dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From ce69c907f04214e16c07c5a05fb8dac12b271aba Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Thu, 17 Sep 2015 17:09:24 +0200
Subject: [PATCH 92/96] IPA: Change ipa_server_trust_add_send request to be
 reusable from ID code

Required for:
    https://fedorahosted.org/sssd/ticket/2639

Expose a request ipa_server_trusted_dom_setup_send that sets up a
trusted domain. The setup might include actions like retrieving a keytab
for one-way trusts.

Creating the AD ID context for the trused domain is now done in the
caller of this new request.

Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 1ccfd8e2e5cf4cdb6807d9809c150b7f6ba3e0eb)
---
 src/providers/ipa/ipa_subdomains.h        |  11 +++
 src/providers/ipa/ipa_subdomains_server.c | 122 ++++++++++++++++--------------
 2 files changed, 75 insertions(+), 58 deletions(-)

diff --git a/src/providers/ipa/ipa_subdomains.h b/src/providers/ipa/ipa_subdomains.h
index 2302c5f03e80de2ea1efad424769e777cd6dd8d5..0c13f8ed2eeda87237dfb097f532c7137095ddf1 100644
--- a/src/providers/ipa/ipa_subdomains.h
+++ b/src/providers/ipa/ipa_subdomains.h
@@ -52,6 +52,17 @@ struct ipa_ad_server_ctx {
     struct ipa_ad_server_ctx *next, *prev;
 };
 
+/* Can be used to set up trusted subdomain, for example fetch
+ * keytab in server mode
+ */
+struct tevent_req *
+ipa_server_trusted_dom_setup_send(TALLOC_CTX *mem_ctx,
+                                  struct tevent_context *ev,
+                                  struct be_ctx *be_ctx,
+                                  struct ipa_id_ctx *id_ctx,
+                                  struct sss_domain_info *subdom);
+errno_t ipa_server_trusted_dom_setup_recv(struct tevent_req *req);
+
 /* To be used by ipa_subdomains.c only */
 struct tevent_req *
 ipa_server_create_trusts_send(TALLOC_CTX *mem_ctx,
diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c
index dfecab1bc362b5772379bae6d51f9cef8443f225..c561118946e2ba76b2b4076e5057b1b5c0075a41 100644
--- a/src/providers/ipa/ipa_subdomains_server.c
+++ b/src/providers/ipa/ipa_subdomains_server.c
@@ -563,7 +563,7 @@ done:
     return ret;
 }
 
-struct ipa_server_trust_add_state {
+struct ipa_server_trusted_dom_setup_state {
     struct tevent_context *ev;
     struct be_ctx *be_ctx;
     struct ipa_id_ctx *id_ctx;
@@ -578,22 +578,22 @@ struct ipa_server_trust_add_state {
     const char *ccache;
 };
 
-static errno_t ipa_server_trust_add_1way(struct tevent_req *req);
+static errno_t ipa_server_trusted_dom_setup_1way(struct tevent_req *req);
 static void ipa_server_trust_1way_kt_done(struct tevent_req *subreq);
-static errno_t ipa_server_trust_add_step(struct tevent_req *req);
 
-static struct tevent_req *
-ipa_server_trust_add_send(TALLOC_CTX *mem_ctx,
-                          struct tevent_context *ev,
-                          struct be_ctx *be_ctx,
-                          struct ipa_id_ctx *id_ctx,
-                          struct sss_domain_info *subdom)
+struct tevent_req *
+ipa_server_trusted_dom_setup_send(TALLOC_CTX *mem_ctx,
+                                  struct tevent_context *ev,
+                                  struct be_ctx *be_ctx,
+                                  struct ipa_id_ctx *id_ctx,
+                                  struct sss_domain_info *subdom)
 {
     struct tevent_req *req = NULL;
-    struct ipa_server_trust_add_state *state = NULL;
+    struct ipa_server_trusted_dom_setup_state *state = NULL;
     errno_t ret;
 
-    req = tevent_req_create(mem_ctx, &state, struct ipa_server_trust_add_state);
+    req = tevent_req_create(mem_ctx, &state,
+                            struct ipa_server_trusted_dom_setup_state);
     if (req == NULL) {
         return NULL;
     }
@@ -626,16 +626,19 @@ ipa_server_trust_add_send(TALLOC_CTX *mem_ctx,
           ipa_trust_dir2str(state->direction));
 
     if (state->direction & LSA_TRUST_DIRECTION_OUTBOUND) {
-        /* Use system keytab */
-        ret = ipa_server_trust_add_step(req);
+        /* Use system keytab, nothing to do here */
+        ret = EOK;
+        goto immediate;
     } else if (state->direction & LSA_TRUST_DIRECTION_INBOUND) {
         /* Need special keytab */
-        ret = ipa_server_trust_add_1way(req);
+        ret = ipa_server_trusted_dom_setup_1way(req);
         if (ret == EAGAIN) {
             /* In progress.. */
             return req;
         } else if (ret == EOK) {
-            ret = ipa_server_trust_add_step(req);
+            /* Keytab available, shortcut */
+            ret = EOK;
+            goto immediate;
         }
     } else {
         /* Even unset is an error at this point */
@@ -658,12 +661,12 @@ immediate:
     return req;
 }
 
-static errno_t ipa_server_trust_add_1way(struct tevent_req *req)
+static errno_t ipa_server_trusted_dom_setup_1way(struct tevent_req *req)
 {
     errno_t ret;
     struct tevent_req *subreq = NULL;
-    struct ipa_server_trust_add_state *state =
-            tevent_req_data(req, struct ipa_server_trust_add_state);
+    struct ipa_server_trusted_dom_setup_state *state =
+            tevent_req_data(req, struct ipa_server_trusted_dom_setup_state);
     const char *hostname;
 
     state->keytab = forest_keytab(state, state->forest);
@@ -715,8 +718,8 @@ static void ipa_server_trust_1way_kt_done(struct tevent_req *subreq)
     errno_t ret;
     struct tevent_req *req = tevent_req_callback_data(subreq,
                                                       struct tevent_req);
-    struct ipa_server_trust_add_state *state =
-            tevent_req_data(req, struct ipa_server_trust_add_state);
+    struct ipa_server_trusted_dom_setup_state *state =
+            tevent_req_data(req, struct ipa_server_trusted_dom_setup_state);
 
     ret = ipa_getkeytab_recv(subreq, NULL);
     talloc_zfree(subreq);
@@ -764,46 +767,12 @@ static void ipa_server_trust_1way_kt_done(struct tevent_req *subreq)
     DEBUG(SSSDBG_TRACE_FUNC,
           "Keytab %s contains the expected principals\n", state->new_keytab);
 
-    ret = ipa_server_trust_add_step(req);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_OP_FAILURE,
-              "ipa_server_trust_add_step failed: %d\n", ret);
-        tevent_req_error(req, ret);
-        return;
-    }
-
     DEBUG(SSSDBG_TRACE_FUNC,
           "Established trust context for %s\n", state->subdom->name);
     tevent_req_done(req);
 }
 
-static errno_t ipa_server_trust_add_step(struct tevent_req *req)
-{
-    struct ipa_ad_server_ctx *trust_ctx;
-    struct ad_id_ctx *ad_id_ctx;
-    errno_t ret;
-    struct ipa_server_trust_add_state *state =
-            tevent_req_data(req, struct ipa_server_trust_add_state);
-
-    ret = ipa_ad_ctx_new(state->be_ctx, state->id_ctx, state->subdom, &ad_id_ctx);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_OP_FAILURE,
-              "Cannot create ad_id_ctx for subdomain %s\n", state->subdom->name);
-        return ret;
-    }
-
-    trust_ctx = talloc(state->id_ctx->server_mode, struct ipa_ad_server_ctx);
-    if (trust_ctx == NULL) {
-        return ENOMEM;
-    }
-    trust_ctx->dom = state->subdom;
-    trust_ctx->ad_id_ctx = ad_id_ctx;
-
-    DLIST_ADD(state->id_ctx->server_mode->trusts, trust_ctx);
-    return EOK;
-}
-
-static errno_t ipa_server_trust_add_recv(struct tevent_req *req)
+errno_t ipa_server_trusted_dom_setup_recv(struct tevent_req *req)
 {
     TEVENT_REQ_RETURN_ON_ERROR(req);
     return EOK;
@@ -817,6 +786,7 @@ struct ipa_server_create_trusts_state {
 };
 
 static errno_t ipa_server_create_trusts_step(struct tevent_req *req);
+static errno_t ipa_server_create_trusts_ctx(struct tevent_req *req);
 static void ipa_server_create_trusts_done(struct tevent_req *subreq);
 
 struct tevent_req *
@@ -879,8 +849,11 @@ static errno_t ipa_server_create_trusts_step(struct tevent_req *req)
 
         /* Newly detected trust */
         if (trust_iter == NULL) {
-            subreq = ipa_server_trust_add_send(state, state->ev, state->be_ctx,
-                                               state->id_ctx, state->domiter);
+            subreq = ipa_server_trusted_dom_setup_send(state,
+                                                       state->ev,
+                                                       state->be_ctx,
+                                                       state->id_ctx,
+                                                       state->domiter);
             if (subreq == NULL) {
                 return ENOMEM;
             }
@@ -898,13 +871,19 @@ static void ipa_server_create_trusts_done(struct tevent_req *subreq)
     struct tevent_req *req = tevent_req_callback_data(subreq,
                                                       struct tevent_req);
 
-    ret = ipa_server_trust_add_recv(subreq);
+    ret = ipa_server_trusted_dom_setup_recv(subreq);
     talloc_zfree(subreq);
     if (ret != EOK) {
         tevent_req_error(req, ret);
         return;
     }
 
+    ret = ipa_server_create_trusts_ctx(req);
+    if (ret != EOK) {
+        tevent_req_error(req, ret);
+        return;
+    }
+
     ret = ipa_server_create_trusts_step(req);
     if (ret == EOK) {
         tevent_req_done(req);
@@ -917,6 +896,33 @@ static void ipa_server_create_trusts_done(struct tevent_req *subreq)
     /* Will cycle back */
 }
 
+static errno_t ipa_server_create_trusts_ctx(struct tevent_req *req)
+{
+    struct ipa_ad_server_ctx *trust_ctx;
+    struct ad_id_ctx *ad_id_ctx;
+    errno_t ret;
+    struct ipa_server_create_trusts_state *state = NULL;
+
+    state = tevent_req_data(req, struct ipa_server_create_trusts_state);
+
+    ret = ipa_ad_ctx_new(state->be_ctx, state->id_ctx, state->domiter, &ad_id_ctx);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "Cannot create ad_id_ctx for subdomain %s\n", state->domiter->name);
+        return ret;
+    }
+
+    trust_ctx = talloc(state->id_ctx->server_mode, struct ipa_ad_server_ctx);
+    if (trust_ctx == NULL) {
+        return ENOMEM;
+    }
+    trust_ctx->dom = state->domiter;
+    trust_ctx->ad_id_ctx = ad_id_ctx;
+
+    DLIST_ADD(state->id_ctx->server_mode->trusts, trust_ctx);
+    return EOK;
+}
+
 errno_t ipa_server_create_trusts_recv(struct tevent_req *req)
 {
     TEVENT_REQ_RETURN_ON_ERROR(req);
-- 
2.4.3