|
 |
cdf651 |
From 73f452058c8ac83117cb86c12d4d266c8caccc57 Mon Sep 17 00:00:00 2001
|
|
|
cdf651 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
cdf651 |
Date: Tue, 26 Jun 2018 10:35:15 +0200
|
|
|
cdf651 |
Subject: [PATCH] KRB5: Allow writing multiple addresses to the kdcinfo plugin
|
|
|
cdf651 |
|
|
|
cdf651 |
Turns the previous write_krb5info_file() function into a static function
|
|
|
cdf651 |
that writes whatever input it recevies. Adds a wrapper around it that
|
|
|
cdf651 |
accepts a list of strings, turns that into a newline-separated string
|
|
|
cdf651 |
which is then passed to the original function.
|
|
|
cdf651 |
|
|
|
cdf651 |
Related:
|
|
|
cdf651 |
https://pagure.io/SSSD/sssd/issue/3291
|
|
|
cdf651 |
|
|
|
cdf651 |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
cdf651 |
(cherry picked from commit 8971399c872c21769d5c62cf753c5f9df4caf8cb)
|
|
|
cdf651 |
---
|
|
|
cdf651 |
src/providers/ad/ad_common.c | 12 ++---
|
|
|
cdf651 |
src/providers/ipa/ipa_common.c | 8 ++--
|
|
|
cdf651 |
src/providers/krb5/krb5_common.c | 75 +++++++++++++++++++++++++-------
|
|
|
cdf651 |
src/providers/krb5/krb5_common.h | 2 +-
|
|
|
cdf651 |
4 files changed, 70 insertions(+), 27 deletions(-)
|
|
|
cdf651 |
|
|
|
cdf651 |
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
|
|
|
cdf651 |
index b103410e5915a380d0404e18da869517e4d4e355..eaf0814f1aaf51a5085e992efa633240f32c498e 100644
|
|
|
cdf651 |
--- a/src/providers/ad/ad_common.c
|
|
|
cdf651 |
+++ b/src/providers/ad/ad_common.c
|
|
|
cdf651 |
@@ -848,7 +848,7 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
|
|
|
cdf651 |
struct resolv_hostent *srvaddr;
|
|
|
cdf651 |
struct sockaddr_storage *sockaddr;
|
|
|
cdf651 |
char *address;
|
|
|
cdf651 |
- const char *safe_address;
|
|
|
cdf651 |
+ char *safe_addr_list[2] = { NULL, NULL };
|
|
|
cdf651 |
char *new_uri;
|
|
|
cdf651 |
int new_port;
|
|
|
cdf651 |
const char *srv_name;
|
|
|
cdf651 |
@@ -957,17 +957,17 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
|
|
|
cdf651 |
if ((sdata == NULL || sdata->gc == false) &&
|
|
|
cdf651 |
service->krb5_service->write_kdcinfo) {
|
|
|
cdf651 |
/* Write krb5 info files */
|
|
|
cdf651 |
- safe_address = sss_escape_ip_address(tmp_ctx,
|
|
|
cdf651 |
- srvaddr->family,
|
|
|
cdf651 |
- address);
|
|
|
cdf651 |
- if (safe_address == NULL) {
|
|
|
cdf651 |
+ safe_addr_list[0] = sss_escape_ip_address(tmp_ctx,
|
|
|
cdf651 |
+ srvaddr->family,
|
|
|
cdf651 |
+ address);
|
|
|
cdf651 |
+ if (safe_addr_list[0] == NULL) {
|
|
|
cdf651 |
DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
|
|
|
cdf651 |
ret = ENOMEM;
|
|
|
cdf651 |
goto done;
|
|
|
cdf651 |
}
|
|
|
cdf651 |
|
|
|
cdf651 |
ret = write_krb5info_file(service->krb5_service,
|
|
|
cdf651 |
- safe_address,
|
|
|
cdf651 |
+ safe_addr_list,
|
|
|
cdf651 |
SSS_KRB5KDC_FO_SRV);
|
|
|
cdf651 |
if (ret != EOK) {
|
|
|
cdf651 |
DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
cdf651 |
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
|
|
|
cdf651 |
index 5808513bfd570c43bc1712114aabba5749ba0fec..0614019764287e5114aa8b8b5c670b717732068b 100644
|
|
|
cdf651 |
--- a/src/providers/ipa/ipa_common.c
|
|
|
cdf651 |
+++ b/src/providers/ipa/ipa_common.c
|
|
|
cdf651 |
@@ -766,7 +766,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
|
|
|
cdf651 |
struct resolv_hostent *srvaddr;
|
|
|
cdf651 |
struct sockaddr_storage *sockaddr;
|
|
|
cdf651 |
char *address;
|
|
|
cdf651 |
- const char *safe_address;
|
|
|
cdf651 |
+ char *safe_addr_list[2] = { NULL, NULL };
|
|
|
cdf651 |
char *new_uri;
|
|
|
cdf651 |
const char *srv_name;
|
|
|
cdf651 |
int ret;
|
|
|
cdf651 |
@@ -829,17 +829,17 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
|
|
|
cdf651 |
service->sdap->sockaddr = talloc_steal(service, sockaddr);
|
|
|
cdf651 |
|
|
|
cdf651 |
if (service->krb5_service->write_kdcinfo) {
|
|
|
cdf651 |
- safe_address = sss_escape_ip_address(tmp_ctx,
|
|
|
cdf651 |
+ safe_addr_list[0] = sss_escape_ip_address(tmp_ctx,
|
|
|
cdf651 |
srvaddr->family,
|
|
|
cdf651 |
address);
|
|
|
cdf651 |
- if (safe_address == NULL) {
|
|
|
cdf651 |
+ if (safe_addr_list[0] == NULL) {
|
|
|
cdf651 |
DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
|
|
|
cdf651 |
talloc_free(tmp_ctx);
|
|
|
cdf651 |
return;
|
|
|
cdf651 |
}
|
|
|
cdf651 |
|
|
|
cdf651 |
ret = write_krb5info_file(service->krb5_service,
|
|
|
cdf651 |
- safe_address,
|
|
|
cdf651 |
+ safe_addr_list,
|
|
|
cdf651 |
SSS_KRB5KDC_FO_SRV);
|
|
|
cdf651 |
if (ret != EOK) {
|
|
|
cdf651 |
DEBUG(SSSDBG_OP_FAILURE,
|
|
|
cdf651 |
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
|
|
|
cdf651 |
index 2a50dfec55c29b8d7f8b8751c904977c22aa906a..2b003e1642b449e8db20ba4259ba13273e21212f 100644
|
|
|
cdf651 |
--- a/src/providers/krb5/krb5_common.c
|
|
|
cdf651 |
+++ b/src/providers/krb5/krb5_common.c
|
|
|
cdf651 |
@@ -466,10 +466,9 @@ done:
|
|
|
cdf651 |
return ret;
|
|
|
cdf651 |
}
|
|
|
cdf651 |
|
|
|
cdf651 |
-
|
|
|
cdf651 |
-errno_t write_krb5info_file(struct krb5_service *krb5_service,
|
|
|
cdf651 |
- const char *server,
|
|
|
cdf651 |
- const char *service)
|
|
|
cdf651 |
+static errno_t write_krb5info_file_contents(struct krb5_service *krb5_service,
|
|
|
cdf651 |
+ const char *contents,
|
|
|
cdf651 |
+ const char *service)
|
|
|
cdf651 |
{
|
|
|
cdf651 |
int ret;
|
|
|
cdf651 |
int fd = -1;
|
|
|
cdf651 |
@@ -482,7 +481,7 @@ errno_t write_krb5info_file(struct krb5_service *krb5_service,
|
|
|
cdf651 |
|
|
|
cdf651 |
if (krb5_service == NULL || krb5_service->realm == NULL
|
|
|
cdf651 |
|| *krb5_service->realm == '\0'
|
|
|
cdf651 |
- || server == NULL || *server == '\0'
|
|
|
cdf651 |
+ || contents == NULL || *contents == '\0'
|
|
|
cdf651 |
|| service == NULL || *service == '\0') {
|
|
|
cdf651 |
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
cdf651 |
"Missing or empty realm, server or service.\n");
|
|
|
cdf651 |
@@ -505,7 +504,7 @@ errno_t write_krb5info_file(struct krb5_service *krb5_service,
|
|
|
cdf651 |
return EINVAL;
|
|
|
cdf651 |
}
|
|
|
cdf651 |
|
|
|
cdf651 |
- server_len = strlen(server);
|
|
|
cdf651 |
+ server_len = strlen(contents);
|
|
|
cdf651 |
|
|
|
cdf651 |
tmp_ctx = talloc_new(NULL);
|
|
|
cdf651 |
if (tmp_ctx == NULL) {
|
|
|
cdf651 |
@@ -535,7 +534,7 @@ errno_t write_krb5info_file(struct krb5_service *krb5_service,
|
|
|
cdf651 |
}
|
|
|
cdf651 |
|
|
|
cdf651 |
errno = 0;
|
|
|
cdf651 |
- written = sss_atomic_write_s(fd, discard_const(server), server_len);
|
|
|
cdf651 |
+ written = sss_atomic_write_s(fd, discard_const(contents), server_len);
|
|
|
cdf651 |
if (written == -1) {
|
|
|
cdf651 |
ret = errno;
|
|
|
cdf651 |
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
cdf651 |
@@ -592,12 +591,56 @@ done:
|
|
|
cdf651 |
return ret;
|
|
|
cdf651 |
}
|
|
|
cdf651 |
|
|
|
cdf651 |
+errno_t write_krb5info_file(struct krb5_service *krb5_service,
|
|
|
cdf651 |
+ char **server_list,
|
|
|
cdf651 |
+ const char *service)
|
|
|
cdf651 |
+{
|
|
|
cdf651 |
+ int i;
|
|
|
cdf651 |
+ errno_t ret;
|
|
|
cdf651 |
+ TALLOC_CTX *tmp_ctx = NULL;
|
|
|
cdf651 |
+ char *contents = NULL;
|
|
|
cdf651 |
+
|
|
|
cdf651 |
+ if (krb5_service == NULL || server_list == NULL || service == NULL) {
|
|
|
cdf651 |
+ return EINVAL;
|
|
|
cdf651 |
+ }
|
|
|
cdf651 |
+
|
|
|
cdf651 |
+ if (server_list[0] == NULL) {
|
|
|
cdf651 |
+ return EOK;
|
|
|
cdf651 |
+ }
|
|
|
cdf651 |
+
|
|
|
cdf651 |
+ tmp_ctx = talloc_new(NULL);
|
|
|
cdf651 |
+ if (tmp_ctx == NULL) {
|
|
|
cdf651 |
+ return ENOMEM;
|
|
|
cdf651 |
+ }
|
|
|
cdf651 |
+
|
|
|
cdf651 |
+ contents = talloc_strdup(tmp_ctx, "");
|
|
|
cdf651 |
+ if (contents == NULL) {
|
|
|
cdf651 |
+ ret = ENOMEM;
|
|
|
cdf651 |
+ goto done;
|
|
|
cdf651 |
+ }
|
|
|
cdf651 |
+
|
|
|
cdf651 |
+ i = 0;
|
|
|
cdf651 |
+ do {
|
|
|
cdf651 |
+ contents = talloc_asprintf_append(contents, "%s\n", server_list[i]);
|
|
|
cdf651 |
+ if (contents == NULL) {
|
|
|
cdf651 |
+ ret = ENOMEM;
|
|
|
cdf651 |
+ goto done;
|
|
|
cdf651 |
+ }
|
|
|
cdf651 |
+ i++;
|
|
|
cdf651 |
+ } while (server_list[i] != NULL);
|
|
|
cdf651 |
+
|
|
|
cdf651 |
+ ret = write_krb5info_file_contents(krb5_service, contents, service);
|
|
|
cdf651 |
+done:
|
|
|
cdf651 |
+ talloc_free(tmp_ctx);
|
|
|
cdf651 |
+ return ret;
|
|
|
cdf651 |
+}
|
|
|
cdf651 |
+
|
|
|
cdf651 |
static void krb5_resolve_callback(void *private_data, struct fo_server *server)
|
|
|
cdf651 |
{
|
|
|
cdf651 |
struct krb5_service *krb5_service;
|
|
|
cdf651 |
struct resolv_hostent *srvaddr;
|
|
|
cdf651 |
char *address;
|
|
|
cdf651 |
- char *safe_address;
|
|
|
cdf651 |
+ char *safe_addr_list[2] = { NULL, NULL };
|
|
|
cdf651 |
int ret;
|
|
|
cdf651 |
TALLOC_CTX *tmp_ctx = NULL;
|
|
|
cdf651 |
|
|
|
cdf651 |
@@ -630,26 +673,26 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
|
|
|
cdf651 |
return;
|
|
|
cdf651 |
}
|
|
|
cdf651 |
|
|
|
cdf651 |
- safe_address = sss_escape_ip_address(tmp_ctx,
|
|
|
cdf651 |
- srvaddr->family,
|
|
|
cdf651 |
- address);
|
|
|
cdf651 |
- if (safe_address == NULL) {
|
|
|
cdf651 |
+ safe_addr_list[0] = sss_escape_ip_address(tmp_ctx,
|
|
|
cdf651 |
+ srvaddr->family,
|
|
|
cdf651 |
+ address);
|
|
|
cdf651 |
+ if (safe_addr_list[0] == NULL) {
|
|
|
cdf651 |
DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
|
|
|
cdf651 |
talloc_free(tmp_ctx);
|
|
|
cdf651 |
return;
|
|
|
cdf651 |
}
|
|
|
cdf651 |
|
|
|
cdf651 |
if (krb5_service->write_kdcinfo) {
|
|
|
cdf651 |
- safe_address = talloc_asprintf_append(safe_address, ":%d",
|
|
|
cdf651 |
- fo_get_server_port(server));
|
|
|
cdf651 |
- if (safe_address == NULL) {
|
|
|
cdf651 |
+ safe_addr_list[0] = talloc_asprintf_append(safe_addr_list[0], ":%d",
|
|
|
cdf651 |
+ fo_get_server_port(server));
|
|
|
cdf651 |
+ if (safe_addr_list[0] == NULL) {
|
|
|
cdf651 |
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
|
|
|
cdf651 |
talloc_free(tmp_ctx);
|
|
|
cdf651 |
return;
|
|
|
cdf651 |
}
|
|
|
cdf651 |
|
|
|
cdf651 |
ret = write_krb5info_file(krb5_service,
|
|
|
cdf651 |
- safe_address,
|
|
|
cdf651 |
+ safe_addr_list,
|
|
|
cdf651 |
krb5_service->name);
|
|
|
cdf651 |
if (ret != EOK) {
|
|
|
cdf651 |
DEBUG(SSSDBG_OP_FAILURE,
|
|
|
cdf651 |
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
|
|
|
cdf651 |
index 1c12d5652ccef7e1738177eedad1c9de543916b7..bf36a551a92877ec838d8d3a041903144f22bc8f 100644
|
|
|
cdf651 |
--- a/src/providers/krb5/krb5_common.h
|
|
|
cdf651 |
+++ b/src/providers/krb5/krb5_common.h
|
|
|
cdf651 |
@@ -161,7 +161,7 @@ errno_t sss_krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,
|
|
|
cdf651 |
const char *conf_path, struct dp_option **_opts);
|
|
|
cdf651 |
|
|
|
cdf651 |
errno_t write_krb5info_file(struct krb5_service *krb5_service,
|
|
|
cdf651 |
- const char *server,
|
|
|
cdf651 |
+ char **server_list,
|
|
|
cdf651 |
const char *service);
|
|
|
cdf651 |
|
|
|
cdf651 |
struct krb5_service *krb5_service_new(TALLOC_CTX *mem_ctx,
|
|
|
cdf651 |
--
|
|
|
cdf651 |
2.17.1
|
|
|
cdf651 |
|