krb5_info_files(tmp_ctx, ctx->realm);
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n");
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    talloc_zfree(tmp_ctx);
ca1eb8
-}
ca1eb8
-
ca1eb8
-
ca1eb8
-errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx,
ca1eb8
-                                      struct be_ctx *be_ctx,
ca1eb8
-                                      const char *realm,
ca1eb8
-                                      const char *service_name)
ca1eb8
-{
ca1eb8
-    int ret;
ca1eb8
-    struct remove_info_files_ctx *ctx;
ca1eb8
-
ca1eb8
-    ctx = talloc_zero(mem_ctx, struct remove_info_files_ctx);
ca1eb8
-    if (ctx == NULL) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n");
ca1eb8
-        return ENOMEM;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    ctx->be_ctx = be_ctx;
ca1eb8
-    ctx->realm = talloc_strdup(ctx, realm);
ca1eb8
-    ctx->kdc_service_name = talloc_strdup(ctx, service_name);
ca1eb8
-    if (ctx->realm == NULL || ctx->kdc_service_name == NULL) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n");
ca1eb8
-        ret = ENOMEM;
ca1eb8
-        goto done;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    ret = be_add_offline_cb(ctx, be_ctx,
ca1eb8
-                            sdap_remove_kdcinfo_files_callback,
ca1eb8
-                            ctx, NULL);
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n");
ca1eb8
-        goto done;
ca1eb8
-    }
ca1eb8
-
ca1eb8
-    ret = EOK;
ca1eb8
-done:
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        talloc_zfree(ctx);
ca1eb8
-    }
ca1eb8
-    return ret;
ca1eb8
-}
ca1eb8
-
ca1eb8
 errno_t
ca1eb8
 sdap_set_sasl_options(struct sdap_options *id_opts,
ca1eb8
                       char *default_primary,
ca1eb8
@@ -458,13 +378,6 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx,
ca1eb8
         goto done;
ca1eb8
     }
ca1eb8
 
ca1eb8
-    ret = sdap_install_offline_callback(mem_ctx, bectx,
ca1eb8
-                                        krb5_realm, SSS_KRB5KDC_FO_SRV);
ca1eb8
-    if (ret != EOK) {
ca1eb8
-        DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n");
ca1eb8
-        goto done;
ca1eb8
-    }
ca1eb8
-
ca1eb8
     sdap_service->kinit_service_name = talloc_strdup(sdap_service,
ca1eb8
                                                      service->name);
ca1eb8
     if (sdap_service->kinit_service_name == NULL) {
ca1eb8
-- 
ca1eb8
2.17.1
ca1eb8