dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0026-KRB5-Allow-writing-multiple-addresses-to-the-kdcinfo.patch

cdf651
From 73f452058c8ac83117cb86c12d4d266c8caccc57 Mon Sep 17 00:00:00 2001
cdf651
From: Jakub Hrozek <jhrozek@redhat.com>
cdf651
Date: Tue, 26 Jun 2018 10:35:15 +0200
cdf651
Subject: [PATCH] KRB5: Allow writing multiple addresses to the kdcinfo plugin
cdf651
cdf651
Turns the previous write_krb5info_file() function into a static function
cdf651
that writes whatever input it recevies. Adds a wrapper around it that
cdf651
accepts a list of strings, turns that into a newline-separated string
cdf651
which is then passed to the original function.
cdf651
cdf651
Related:
cdf651
https://pagure.io/SSSD/sssd/issue/3291
cdf651
cdf651
Reviewed-by: Sumit Bose <sbose@redhat.com>
cdf651
(cherry picked from commit 8971399c872c21769d5c62cf753c5f9df4caf8cb)
cdf651
---
cdf651
 src/providers/ad/ad_common.c     | 12 ++---
cdf651
 src/providers/ipa/ipa_common.c   |  8 ++--
cdf651
 src/providers/krb5/krb5_common.c | 75 +++++++++++++++++++++++++-------
cdf651
 src/providers/krb5/krb5_common.h |  2 +-
cdf651
 4 files changed, 70 insertions(+), 27 deletions(-)
cdf651
cdf651
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
cdf651
index b103410e5915a380d0404e18da869517e4d4e355..eaf0814f1aaf51a5085e992efa633240f32c498e 100644
cdf651
--- a/src/providers/ad/ad_common.c
cdf651
+++ b/src/providers/ad/ad_common.c
cdf651
@@ -848,7 +848,7 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
cdf651
     struct resolv_hostent *srvaddr;
cdf651
     struct sockaddr_storage *sockaddr;
cdf651
     char *address;
cdf651
-    const char *safe_address;
cdf651
+    char *safe_addr_list[2] = { NULL, NULL };
cdf651
     char *new_uri;
cdf651
     int new_port;
cdf651
     const char *srv_name;
cdf651
@@ -957,17 +957,17 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
cdf651
     if ((sdata == NULL || sdata->gc == false) &&
cdf651
         service->krb5_service->write_kdcinfo) {
cdf651
         /* Write krb5 info files */
cdf651
-        safe_address = sss_escape_ip_address(tmp_ctx,
cdf651
-                                            srvaddr->family,
cdf651
-                                            address);
cdf651
-        if (safe_address == NULL) {
cdf651
+        safe_addr_list[0] = sss_escape_ip_address(tmp_ctx,
cdf651
+                                                  srvaddr->family,
cdf651
+                                                  address);
cdf651
+        if (safe_addr_list[0] == NULL) {
cdf651
             DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
cdf651
             ret = ENOMEM;
cdf651
             goto done;
cdf651
         }
cdf651
 
cdf651
         ret = write_krb5info_file(service->krb5_service,
cdf651
-                                  safe_address,
cdf651
+                                  safe_addr_list,
cdf651
                                   SSS_KRB5KDC_FO_SRV);
cdf651
         if (ret != EOK) {
cdf651
             DEBUG(SSSDBG_MINOR_FAILURE,
cdf651
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
cdf651
index 5808513bfd570c43bc1712114aabba5749ba0fec..0614019764287e5114aa8b8b5c670b717732068b 100644
cdf651
--- a/src/providers/ipa/ipa_common.c
cdf651
+++ b/src/providers/ipa/ipa_common.c
cdf651
@@ -766,7 +766,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
cdf651
     struct resolv_hostent *srvaddr;
cdf651
     struct sockaddr_storage *sockaddr;
cdf651
     char *address;
cdf651
-    const char *safe_address;
cdf651
+    char *safe_addr_list[2] = { NULL, NULL };
cdf651
     char *new_uri;
cdf651
     const char *srv_name;
cdf651
     int ret;
cdf651
@@ -829,17 +829,17 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
cdf651
     service->sdap->sockaddr = talloc_steal(service, sockaddr);
cdf651
 
cdf651
     if (service->krb5_service->write_kdcinfo) {
cdf651
-        safe_address = sss_escape_ip_address(tmp_ctx,
cdf651
+        safe_addr_list[0] = sss_escape_ip_address(tmp_ctx,
cdf651
                                              srvaddr->family,
cdf651
                                              address);
cdf651
-        if (safe_address == NULL) {
cdf651
+        if (safe_addr_list[0] == NULL) {
cdf651
             DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
cdf651
             talloc_free(tmp_ctx);
cdf651
             return;
cdf651
         }
cdf651
 
cdf651
         ret = write_krb5info_file(service->krb5_service,
cdf651
-                                  safe_address,
cdf651
+                                  safe_addr_list,
cdf651
                                   SSS_KRB5KDC_FO_SRV);
cdf651
         if (ret != EOK) {
cdf651
             DEBUG(SSSDBG_OP_FAILURE,
cdf651
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
cdf651
index 2a50dfec55c29b8d7f8b8751c904977c22aa906a..2b003e1642b449e8db20ba4259ba13273e21212f 100644
cdf651
--- a/src/providers/krb5/krb5_common.c
cdf651
+++ b/src/providers/krb5/krb5_common.c
cdf651
@@ -466,10 +466,9 @@ done:
cdf651
     return ret;
cdf651
 }
cdf651
 
cdf651
-
cdf651
-errno_t write_krb5info_file(struct krb5_service *krb5_service,
cdf651
-                            const char *server,
cdf651
-                            const char *service)
cdf651
+static errno_t write_krb5info_file_contents(struct krb5_service *krb5_service,
cdf651
+                                            const char *contents,
cdf651
+                                            const char *service)
cdf651
 {
cdf651
     int ret;
cdf651
     int fd = -1;
cdf651
@@ -482,7 +481,7 @@ errno_t write_krb5info_file(struct krb5_service *krb5_service,
cdf651
 
cdf651
     if (krb5_service == NULL || krb5_service->realm == NULL
cdf651
                              || *krb5_service->realm == '\0'
cdf651
-                             || server == NULL || *server == '\0'
cdf651
+                             || contents == NULL || *contents == '\0'
cdf651
                              || service == NULL || *service == '\0') {
cdf651
         DEBUG(SSSDBG_CRIT_FAILURE,
cdf651
               "Missing or empty realm, server or service.\n");
cdf651
@@ -505,7 +504,7 @@ errno_t write_krb5info_file(struct krb5_service *krb5_service,
cdf651
         return EINVAL;
cdf651
     }
cdf651
 
cdf651
-    server_len = strlen(server);
cdf651
+    server_len = strlen(contents);
cdf651
 
cdf651
     tmp_ctx = talloc_new(NULL);
cdf651
     if (tmp_ctx == NULL) {
cdf651
@@ -535,7 +534,7 @@ errno_t write_krb5info_file(struct krb5_service *krb5_service,
cdf651
     }
cdf651
 
cdf651
     errno = 0;
cdf651
-    written = sss_atomic_write_s(fd, discard_const(server), server_len);
cdf651
+    written = sss_atomic_write_s(fd, discard_const(contents), server_len);
cdf651
     if (written == -1) {
cdf651
         ret = errno;
cdf651
         DEBUG(SSSDBG_CRIT_FAILURE,
cdf651
@@ -592,12 +591,56 @@ done:
cdf651
     return ret;
cdf651
 }
cdf651
 
cdf651
+errno_t write_krb5info_file(struct krb5_service *krb5_service,
cdf651
+                            char **server_list,
cdf651
+                            const char *service)
cdf651
+{
cdf651
+    int i;
cdf651
+    errno_t ret;
cdf651
+    TALLOC_CTX *tmp_ctx = NULL;
cdf651
+    char *contents = NULL;
cdf651
+
cdf651
+    if (krb5_service == NULL || server_list == NULL || service == NULL) {
cdf651
+        return EINVAL;
cdf651
+    }
cdf651
+
cdf651
+    if (server_list[0] == NULL) {
cdf651
+        return EOK;
cdf651
+    }
cdf651
+
cdf651
+    tmp_ctx = talloc_new(NULL);
cdf651
+    if (tmp_ctx == NULL) {
cdf651
+        return ENOMEM;
cdf651
+    }
cdf651
+
cdf651
+    contents = talloc_strdup(tmp_ctx, "");
cdf651
+    if (contents == NULL) {
cdf651
+        ret = ENOMEM;
cdf651
+        goto done;
cdf651
+    }
cdf651
+
cdf651
+    i = 0;
cdf651
+    do {
cdf651
+        contents = talloc_asprintf_append(contents, "%s\n", server_list[i]);
cdf651
+        if (contents == NULL) {
cdf651
+            ret = ENOMEM;
cdf651
+            goto done;
cdf651
+        }
cdf651
+        i++;
cdf651
+    } while (server_list[i] != NULL);
cdf651
+
cdf651
+    ret = write_krb5info_file_contents(krb5_service, contents, service);
cdf651
+done:
cdf651
+    talloc_free(tmp_ctx);
cdf651
+    return ret;
cdf651
+}
cdf651
+
cdf651
 static void krb5_resolve_callback(void *private_data, struct fo_server *server)
cdf651
 {
cdf651
     struct krb5_service *krb5_service;
cdf651
     struct resolv_hostent *srvaddr;
cdf651
     char *address;
cdf651
-    char *safe_address;
cdf651
+    char *safe_addr_list[2] = { NULL, NULL };
cdf651
     int ret;
cdf651
     TALLOC_CTX *tmp_ctx = NULL;
cdf651
 
cdf651
@@ -630,26 +673,26 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
cdf651
         return;
cdf651
     }
cdf651
 
cdf651
-    safe_address = sss_escape_ip_address(tmp_ctx,
cdf651
-                                         srvaddr->family,
cdf651
-                                         address);
cdf651
-    if (safe_address == NULL) {
cdf651
+    safe_addr_list[0] = sss_escape_ip_address(tmp_ctx,
cdf651
+                                              srvaddr->family,
cdf651
+                                              address);
cdf651
+    if (safe_addr_list[0] == NULL) {
cdf651
         DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
cdf651
         talloc_free(tmp_ctx);
cdf651
         return;
cdf651
     }
cdf651
 
cdf651
     if (krb5_service->write_kdcinfo) {
cdf651
-        safe_address = talloc_asprintf_append(safe_address, ":%d",
cdf651
-                                            fo_get_server_port(server));
cdf651
-        if (safe_address == NULL) {
cdf651
+        safe_addr_list[0] = talloc_asprintf_append(safe_addr_list[0], ":%d",
cdf651
+                                                   fo_get_server_port(server));
cdf651
+        if (safe_addr_list[0] == NULL) {
cdf651
             DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
cdf651
             talloc_free(tmp_ctx);
cdf651
             return;
cdf651
         }
cdf651
 
cdf651
         ret = write_krb5info_file(krb5_service,
cdf651
-                                  safe_address,
cdf651
+                                  safe_addr_list,
cdf651
                                   krb5_service->name);
cdf651
         if (ret != EOK) {
cdf651
             DEBUG(SSSDBG_OP_FAILURE,
cdf651
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
cdf651
index 1c12d5652ccef7e1738177eedad1c9de543916b7..bf36a551a92877ec838d8d3a041903144f22bc8f 100644
cdf651
--- a/src/providers/krb5/krb5_common.h
cdf651
+++ b/src/providers/krb5/krb5_common.h
cdf651
@@ -161,7 +161,7 @@ errno_t sss_krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
cdf651
                              const char *conf_path, struct dp_option **_opts);
cdf651
 
cdf651
 errno_t write_krb5info_file(struct krb5_service *krb5_service,
cdf651
-                            const char *server,
cdf651
+                            char **server_list,
cdf651
                             const char *service);
cdf651
 
cdf651
 struct krb5_service *krb5_service_new(TALLOC_CTX *mem_ctx,
cdf651
-- 
cdf651
2.17.1
cdf651